skip to main content
research-article

Access control via belnap logic: Intuitive, expressive, and analyzable policy composition

Published: 06 June 2011 Publication History

Abstract

Access control to IT systems increasingly relies on the ability to compose policies. Hence there is benefit in any framework for policy composition that is intuitive, formal (and so “analyzable” and “implementable”), expressive, independent of specific application domains, and yet able to be extended to create domain-specific instances. Here we develop such a framework based on Belnap logic. An access-control policy is interpreted as a four-valued predicate that maps access requests to either grant, deny, conflict, or unspecified -- the four values of the Belnap bilattice. We define an expressive access-control policy language PBel, having composition operators based on the operators of Belnap logic. Natural orderings on policies are obtained by lifting the truth and information orderings of the Belnap bilattice. These orderings lead to a query language in which policy analyses, for example, conflict freedom, can be specified. Policy analysis is supported through a reduction of the validity of policy queries to the validity of propositional formulas on predicates over access requests. We evaluate our approach through firewall policy and RBAC policy examples, and discuss domain-specific and generic extensions of our policy language.

References

[1]
Abadi, M., Burrows, M., Lampson, B., and Plotkin, G. 1993. A calculus for access control in distributed systems. ACM Trans. Program. Lang. Syst. 15, 4, 706--734.
[2]
Arieli, O. and Avron, A. 1998. The value of the four values. Artif. Intell. 102, 1, 97--141.
[3]
Bauer, L., Ligatti, J., and Walker, D. 2005. Composing security policies with Polymer. In Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI'05). ACM, New York, 305--314.
[4]
Belnap, N. D. 1977. A useful four-valued logic. In Modern Uses of Multiple-Valued Logic, J. M. Dunn and G. Epstein Eds., D. Reidel, Dordrecht, 8--37.
[5]
Blaze, M., Feigenbaum, J., Ioannidis, J., and Keromytis, A. D. 1999. The role of trust management in distributed systems security. In Secure Internet Programming, Lecture Notes in Computer Science, vol. 1603, Springer, Berlin, 185--210.
[6]
Bonatti, P., De Capitani Di Vimercati, S., and Samarati, P. 2002. An algebra for composing access control policies. ACM Trans. Inform. Syst. Security. 5, 1, 1--35.
[7]
Bruns, G., Dantas, D. S., and Huth, M. 2007. A simple and expressive semantic framework for policy composition in access control. In Proceedings of the 5th Workshop on Formal Methods in Security Engineering: From Specifications to Code. V. D. Gligor and H. Mantel Eds., ACM, New York, 12--21.
[8]
Bruns, G. and Huth, M. 2008. Access control via Belnap logic: Effective and efficient composition and analysis. In Proceedings of the 21st IEEE Computer Security Foundations Symposium. A. Sabelfeld Ed., IEEE, Los Alamitos, CA, 163--176.
[9]
Bruns, G. and Huth, M. 2011. Access control via Belnap logic: Intuitive, expressive, and analyzable policy composition. Tech. rep. 2011/6, Department of Computing, Imperial College London.
[10]
Capretta, V., Stepien, B., Felty, A., and Matwin, S. 2007. Formal correctness of conflict detection for firewalls. In Proceedings of the ACM Workshop on Formal Methods in Security Engineering (FMSE'07). ACM, New York, 22--30.
[11]
CiscoWorks. 2004. Using management center for firewalls 1.3.2. Cisco Systems, Inc.
[12]
Dijkstra, E. W. 1976. A Discipline of Programming. Prentice Hall, Englewood Cliffs, NJ.
[13]
Ferraiolo, D. and Kuhn, D. R. 1992. Role-based access control. In Proceedings of the NIST-NSA National Computer Security Conference. 554--563.
[14]
Ferraiolo, D. F., Kuhn, D. R., and Chandramouli, R. 2003. Role-Based Access Control 2nd Ed., Artech House, Norwood, MA.
[15]
Fitting, M. 1991. Bilattices and the semantics of logic programming. J. Logic Program. 11, 1&2, 91--116.
[16]
Fitting, M. 2006. Bilattices are nice things. In Self-Reference, Center for the Study of Language and Information.
[17]
Ginsberg, M. 1988. Multivalued logics: A uniform approach to reasoning in AI. Comput. Intell. 4, 256--316.
[18]
Halpern, J. and Weissman, V. 2003. Using first-order logic to reason about policies. In Proceedings of the Computer Security Foundations Workshop (CSFW'03).
[19]
Halpern, J. Y. and Meyden, R. V. D. 2001. A logical reconstruction of SPKI. In Proceedings of the 14th IEEE Workshop on Computer Security Foundations (CSFW'01). IEEE Computer Society, Los Alamitos, CA, 59.
[20]
Jajodia, S., Samarati, P., Sapino, M. L., and Subrahmanian, V. S. 2001. Flexible support for multiple access control policies. ACM Trans. Datab. Syst. 26, 2, 214--260.
[21]
Kleene, S. C. 1952. Introduction to Metamathematics. D. Van Nostrand.
[22]
Lee, A. J., Boyer, J. P., Olson, L. E., and Gunter, C. A. 2006. Defeasible security policy composition for web services. In Proceedings of the 4th ACM Workshop on Formal Methods in Security (FMSE'06). ACM, New York, 45--54.
[23]
Li, N., Grosof, B. N., and Feigenbaum, J. 2003. Delegation logic: A logic-based approach to distributed authorization. ACM Trans. Inform. Syst. Security 6.
[24]
Li, N. and Mao, Z. 2007. Administration in role-based access control. In Proceedings of the 2nd ACM Symposium on Information, Computer and Communications Security (ASIACCS'07). ACM, New York, 127--138.
[25]
Li, N., Wang, Q., Qardaji, W., Bertino, E., Rao, P., Lobo, J., and Lin, D. 2009. Access control policy combining: Theory meets practice. In Proceedings of the 14th ACM Symposium on Access Control Models and Technologies. ACM, New York, 135--144.
[26]
McDougall, M., Alur, R., and Gunter, C. A. 2004. A model-based approach to integrating security policies for embedded devices. In Proceedings of the 4th ACM International Conference on Embedded Software (EMSOFT'04). ACM, New York, 211--219.
[27]
Meyer, B. 1992. Applying “Design by Contract”. IEEE Computer 25, 10, 40--51.
[28]
Mitchell, J. C. 1996. Foundations for Programming Languages. MIT Press, Cambridge, MA.
[29]
Moffett, J. and Sloman, M. 1994. Policy conflict analysis in distributed systems management. J. Organiz. Comput. 4, 1, 1--22.
[30]
Moses, T. 2005. eXtensible access control markup language (XACML). Version 2.0, Committee specification, OASIS.
[31]
Ni, Q., Bertino, E., and Lobo, J. 2009. D-algebra for composing access control policy decisions. In Proceedings of the ACM Symposium on Information, Computer and Communications Security (ASIACCS'09). ACM, New York, 298--309.
[32]
Nuseibeh, B. and Easterbrook, S. 1999. The process of inconsistency management: A framework for understanding. In Proceedings of the Workshop on Database and Expert Systems Applications. IEEE, Los Alamitos, CA, 364--368.
[33]
Rao, P., Lin, D., Bertino, E., Li, N., and Lobo, J. 2009. An algebra for fine-grained integration of XACML policies. In Proceedings of the 14th ACM Symposium on Access Control Models and Technologies (SACMAT'09). ACM, New York, 63--72.
[34]
Reiter, R. 1980. A logic for default reasoning. Artif. Intell. 13, 1-2, 81--132.
[35]
Ribeiro, C., Zuquete, A., Ferreira, P., and Guedes, P. 2001. SPL: An access control language for security policies and complex constraints. In Proceedings of the Network and Distributed System Security Symposium (NDSS'01).
[36]
Sandhu, R. S., Bhamidipati, V., and Munawer, Q. 1999. The ARBAC97 model for role-based administration of roles. ACM Trans. Inform. Syst. Security 2, 1, 105--135.
[37]
Schmidt, D. 1995. The Structure of Typed Programming Languages. The MIT Press, Cambridge, MA.
[38]
Sedayao, J. 2001. Cisco IOS Access Lists. O'Reilly.
[39]
Woo, T. Y. C. and Lam, S. S. 1993. Authorizations in distributed systems: A new approach. J. Comput. Security 2, 2-3, 107--136.

Cited By

View all

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Transactions on Information and System Security
ACM Transactions on Information and System Security  Volume 14, Issue 1
May 2011
366 pages
ISSN:1094-9224
EISSN:1557-7406
DOI:10.1145/1952982
Issue’s Table of Contents
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 06 June 2011
Accepted: 01 August 2010
Revised: 01 June 2010
Received: 01 September 2009
Published in TISSEC Volume 14, Issue 1

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. Access-control policy languages
  2. bilattices
  3. multivalued logic

Qualifiers

  • Research-article
  • Research
  • Refereed

Funding Sources

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)7
  • Downloads (Last 6 weeks)1
Reflects downloads up to 20 Jan 2025

Other Metrics

Citations

Cited By

View all
  • (2022)Static Analysis for Proactive SecurityComputing and Software Science10.1007/978-3-319-91908-9_19(374-392)Online publication date: 11-Mar-2022
  • (2021)COLBAC: Shifting Cybersecurity from Hierarchical to Horizontal DesignsProceedings of the 2021 New Security Paradigms Workshop10.1145/3498891.3498903(13-27)Online publication date: 25-Oct-2021
  • (2020)A Survey on Access Control in the Age of Internet of ThingsIEEE Internet of Things Journal10.1109/JIOT.2020.29693267:6(4682-4696)Online publication date: Jun-2020
  • (2019)Owner-Centric Sharing of Physical Resources, Data, and Data-Driven Insights in Digital EcosystemsProceedings of the 24th ACM Symposium on Access Control Models and Technologies10.1145/3322431.3326326(73-81)Online publication date: 28-May-2019
  • (2019)Cyberspace-Oriented Access Control: A Cyberspace Characteristics-Based Model and its PoliciesIEEE Internet of Things Journal10.1109/JIOT.2018.28390656:2(1471-1483)Online publication date: Apr-2019
  • (2019)An Interactive and Continuous Authorization Scheme by using Belnap Logic2019 IEEE 43rd Annual Computer Software and Applications Conference (COMPSAC)10.1109/COMPSAC.2019.10287(682-687)Online publication date: Jul-2019
  • (2019)Multi-valued Logic for Static Analysis and Model CheckingModels, Mindsets, Meta: The What, the How, and the Why Not?10.1007/978-3-030-22348-9_7(89-109)Online publication date: 26-Jun-2019
  • (2018)Towards Greater Expressiveness, Flexibility, and Uniformity in Access ControlProceedings of the 23nd ACM on Symposium on Access Control Models and Technologies10.1145/3205977.3208950(217-219)Online publication date: 7-Jun-2018
  • (2018)Survey on Access Control for Community-Centered Collaborative SystemsACM Computing Surveys10.1145/314602551:1(1-38)Online publication date: 4-Jan-2018
  • (2017)Attribute Expressions, Policy Tables and Attribute-Based Access ControlProceedings of the 22nd ACM on Symposium on Access Control Models and Technologies10.1145/3078861.3078865(79-90)Online publication date: 7-Jun-2017
  • Show More Cited By

View Options

Login options

Full Access

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media