Abstract
In the context of regulatory compliance, the question is often whether an enterprise can guarantee that only certain people can access certain data or perform certain business functions on them. Examples are controls over financial data in Sarbanes-Oxley and access to personal information in privacy laws such as HIPAA and the California Senate Bill 1386. Such guarantees also have to be strictly audited. For individual access control systems, such questions are standard at least in theory. However, to the best of our knowledge such questions have never been addressed for entire system stacks containing multiple layers of data representation with potentially different access mechanisms. For instance, financial data may be accessed by using an access right to the official financial application, but also by using an administrator right to an underlying database or by logically or physically accessing an unencrypted backup tape with the data. We propose an overall model and algorithms to deal with this situation. We study both advance queries for validating a proposed system and a posteriori queries in audit, problem determination, or litigation.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Backes, M., Dürmuth, M., Steinwandt, R.: An algebra for composing enterprise privacy policies. In: Samarati, P., Ryan, P.Y A, Gollmann, D., Molva, R. (eds.) ESORICS 2004. LNCS, vol. 3193, pp. 33–52. Springer, Heidelberg (2004)
Backes, M., Pfitzmann, B., Schunter, M.: A toolkit for managing enterprise privacy policies. In: Snekkenes, E., Gollmann, D. (eds.) ESORICS 2003. LNCS, vol. 2808, pp. 162–180. Springer, Heidelberg (2003)
Bell, D.E., LaPadula, L.J.: Secure computer systems: Mathematical foundations. Technical Report 2547, Volume I, MITRE (1973) Available at: http://www.albany.edu/acc/courses/ia/classics/belllapadula1.pdf
Benaloh, J., Leichter, J.: Generalized secret sharing and monotone functions. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 27–36. Springer, Heidelberg (1990)
Bonatti, P.A., de Capitani di Vimercati, S., Samarati, P.: An algebra for composing access control policies. ACM Transactions on Information and System Security 5(1), 1–35 (2002)
Buecker, A., Watanabe, Y.: Design considerations for privacy-preserving database ccess. IBM Redbooks Paper (2003), http://publib-b.boulder.ibm.com/Redbooks.nsf/
Castano, S., Fugini, M.G., Martella, G., Samarati, P.: Database Security. ACM Press, New York (1995)
De Capitani di Vimercat, S., Samarati, P.: An authorization model for federated systems. In: Martella, G., Kurth, H., Montolivo, E., Bertino, E. (eds.) ESORICS 1996. LNCS, vol. 1146, pp. 99–117. Springer, Heidelberg (1996)
Denning, D.E., Denning, P.J.: Certification of programs for secure information flow. Communications of the ACM 20(7), 504–513 (1977)
Dennis, J.B., Horn, E.C.V.: Programming semantics for multiprogrammed computations. Communications of the ACM 9(3), 143–155 (1966)
Fischer-Hübner, S. (ed.): IT-Security and Privacy. LNCS, vol. 1958. Springer, Heidelberg (2001)
Harrison, M.A., Ruzzo, W.L., Ullman, J.D.: Protection in operating systems. Communications of the ACM 19(8), 461–471 (1976)
Hosmer, H.: The multipolicy paradigm for trusted systems. In: Proc. ACM Workshop on New Security Paradigms, pp. 19–32. ACM Press, New York (1993)
Jones, A.K., Lipton, R.J., Snyder, L.: A linear time algorithm for deciding security. In: Proc. 17th IEEE FOCS, pp. 33–41. IEEE Computer Society Press, Los Alamitos (1976)
Karjoth, G., Schunter, M., Waidner, M.: The Platform for Enterprise Privacy Practices – privacy-enabled management of customer data. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 69–84. Springer, Heidelberg (2003)
Kudo, M., Hada, S.: XML document security based on provisional authorization. In: Proc. 7th ACM CCS, pp. 87–96. ACM Press, New York (2000)
Li, N., Tripunitara, M.V.: On safety in discretionary access control. In: Proc. 26th IEEE Symp. on Security & Privacy, pp. 96–109. IEEE Computer Society Press, Los Alamitos (2005)
Moffett, J.D., Sloman, M.S.: Policy hierarchies for distributed systems management. Journal on Selected Areas in Communications 11(9), 1404–1414 (1993)
Popek, G.J.: Protection structures. Computer, 22–33 (July 1974)
Rits, M., De Boe, B., Schaad, A.: XacT: A bridge between resource management and access control in multi-layered applications. In: ACM Workshop on Software Engineering for Secure Systems (SESS 2005), pp. 1–7. ACM, New York (2005)
Saltzer, J.H.: Protection and the control of information sharing in Multics. Communications of the ACM 17(7), 388–402 (1974)
Sandhu, R.S.: The typed access matrix model. In: Proc. 13th IEEE Symp. on Security & Privacy, pp. 122–136. IEEE Computer Society Press, Los Alamitos (2002)
Wulf, W., Cohen, E., Corwin, W., Jones, A., Levin, R., Pierson, C., Pollack, F.: HYDRA: The kernel of a multiprocessor operating system. Communications of the ACM 17, 337–345 (1974)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Pfitzmann, B. (2007). Multi-layer Audit of Access Rights. In: Jonker, W., Petković, M. (eds) Secure Data Management. SDM 2007. Lecture Notes in Computer Science, vol 4721. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-75248-6_2
Download citation
DOI: https://doi.org/10.1007/978-3-540-75248-6_2
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-75247-9
Online ISBN: 978-3-540-75248-6
eBook Packages: Computer ScienceComputer Science (R0)