Skip to main content
SpringerLink
Log in

A Posteriori Analysis of Policy Temporal Compliance

  • Conference paper
  • First Online:
Risks and Security of Internet and Systems (CRiSIS 2020)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 12528))

Included in the following conference series:

  • 1130 Accesses

Abstract

The a posteriori access control is being more and more deployed especially in environments where more flexibility is needed when requesting access to information resources. To check if the security rules are being respected; this kind of access control relies on a monitoring process based on logs. It is thus fundamental to have a comprehensive analysis to take fair decisions and apply sanctions if needed. However, understanding what is happening in the logs is challenging, and the correlation between logged events and the security policy is arduous. Moreover, the security attributes and their values may evolve over time. Therefore, we propose a verification mechanism of policy temporal compliance, based on SWRL and Event Calculus, to check if the required attributes were respected at the appropriate time.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Azkia, H., Cuppens-Boulahia, N., Cuppens, F., Coatrieux, G.: Reconciling IHE-ATNA profile with a posteriori contextual access and usage control policy in healthcare environment. In: 2010 6th International Conference on Information Assurance and Security, IAS 2010, pp. 197–203 (2010). https://doi.org/10.1109/ISIAS.2010.5604060

  2. Baader, F., Calvanese, D., McGuinness, D., Patel-Schneider, P., Nardi, D.: The Description Logic Handbook: Theory Implementation and Applications. Cambridge University Press, Cambridge (2003)

    MATH  Google Scholar 

  3. Bandara, A.K., Lupu, E.C., Russo, A.: Using event calculus to formalise policy specification and analysis. In: Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks, pp. 26–39. IEEE (2003)

    Google Scholar 

  4. Barker, S.: Data protection by logic programming. In: Lloyd, J. (ed.) CL 2000. LNCS (LNAI), vol. 1861, pp. 1300–1314. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-44957-4_87

    Chapter  MATH  Google Scholar 

  5. Barker, S.: Temporal authorization in the simplified event calculus. In: Atluri, V., Hale, J. (eds.) Research Advances in Database and Information Systems Security. ITIFIP, vol. 43, pp. 271–284. Springer, Boston, MA (2000). https://doi.org/10.1007/978-0-387-35508-5_18

    Chapter  Google Scholar 

  6. Bertino, E., Bonatti, P.A., Ferrari, E.: Trbac: a temporal role-based access control model. ACM Trans. Inf. Syst. Secur. (TISSEC) 4(3), 191–233 (2001)

    Article  Google Scholar 

  7. Butin, D., Chicote, M., Le Métayer, D.: Log design for accountability. In: 2013 IEEE Security and Privacy Workshops, pp. 1–7. IEEE (2013)

    Google Scholar 

  8. Cederquist, J.G., Corin, R., Dekker, M.A., Etalle, S., den Hartog, J.I., Lenzini, G.: Audit-based compliance control. Int. J. Inf. Secur. 6(2–3), 133–151 (2007). https://doi.org/10.1007/s10207-007-0017-y

    Article  Google Scholar 

  9. Cuppens, F., Cuppens-Boulahia, N.: Modeling contextual security policies. Int. J. Inf. Secur. 7(4), 285–305 (2008). https://doi.org/10.1007/s10207-007-0051-9

    Article  MATH  Google Scholar 

  10. Cuppens, F., Cuppens-Boulahia, N., Ghorbel, M.B.: High level conflict management strategies in advanced access control models. Electron. Notes Theor. Comput. Sci. 186, 3–26 (2007)

    Article  MathSciNet  Google Scholar 

  11. Dahchour, M., Pirotte, A.: The semantics of reifying n-ary relationships as classes. In: ICEIS, vol. 2, pp. 580–586 (2002)

    Google Scholar 

  12. Dekker, M.A.C., Etalle, S.: Audit-based access control for electronic health records. Electron. Notes Theor. Comput. Sci. 168, 221–236 (2007)

    Article  Google Scholar 

  13. Dernaika, F., Cuppens-Boulahia, N., Cuppens, F., Raynaud, O.: Semantic mediation for a posteriori log analysis. In: Proceedings of the 14th International Conference on Availability, Reliability and Security, p. 88. ACM (2019)

    Google Scholar 

  14. El Kalam, A.A., et al.: Or-bac: un modèle de contrôle d’accès basé sur les organisations. Cahiers francophones de la recherche en sécurité de l’information 1, 30–43 (2003)

    Google Scholar 

  15. Etalle, S., Winsborough, W.H.: A posteriori compliance control categories and subject descriptors, pp. 11–20 (2007)

    Google Scholar 

  16. Ferraiolo, D., Cugini, J., Kuhn, D.R.: Role-based access control (RBAC): features and motivations. In: Proceedings of 11th Annual Computer Security Application Conference, pp. 241–48 (1995)

    Google Scholar 

  17. Finin, T., et al.: R owl bac: representing role based access control in owl. In: Proceedings of the 13th ACM Symposium on Access Control Models and Technologies, pp. 73–82 (2008)

    Google Scholar 

  18. Horrocks, I., Patel-Schneider, P.F., Boley, H., Tabet, S., Grosof, B., Dean, M., et al.: SWRL: a semantic web rule language combining OWL and RuleML. W3C Member Submission 21(79), 1-31 (2004)

    Google Scholar 

  19. Hu, V.C., et al.: Guide to attribute based access control (ABAC) definition and considerations (draft). NIST Spec. Publ. 800(162), (2013)

    Google Scholar 

  20. Joshi, J.B., Bertino, E., Latif, U., Ghafoor, A.: A generalized temporal role-based access control model. IEEE Trans. Knowl. Data Eng. 17(1), 4–23 (2005)

    Article  Google Scholar 

  21. Li, A., Li, Q., Hu, V.C., Di, J.: Evaluating the capability and performance of access control policy verification tools. In: MILCOM 2015–2015 IEEE Military Communications Conference, pp. 366–371. IEEE (2015)

    Google Scholar 

  22. Longstaff, J.J., Lockyer, M.A., Thick, M.: A model of accountability, confidentiality and override for healthcare and other applications. In: Proceedings of the Fifth ACM Workshop on Role-based Access Control, pp. 71–76. ACM (2000)

    Google Scholar 

  23. McGuinness, D.L., Van Harmelen, F., et al.: Owl web ontology language overview. W3C Recommendation 10(10), 2004 (2004)

    Google Scholar 

  24. Mepham, W., Gardner, S.: Implementing discrete event calculus with semantic web technologies. In: 2009 Fifth International Conference on Next Generation Web Services Practices, pp. 90–93. IEEE (2009)

    Google Scholar 

  25. Ng, G.: Open vs closed world, rules vs queries: use cases from industry. In: OWLED (2005)

    Google Scholar 

  26. Puranik, N.: A Specialist Approach for the Classification of Column Data. University of Maryland, Baltimore County (2012)

    Google Scholar 

  27. Rouached, M., Godart, C.: Securing web service compositions: formalizing authorization policies using event calculus. In: Dan, A., Lamersdorf, W. (eds.) ICSOC 2006. LNCS, vol. 4294, pp. 440–446. Springer, Heidelberg (2006). https://doi.org/10.1007/11948148_37

    Chapter  Google Scholar 

  28. Salim, F., Reid, J., Dawson, E., Dulleck, U.: An approach to access control under uncertainty. In: 2011 Sixth International Conference on Availability, Reliability and Security, pp. 1–8. IEEE (2011)

    Google Scholar 

  29. Shanahan, M.: The event calculus explained. In: Wooldridge, M.J., Veloso, M. (eds.) Artificial Intelligence Today. LNCS (LNAI), vol. 1600, pp. 409–430. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48317-9_17

    Chapter  Google Scholar 

  30. Sharma, N.K., Joshi, A.: Representing attribute based access control policies in owl. In: 2016 IEEE Tenth International Conference on Semantic Computing (ICSC), pp. 333–336. IEEE (2016)

    Google Scholar 

  31. Weinstein, P.C., Birmingham, W.P.: Agent communication with differentiated ontologies: eight new measures of description compatibility. Michigan Univ Ann Arbor Dept Of Electrical Engineering And Computer Science, Technical Report (1999)

    Google Scholar 

Download references

Acknowledgments

This research is funded by Be-ys Research, Meyrin 123, c/o BDO SA, 1219 Châtelaine, GENEVE, a mark of the group be-ys dedicated to research and innovation.

Author information

Authors and Affiliations

  1. IMT Atlantique, Rennes, France

    Farah Dernaika

  2. Be-ys Research, Geneva, Switzerland

    Farah Dernaika & Olivier Raynaud

  3. Polytechnique Montreal, Montreal, Canada

    Nora Cuppens-Boulahia & Frédéric Cuppens

Authors
  1. Farah Dernaika
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Nora Cuppens-Boulahia
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Frédéric Cuppens
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Olivier Raynaud
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Farah Dernaika .

Editor information

Editors and Affiliations

  1. Telecom SudParis, Palaiseau, France

    Joaquin Garcia-Alfaro

  2. Telecom Paris, Palaiseau, France

    Jean Leneutre

  3. Polytechnique Montréal, Montréal, QC, Canada

    Nora Cuppens

  4. IRT SystemX, Palaiseau, France

    Reda Yaich

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Dernaika, F., Cuppens-Boulahia, N., Cuppens, F., Raynaud, O. (2021). A Posteriori Analysis of Policy Temporal Compliance. In: Garcia-Alfaro, J., Leneutre, J., Cuppens, N., Yaich, R. (eds) Risks and Security of Internet and Systems. CRiSIS 2020. Lecture Notes in Computer Science(), vol 12528. Springer, Cham. https://doi.org/10.1007/978-3-030-68887-5_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-68887-5_8

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-68886-8

  • Online ISBN: 978-3-030-68887-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation