Rewrite Specifications of Access Control Policies in Distributed Environments
نویسندگان
چکیده
We define a metamodel for access control that takes into account the requirements of distributed environments, where resources and access control policies may be distributed across several sites. This distributed metamodel is an extension of the category-based metamodel proposed in previous work (from which standard centralised access control models such as MAC, DAC, RBAC, Bell-Lapadula, etc. can be derived). We use a declarative formalism in order to give an operational semantics to the distributed metamodel. We then show how various distributed access control models can be derived as instances of the distributed metamodel, including distributed models where each site implements a different kind of local access control model.
منابع مشابه
Analysis of Rewrite-Based Access Control Policies
The rewrite-based approach provides executable specifications for security policies, which can be independently designed, verified, and then anchored on programs using a modular discipline. In this paper, we describe how to perform queries over these rule-based policies in order to increase the trust of the policy author on the correct behavior of the policy. The analysis we provide is founded ...
متن کاملA semantic-aware role-based access control model for pervasive computing environments
Access control in open and dynamic Pervasive Computing Environments (PCEs) is a very complex mechanism and encompasses various new requirements. In fact, in such environments, context information should be used in access control decision process; however, it is not applicable to gather all context information completely and accurately all the time. Thus, a suitable access control model for PCEs...
متن کاملA model for specification, composition and verification of access control policies and its application to web services
Despite significant advances in the access control domain, requirements of new computational environments like web services still raise new challenges. Lack of appropriate method for specification of access control policies (ACPs), composition, verification and analysis of them have all made the access control in the composition of web services a complicated problem. In this paper, a new indepe...
متن کاملCAMAC: a context-aware mandatory access control model
Mandatory access control models have traditionally been employed as a robust security mechanism in multilevel security environments such as military domains. In traditional mandatory models, the security classes associated with entities are context-insensitive. However, context-sensitivity of security classes and flexibility of access control mechanisms may be required especially in pervasive c...
متن کاملOn Formal Specification and Analysis of Security Policies ∗
Security policies are ubiquitous in information systems and more generally in the management of sensitive information. Access control policies are probably the most largely used policies but their application goes well beyond this application domain. The enforcement of security policies is useless if some of their key properties like the consistency, for example, cannot be stated and checked. W...
متن کامل