Term Rewriting for Access Control
نویسندگان
چکیده
We demonstrate how access control models and policies can be represented by using term rewriting systems, and how rewriting may be used for evaluating access requests and for proving properties of an access control policy. We focus on two kinds of access control models: discretionary models, based on access control lists (ACLs), and rolebased access control (RBAC) models. For RBAC models, we show that we can specify several variants, including models with role hierarchies, and constraints and support for security administrator review querying.
منابع مشابه
The 2007 Federated Conference on Rewriting, Deduction and Programming Workshop on Security and Rewriting Techniques Program Commitee Diffie-hellman Cryptographic Reasoning in the Maude-nrl Protocol Analyzer 29 Rewriting and Reachability for Software Security Action-status Access Control as Term Rewriting
We propose an access control model that generalizes Role-Based Access Control by making a distinction between what we call ascribed status and action status. The model is based upon the key notion of an event to enable changes in access control requirements to be performed autonomously. Our access control model is specified as a term rewriting system that permits declarative representation of a...
متن کاملAction-Status Access Control as Term Rewriting
We propose an access control model that generalizes RoleBased Access Control by making a distinction between what we call ascribed status and action status. The model is based upon the key notion of an event to enable changes in access control requirements to be performed autonomously. Our access control model is specified as a term rewriting system that permits declarative representation of ac...
متن کاملRewriting-Based Access Control Policies
In this paper we propose a formalization of access control policies based on term rewriting. The state of the system to which policies are enforced is represented as an algebraic term, what allows to model many aspects of the policy environment. Policies are represented as sets of rewrite rules, whose evaluation produces deterministic authorization decisions. We discuss the relation between pro...
متن کاملModular Access Control Via Strategic Rewriting
Security policies, in particular access control, are fundamental elements of computer security. We address the problem of authoring and analyzing policies in a modular way using techniques developed in the field of term rewriting, focusing especially on the use of rewriting strategies. Term rewriting supports a formalization of access control with a clear declarative semantics based on equation...
متن کاملDynamic Event-Based Access Control as Term Rewriting
Despite the widespread adoption of Role-based Access Control (RBAC) models, new access control models are required for new applications for which RBAC may not be especially well suited and for which implementations of RBAC do not enable properties of access control policies to be adequately defined and proven. To address these issues, we propose a form of access control model that is based upon...
متن کامل