short-paper

A Rule-based Approach to the Decidability of Safety of ABACα

Authors:

Mircea Marin,

Temur Kutsia,

Besik DunduaAuthors Info & Claims

SACMAT '19: Proceedings of the 24th ACM Symposium on Access Control Models and Technologies

Pages 173 - 178

https://doi.org/10.1145/3322431.3325416

Published: 28 May 2019 Publication History

Get Access

Abstract

ABACα is a foundational model for attribute-based access control with a minimal set of capabilities to configure many access control models of interest, including the dominant traditional ones: discretionary (DAC), mandatory (MAC), and role-based (RBAC). A fundamental security problem in the design of ABAC is to ensure safety, that is, to guarantee that a certain subject can never gain certain permissions to access certain object(s).

We propose a rule-based specification of ABACα and of its configurations, and the semantic framework of ρLog to turn this specification into executable code for the operational model of ABACα. Next, we identify some important properties of the operational model which allow us to define a rule-based algorithm for the safety problem, and to execute it with ρLog. The outcome is a practical tool to check safety of ABACα configurations.

ρLog is a system for rule-based programming with strategies and built-in support for constraint logic programming (CLP). We argue that ρLog is an adequate framework for the specification and verification of safety of ABACα configurations. In particular, the authorization policies of ABACα can be interpreted properly by the CLP component of ρLog, and the operations of its functional specification can be described by five strategies defined by conditional rewrite rules.

References

[1]

T. Ahmed and R. Sandhu. 2017. Safety of $rm ABAC_α is Decidable. In Network and System Security, Z. Yan, R. Molva, W. Mazurczyk, and R. Kantola (Eds.). Springer International Publishing, 257--272.

Google Scholar

[2]

M. A. Harrison, W. L. Ruzzo, and J. D. Ullman. 1976. Protection in operating systems. Commun. ACM, Vol. 19, 8 (Aug. 1976), 461--471.

Digital Library

Google Scholar

[3]

X. Jin. 2014. Attribute-Based Access Control Models and Implementation in Cloud Infrastructure as a Service. Ph.D. Dissertation. University of Texas at San Antonio.

Google Scholar

[4]

X. Jin, R. Krishnan, and R. Sandhu. 2012. A unified attribute-based access control model covering DAC, MAC and RBAC. In Data and Applications Security and Privacy XXVI, N. Cuppens-Boulahia, F. Cuppens, and J. Garcia-Alfaro (Eds.). LNCS, Vol. 7371. Springer, Berlin, Heidelberg, 41--55.

Digital Library

Google Scholar

[5]

T. Kutsia. 2004. Solving equations involving sequence variables and sequence functions. In Proceedings of AISC 2004, B. Buchberger and J. A. Campbell (Eds.). LNCS, Vol. 3249. Springer, 157--170.

Crossref

Google Scholar

[6]

T. Kutsia. 2007. Solving equations with sequence variables and sequence functions. JSC, Vol. 42, 3 (2007), 352--388.

Digital Library

Google Scholar

[7]

T. Kutsia and M. Marin. 2005. Can context sequence matching be used for querying XML?. In Proceedings of UNIF'05, L. Vigneron (Ed.). IEEE Computer Society, Nara, Japan, 77--92.

Google Scholar

[8]

M. Marin and T. Ida. 2005. Rule-Based Programming with ρLog. In Proceedings of SYNASC'05, D. Zaharie, D. Petcu, V. Negru, T. Jebelean, G. Ciobanu, A. Cicortas, A. Abraham, and M. Paprzycki (Eds.). IEEE Computer Society, 31--38.

Digital Library

Google Scholar

[9]

M. Marin and T. Kutsia. 2006. Foundations of the rule-based system ρLog. Journal of Applied Non-Classical Logics, Vol. 16, 1--2 (2006), 151--168.

Crossref

Google Scholar

[10]

M. Marin and F. Piroi. 2004. Deduction and presentation in ρLog. ENTCS, Vol. 93 (2004), 161--182.

Google Scholar

[11]

J. Park and R. Sandhu. 2004. The UCON ABC Usage Control Model. ACM Transactions on Information and System Security (TISSEC), Vol. 7, 1 (2004), 161--182.

Digital Library

Google Scholar

[12]

P. V. Rajkumar and R. Sandhu. 2016. Safety decidability for pre-authorization usage control with finite attribute domains. IEEE Transactions on Dependable and Secure Computing, Vol. 13, 5 (2016), 582--590.

Crossref

Google Scholar

[13]

S. Wolfram. 2003. The Mathematica Book 5th ed.). Wolfram Media.

Digital Library

Google Scholar

Cited By

View all

Bertolissi CFernandez MThuraisingham B(2024)Category-Based Administrative Access Control PoliciesACM Transactions on Privacy and Security10.1145/369819928:1(1-35)Online publication date: 28-Sep-2024
https://dl.acm.org/doi/10.1145/3698199
Shan FLi FJi P(2022)A smart access control mechanism based on user preference in online social networksConcurrency and Computation: Practice and Experience10.1002/cpe.686435:20Online publication date: Feb-2022
https://doi.org/10.1002/cpe.6864
Bertolissi CFernandez MThuraisingham BJoshi ACarminati BVerma R(2021)Graph-Based Specification of Admin-CBAC PoliciesProceedings of the Eleventh ACM Conference on Data and Application Security and Privacy10.1145/3422337.3447850(173-184)Online publication date: 26-Apr-2021
https://dl.acm.org/doi/10.1145/3422337.3447850
Show More Cited By

Index Terms

A Rule-based Approach to the Decidability of Safety of ABACα
1. Security and privacy
  1. Security services
    1. Access control
2. Theory of computation
  1. Formal languages and automata theory
    1. Formalisms
      1. Rewrite systems
  2. Logic
    1. Constraint and logic programming
    2. Logic and verification

Recommendations

Safety analysis of usage control authorization models
ASIACCS '06: Proceedings of the 2006 ACM Symposium on Information, computer and communications security

The usage control (UCON) model was introduced as a unified approach to capture a number of extensions for traditional access control models. While the policy specification flexibility and expressive power of this model have been studied in previous work,...
A rule-based framework for role-based delegation and revocation

Delegation is the process whereby an active entity in a distributed environment authorizes another entity to access resources. In today's distributed systems, a user often needs to act on another user's behalf with some subset of his/her rights. Most ...
A rule-based framework for role based delegation
SACMAT '01: Proceedings of the sixth ACM symposium on Access control models and technologies

In current role-based systems, security officers handle assignments of users to roles. However, fully depending on this functionality may increase management efforts in a distributed environment because of the continuous involvement from security ...

Comments

Information & Contributors

Information

Published In

SACMAT '19: Proceedings of the 24th ACM Symposium on Access Control Models and Technologies

May 2019

243 pages

ISBN:9781450367530

DOI:10.1145/3322431

General Chair:
Florian Kerschbaum
University of Waterloo, Canada
,
Program Chairs:
Atefeh Mashatan
Ryerson University, Canada
,
Jianwei Niu
University of Texas at San Antonio, USA
,
Adam J. Lee
University of Pittsburgh, USA

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 28 May 2019

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Short-paper

Funding Sources

Austrian Science Fund (FWF)
Shota Rustaveli National Science Foundation of Georgia

Conference

SACMAT '19

Sponsor:

SIGSAC

SACMAT '19: The 24th ACM Symposium on Access Control Models and Technologies

June 3 - 6, 2019

Toronto ON, Canada

Acceptance Rates

SACMAT '19 Paper Acceptance Rate 12 of 52 submissions, 23%;

Overall Acceptance Rate 177 of 597 submissions, 30%

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

7
Total Citations
View Citations
124
Total Downloads

Downloads (Last 12 months)2
Downloads (Last 6 weeks)0

Reflects downloads up to 05 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Bertolissi CFernandez MThuraisingham B(2024)Category-Based Administrative Access Control PoliciesACM Transactions on Privacy and Security10.1145/369819928:1(1-35)Online publication date: 28-Sep-2024
https://dl.acm.org/doi/10.1145/3698199
Shan FLi FJi P(2022)A smart access control mechanism based on user preference in online social networksConcurrency and Computation: Practice and Experience10.1002/cpe.686435:20Online publication date: Feb-2022
https://doi.org/10.1002/cpe.6864
Bertolissi CFernandez MThuraisingham BJoshi ACarminati BVerma R(2021)Graph-Based Specification of Admin-CBAC PoliciesProceedings of the Eleventh ACM Conference on Data and Application Security and Privacy10.1145/3422337.3447850(173-184)Online publication date: 26-Apr-2021
https://dl.acm.org/doi/10.1145/3422337.3447850
Rubio RMartí-Oliet NPita IVerdejo A(2021)Model checking strategy-controlled systems in rewriting logicAutomated Software Engineering10.1007/s10515-021-00307-929:1Online publication date: 8-Dec-2021
https://doi.org/10.1007/s10515-021-00307-9
Bertolissi CFernández MThuraisingham BRoussev VThuraisingham BCarminati BKantarcioglu M(2020)Admin-CBACProceedings of the Tenth ACM Conference on Data and Application Security and Privacy10.1145/3374664.3375725(73-84)Online publication date: 16-Mar-2020
https://dl.acm.org/doi/10.1145/3374664.3375725
Marin MDundua BKutsia T(2020)A Rule-Based System for Computation and Deduction in MathematicaRewriting Logic and Its Applications10.1007/978-3-030-63595-4_4(57-74)Online publication date: 11-Dec-2020
https://doi.org/10.1007/978-3-030-63595-4_4
Dundua BKutsia TMarin MRukhaia M(2020)Specification and Analysis of ABAC Policies in a Rule-Based FrameworkApplications of Mathematics and Informatics in Natural Sciences and Engineering10.1007/978-3-030-56356-1_7(101-116)Online publication date: 29-Nov-2020
https://doi.org/10.1007/978-3-030-56356-1_7

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Abstract

References

Cited By

Index Terms

Recommendations

Safety analysis of usage control authorization models

A rule-based framework for role-based delegation and revocation

A rule-based framework for role based delegation

Comments

Information

Published In

Sponsors

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Funding Sources

Conference

Acceptance Rates

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Login options

Full Access

View options

PDF

eReader

Share

Share this Publication link

Share on social media

Affiliations