Abstract
The a posteriori access control is being more and more deployed especially in environments where more flexibility is needed when requesting access to information resources. To check if the security rules are being respected; this kind of access control relies on a monitoring process based on logs. It is thus fundamental to have a comprehensive analysis to take fair decisions and apply sanctions if needed. However, understanding what is happening in the logs is challenging, and the correlation between logged events and the security policy is arduous. Moreover, the security attributes and their values may evolve over time. Therefore, we propose a verification mechanism of policy temporal compliance, based on SWRL and Event Calculus, to check if the required attributes were respected at the appropriate time.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Azkia, H., Cuppens-Boulahia, N., Cuppens, F., Coatrieux, G.: Reconciling IHE-ATNA profile with a posteriori contextual access and usage control policy in healthcare environment. In: 2010 6th International Conference on Information Assurance and Security, IAS 2010, pp. 197–203 (2010). https://doi.org/10.1109/ISIAS.2010.5604060
Baader, F., Calvanese, D., McGuinness, D., Patel-Schneider, P., Nardi, D.: The Description Logic Handbook: Theory Implementation and Applications. Cambridge University Press, Cambridge (2003)
Bandara, A.K., Lupu, E.C., Russo, A.: Using event calculus to formalise policy specification and analysis. In: Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks, pp. 26–39. IEEE (2003)
Barker, S.: Data protection by logic programming. In: Lloyd, J. (ed.) CL 2000. LNCS (LNAI), vol. 1861, pp. 1300–1314. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-44957-4_87
Barker, S.: Temporal authorization in the simplified event calculus. In: Atluri, V., Hale, J. (eds.) Research Advances in Database and Information Systems Security. ITIFIP, vol. 43, pp. 271–284. Springer, Boston, MA (2000). https://doi.org/10.1007/978-0-387-35508-5_18
Bertino, E., Bonatti, P.A., Ferrari, E.: Trbac: a temporal role-based access control model. ACM Trans. Inf. Syst. Secur. (TISSEC) 4(3), 191–233 (2001)
Butin, D., Chicote, M., Le Métayer, D.: Log design for accountability. In: 2013 IEEE Security and Privacy Workshops, pp. 1–7. IEEE (2013)
Cederquist, J.G., Corin, R., Dekker, M.A., Etalle, S., den Hartog, J.I., Lenzini, G.: Audit-based compliance control. Int. J. Inf. Secur. 6(2–3), 133–151 (2007). https://doi.org/10.1007/s10207-007-0017-y
Cuppens, F., Cuppens-Boulahia, N.: Modeling contextual security policies. Int. J. Inf. Secur. 7(4), 285–305 (2008). https://doi.org/10.1007/s10207-007-0051-9
Cuppens, F., Cuppens-Boulahia, N., Ghorbel, M.B.: High level conflict management strategies in advanced access control models. Electron. Notes Theor. Comput. Sci. 186, 3–26 (2007)
Dahchour, M., Pirotte, A.: The semantics of reifying n-ary relationships as classes. In: ICEIS, vol. 2, pp. 580–586 (2002)
Dekker, M.A.C., Etalle, S.: Audit-based access control for electronic health records. Electron. Notes Theor. Comput. Sci. 168, 221–236 (2007)
Dernaika, F., Cuppens-Boulahia, N., Cuppens, F., Raynaud, O.: Semantic mediation for a posteriori log analysis. In: Proceedings of the 14th International Conference on Availability, Reliability and Security, p. 88. ACM (2019)
El Kalam, A.A., et al.: Or-bac: un modèle de contrôle d’accès basé sur les organisations. Cahiers francophones de la recherche en sécurité de l’information 1, 30–43 (2003)
Etalle, S., Winsborough, W.H.: A posteriori compliance control categories and subject descriptors, pp. 11–20 (2007)
Ferraiolo, D., Cugini, J., Kuhn, D.R.: Role-based access control (RBAC): features and motivations. In: Proceedings of 11th Annual Computer Security Application Conference, pp. 241–48 (1995)
Finin, T., et al.: R owl bac: representing role based access control in owl. In: Proceedings of the 13th ACM Symposium on Access Control Models and Technologies, pp. 73–82 (2008)
Horrocks, I., Patel-Schneider, P.F., Boley, H., Tabet, S., Grosof, B., Dean, M., et al.: SWRL: a semantic web rule language combining OWL and RuleML. W3C Member Submission 21(79), 1-31 (2004)
Hu, V.C., et al.: Guide to attribute based access control (ABAC) definition and considerations (draft). NIST Spec. Publ. 800(162), (2013)
Joshi, J.B., Bertino, E., Latif, U., Ghafoor, A.: A generalized temporal role-based access control model. IEEE Trans. Knowl. Data Eng. 17(1), 4–23 (2005)
Li, A., Li, Q., Hu, V.C., Di, J.: Evaluating the capability and performance of access control policy verification tools. In: MILCOM 2015–2015 IEEE Military Communications Conference, pp. 366–371. IEEE (2015)
Longstaff, J.J., Lockyer, M.A., Thick, M.: A model of accountability, confidentiality and override for healthcare and other applications. In: Proceedings of the Fifth ACM Workshop on Role-based Access Control, pp. 71–76. ACM (2000)
McGuinness, D.L., Van Harmelen, F., et al.: Owl web ontology language overview. W3C Recommendation 10(10), 2004 (2004)
Mepham, W., Gardner, S.: Implementing discrete event calculus with semantic web technologies. In: 2009 Fifth International Conference on Next Generation Web Services Practices, pp. 90–93. IEEE (2009)
Ng, G.: Open vs closed world, rules vs queries: use cases from industry. In: OWLED (2005)
Puranik, N.: A Specialist Approach for the Classification of Column Data. University of Maryland, Baltimore County (2012)
Rouached, M., Godart, C.: Securing web service compositions: formalizing authorization policies using event calculus. In: Dan, A., Lamersdorf, W. (eds.) ICSOC 2006. LNCS, vol. 4294, pp. 440–446. Springer, Heidelberg (2006). https://doi.org/10.1007/11948148_37
Salim, F., Reid, J., Dawson, E., Dulleck, U.: An approach to access control under uncertainty. In: 2011 Sixth International Conference on Availability, Reliability and Security, pp. 1–8. IEEE (2011)
Shanahan, M.: The event calculus explained. In: Wooldridge, M.J., Veloso, M. (eds.) Artificial Intelligence Today. LNCS (LNAI), vol. 1600, pp. 409–430. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48317-9_17
Sharma, N.K., Joshi, A.: Representing attribute based access control policies in owl. In: 2016 IEEE Tenth International Conference on Semantic Computing (ICSC), pp. 333–336. IEEE (2016)
Weinstein, P.C., Birmingham, W.P.: Agent communication with differentiated ontologies: eight new measures of description compatibility. Michigan Univ Ann Arbor Dept Of Electrical Engineering And Computer Science, Technical Report (1999)
Acknowledgments
This research is funded by Be-ys Research, Meyrin 123, c/o BDO SA, 1219 Châtelaine, GENEVE, a mark of the group be-ys dedicated to research and innovation.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Dernaika, F., Cuppens-Boulahia, N., Cuppens, F., Raynaud, O. (2021). A Posteriori Analysis of Policy Temporal Compliance. In: Garcia-Alfaro, J., Leneutre, J., Cuppens, N., Yaich, R. (eds) Risks and Security of Internet and Systems. CRiSIS 2020. Lecture Notes in Computer Science(), vol 12528. Springer, Cham. https://doi.org/10.1007/978-3-030-68887-5_8
Download citation
DOI: https://doi.org/10.1007/978-3-030-68887-5_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-68886-8
Online ISBN: 978-3-030-68887-5
eBook Packages: Computer ScienceComputer Science (R0)