Abstract
Authorization conditions of access control policies are complex and varied as they might depend, e.g., on the current time, the position of the users, selected parts of the system state, and even on the history of the computations. Several models, languages, and enforcement mechanisms have been proposed for different scenarios. Unfortunately, this complicates the verification of safety, i.e. no permission is leaked to unauthorized users. To avoid these problems, we present an intermediate language called Action Language for Policy Specification. Two desiderata drive its definition: (i) it should support as many models and policies as possible and (ii) it should be easily integrated in existing verification systems so that robust techniques (e.g., model checking or satisfiability solving) can be exploited to safety. We argue (i) by using selected examples of access control models and policies taken from the literature. For (ii), we prove some theoretical properties of the language that pave the way to the definition of automatic translations to available verification techniques.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Abdulla, P.A.: Well (and better) quasi-ordered transition systems. Bulletin of Symbolic Logic 16(4), 457–515 (2010)
Alur, R., Dill, D.L.: A theory of timed automata. Theoretical Computer Science 126(2), 183–235 (1994)
Becker, M.Y., Nanz, S.: A Logic for State-Modifying Authorization Policies. ACM Trans. on Info. and Sys. Sec. 13(3), 1–28 (2010)
Boolos, G.S., Burgess, J.P., Jeffrey, R.C.: Computability and Logic. Cambridge University Press (2002)
Crampton, J.: A reference monitor for workflow systems with constrained task execution. In: 10th ACM SACMAT, pp. 38–47. ACM (2005)
De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Samarati, P.: Access Control Policies and Languages. Int. J. of Comp. Science and Eng. 3(2), 94–102 (2007)
Dowling, W.F., Gallier, J.H.: Linear-time algorithms for testing the satisfiability of propositional horn formulae. J. of Logic Progr. 1(3), 267–284 (1984)
Erol, K., Nau, D.S., Subrahmanian, V.S.: Complexity, Decidability and Undecidability Results for Domain-Independent Planning: A Detailed Analysis. Artificial Intelligence 76, 75–88 (1991)
Fikes, R.E., Nilsson, N.J.: Strips: A new approach to the application of theorem proving to problem solving. Artificial Intelligence 2(3), 189–208 (1972)
Fitting, M.: First-Order Logic and Automated Theorem Proving. In: Graduate Texts in Computer Science, 2nd edn., Springer, Heidelberg (1996)
Frohardt, R., Chang, B.-Y.E., Sankaranarayanan, S.: Access Nets: Modeling Access to Physical Spaces. In: Jhala, R., Schmidt, D. (eds.) VMCAI 2011. LNCS, vol. 6538, pp. 184–198. Springer, Heidelberg (2011)
Harrison, M.A., Ruzzo, W.L., Ullman, J.D.: Protection in Operating Systems. Communications of ACM 19(8), 461–471 (1976)
Lenzerini, M.: Class Hierarchies and Their Complexity. In: Advances in Database Programming Languages, pp. 43–65. ACM (1990)
Ranise, S., Traverso, R.: ALPS: An Action Language for Policy Specification and Automated Safety Analysis, Technical Report (2014), http://goo.gl/vVPFKS
Wang, Q., Li, N.: Satisfiability and Resiliency in Workflow Authorization Systems. ACM TISSECÂ 13(4) (2010)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Ranise, S., Traverso, R. (2014). ALPS: An Action Language for Policy Specification and Automated Safety Analysis. In: Mauw, S., Jensen, C.D. (eds) Security and Trust Management. STM 2014. Lecture Notes in Computer Science, vol 8743. Springer, Cham. https://doi.org/10.1007/978-3-319-11851-2_10
Download citation
DOI: https://doi.org/10.1007/978-3-319-11851-2_10
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-11850-5
Online ISBN: 978-3-319-11851-2
eBook Packages: Computer ScienceComputer Science (R0)