Abstract
Crampton and Sellwood recently introduced a variant of relationship-based access control based on the concepts of relationships, paths and principal matching, to which we will refer as the RPPM model. In this paper, we show that the RPPM model can be extended to provide support for caching of authorization decisions and enforcement of separation of duty policies. We show that these extensions are natural and powerful. Indeed, caching provides far greater advantages in RPPM than it does in most other access control models and we are able to support a wide range of separation of duty policies.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Abadi, M., Fournet, C.: Access control based on execution history. In: NDSS. The Internet Society (2003)
Borders, K., Zhao, X., Prakash, A.: CPOL: high-performance policy evaluation. In: Atluri, V., Meadows, C., Juels, A. (eds.) ACM Conference on Computer and Communications Security, pp. 147–157. ACM (2005)
Brewer, D.F.C., Nash, M.J.: The Chinese Wall security policy. In: IEEE Symposium on Security and Privacy, pp. 206–214. IEEE Computer Society (1989)
Carminati, B., Ferrari, E., Perego, A.: Enforcing access control in web-based social networks. ACM Trans. Inf. Syst. Secur. 13(1) (2009)
Cheng, Y., Park, J., Sandhu, R.S.: Relationship-based access control for online social networks: Beyond user-to-user relationships. In: SocialCom/PASSAT, pp. 646–655. IEEE (2012)
Cheng, Y., Park, J., Sandhu, R.: A user-to-user relationship-based access control model for online social networks. In: Cuppens-Boulahia, N., Cuppens, F., Garcia-Alfaro, J. (eds.) DBSec 2012. LNCS, vol. 7371, pp. 8–24. Springer, Heidelberg (2012)
Crampton, J., Sellwood, J.: Caching and auditing in the RPPM model. CoRR abs/1407.7841 (2014)
Crampton, J., Sellwood, J.: Path conditions and principal matching: a new approach to access control. In: Osborn, S.L., Tripunitara, M.V., Molloy, I. (eds.) SACMAT, pp. 187–198. ACM (2014)
Edjlali, G., Acharya, A., Chaudhary, V.: History-based access control for mobile code. In: Vitek, J., Jensen, C.D. (eds.) Secure Internet Programming. LNCS, vol. 1603, pp. 413–431. Springer, Heidelberg (1999)
Fong, P.W.L.: Relationship-based access control: protection model and policy language. In: Sandhu, R.S., Bertino, E. (eds.) CODASPY, pp. 191–202. ACM (2011)
Fong, P.W.L., Mehregan, P., Krishnan, R.: Relational abstraction in community-based secure collaboration. In: Sadeghi, A.R., Gligor, V.D., Yung, M. (eds.) ACM Conference on Computer and Communications Security, pp. 585–598. ACM (2013)
Gligor, V.D., Gavrila, S.I., Ferraiolo, D.F.: On the formal definition of separation-of-duty policies and their composition. In: IEEE Symposium on Security and Privacy, pp. 172–183. IEEE Computer Society (1998)
Kohler, M., Brucker, A.D., Schaad, A.: Proactive caching: Generating caching heuristics for business process environments. In: CSE (3), pp. 297–304. IEEE Computer Society (2009)
Kohler, M., Fies, R.: Proactive caching - a framework for performance optimized access control evaluations. In: POLICY, pp. 92–94. IEEE Computer Society (2009)
Krukow, K., Nielsen, M., Sassone, V.: A logical framework for history-based access control and reputation systems. Journal of Computer Security 16(1), 63–101 (2008)
Simon, R.T., Zurko, M.E.: Separation of duty in role-based environments. In: CSFW, pp. 183–194. IEEE Computer Society (1997)
Wei, Q., Crampton, J., Beznosov, K., Ripeanu, M.: Authorization recycling in hierarchical rbac systems. ACM Trans. Inf. Syst. Secur. 14(1), 3 (2011)
Zhang, R., Artale, A., Giunchiglia, F., Crispo, B.: Using description logics in relation based access control. In: Grau, B.C., Horrocks, I., Motik, B., Sattler, U. (eds.) Description Logics. CEUR Workshop Proceedings, vol. 477, CEUR-WS.org (2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Crampton, J., Sellwood, J. (2014). Caching and Auditing in the RPPM Model. In: Mauw, S., Jensen, C.D. (eds) Security and Trust Management. STM 2014. Lecture Notes in Computer Science, vol 8743. Springer, Cham. https://doi.org/10.1007/978-3-319-11851-2_4
Download citation
DOI: https://doi.org/10.1007/978-3-319-11851-2_4
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-11850-5
Online ISBN: 978-3-319-11851-2
eBook Packages: Computer ScienceComputer Science (R0)