Abstract
Formal security models have significantly improved the understanding of access control systems. They have influenced the way access control policies are specified and analyzed, and they provide a sound foundation for a policy’s implementation.
While their merits are many, designing security models is not an easy task, and their use in commercial systems is still far from everyday practice. This paper argues that model engineering principles and tools supporting these principles are important steps towards model based security engineering. It proposes a model engineering approach based on the idea that access control models share a common, model-independent core that, by core specialization and core extension, can be tailored to a broad scope of domain-specific access control models.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Amthor, P., Kühnhauser, W.E., Pölck, A.: Model-based Safety Analysis of SELinux Security Policies. In: Samarati, P., Foresti, S., J.H.G. (eds.) Proc. of 5th Int. Conference on Network and System Security, pp. 208–215. IEEE (2011)
Barker, S.: The Next 700 Access Control Models or a Unifying Meta-Model? In: Proceedings of the 14th ACM Symposium on Access Control Models and Technologies, SACMAT 2009, pp. 187–196. ACM, New York (2009)
Benats, G., Bandara, A., Yu, Y., Colin, J.N., Nuseibeh, B.: PrimAndroid: Privacy Policy Modelling and Analysis for Android Applications. In: 2011 IEEE International Symposium on Policies for Distributed Systems and Networks (Policy 2011), pp. 129–132. IEEE (2011)
Fischer, A., Kühnhauser, W.E.: Efficient Algorithmic Safety Analysis of HRU Security Models. In: Katsikas, S., Samarati, P. (eds.) Proc. International Conference on Security and Cryptography (SECRYPT 2010), pp. 49–58. SciTePress (2010)
Graham, G.S., Denning, P.J.: Protection: Principles and Practice. In: AFIPS 1972 (Spring): Proceedings of the Spring Joint Computer Conference, May 16-18, pp. 417–429. ACM, New York (1972)
Harrison, M.A., Ruzzo, W.L., Ullman, J.D.: On Protection in Operating Systems. Operating Systems Review, special issue for the 5th Symposium on Operating Systems Principles 9(5), 14–24 (1975)
Jha, S., Li, N., Tripunitara, M., Wang, Q., Winsborough, W.: Towards Formal Verification of Role-Based Access Control Policies. IEEE Transactions on Dependable Secure Computing 5, 242–255 (2008)
Lampson, B.W.: Protection. In: Fifth Annual Princeton Conference on Information Sciences and Systems, pp. 437–443 (March 1971); Protection. Operating Systems Review 8(1), 18–24 (reprinted January, 1974)
Loscocco, P.A., Smalley, S.D.: Integrating Flexible Support for Security Policies into the Linux Operating System. In: Cole, C. (ed.) Proc. 2001 USENIX Annual Technical Conference, pp. 29–42 (2001)
Marinovic, S., Craven, R., Ma, J., Dulay, N.: Rumpole: a Flexible Break-glass Access Control Model. In: Proceedings of the 16th ACM Symposium on Access Control Models and Technologies, SACMAT 2011, pp. 73–82. ACM (2011)
Sandhu, R.S.: The Typed Access Matrix Model. In: Proc. IEEE Symposium on Security and Privacy, pp. 122–136. IEEE (May 1992)
Zanin, G., Mancini, L.V.: Towards a Formal Model for Security Policies Specification and Validation in the SELinux System. In: Proc. of the 9th ACM Symposium on Access Control Models and Technologies, pp. 136–145. ACM (2004)
Zhang, X., Li, Y., Nalla, D.: An Attribute-based Access Matrix Model. In: Proc. of the 2005 ACM Symposium on Applied Computing, pp. 359–363. ACM (2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kühnhauser, W.E., Pölck, A. (2011). Towards Access Control Model Engineering. In: Jajodia, S., Mazumdar, C. (eds) Information Systems Security. ICISS 2011. Lecture Notes in Computer Science, vol 7093. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-25560-1_27
Download citation
DOI: https://doi.org/10.1007/978-3-642-25560-1_27
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-25559-5
Online ISBN: 978-3-642-25560-1
eBook Packages: Computer ScienceComputer Science (R0)