Abstract
Access control to IT systems increasingly relies on the ability to compose policies. Hence there is benefit in any framework for policy composition that is intuitive, formal (and so “analyzable” and “implementable”), expressive, independent of specific application domains, and yet able to be extended to create domain-specific instances. Here we develop such a framework based on Belnap logic. An access-control policy is interpreted as a four-valued predicate that maps access requests to either grant, deny, conflict, or unspecified -- the four values of the Belnap bilattice. We define an expressive access-control policy language PBel, having composition operators based on the operators of Belnap logic. Natural orderings on policies are obtained by lifting the truth and information orderings of the Belnap bilattice. These orderings lead to a query language in which policy analyses, for example, conflict freedom, can be specified. Policy analysis is supported through a reduction of the validity of policy queries to the validity of propositional formulas on predicates over access requests. We evaluate our approach through firewall policy and RBAC policy examples, and discuss domain-specific and generic extensions of our policy language.
- Abadi, M., Burrows, M., Lampson, B., and Plotkin, G. 1993. A calculus for access control in distributed systems. ACM Trans. Program. Lang. Syst. 15, 4, 706--734. Google Scholar
Digital Library
- Arieli, O. and Avron, A. 1998. The value of the four values. Artif. Intell. 102, 1, 97--141. Google Scholar
Digital Library
- Bauer, L., Ligatti, J., and Walker, D. 2005. Composing security policies with Polymer. In Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI'05). ACM, New York, 305--314. Google Scholar
Digital Library
- Belnap, N. D. 1977. A useful four-valued logic. In Modern Uses of Multiple-Valued Logic, J. M. Dunn and G. Epstein Eds., D. Reidel, Dordrecht, 8--37.Google Scholar
- Blaze, M., Feigenbaum, J., Ioannidis, J., and Keromytis, A. D. 1999. The role of trust management in distributed systems security. In Secure Internet Programming, Lecture Notes in Computer Science, vol. 1603, Springer, Berlin, 185--210. Google Scholar
Digital Library
- Bonatti, P., De Capitani Di Vimercati, S., and Samarati, P. 2002. An algebra for composing access control policies. ACM Trans. Inform. Syst. Security. 5, 1, 1--35. Google Scholar
Digital Library
- Bruns, G., Dantas, D. S., and Huth, M. 2007. A simple and expressive semantic framework for policy composition in access control. In Proceedings of the 5th Workshop on Formal Methods in Security Engineering: From Specifications to Code. V. D. Gligor and H. Mantel Eds., ACM, New York, 12--21. Google Scholar
Digital Library
- Bruns, G. and Huth, M. 2008. Access control via Belnap logic: Effective and efficient composition and analysis. In Proceedings of the 21st IEEE Computer Security Foundations Symposium. A. Sabelfeld Ed., IEEE, Los Alamitos, CA, 163--176. Google Scholar
Digital Library
- Bruns, G. and Huth, M. 2011. Access control via Belnap logic: Intuitive, expressive, and analyzable policy composition. Tech. rep. 2011/6, Department of Computing, Imperial College London.Google Scholar
- Capretta, V., Stepien, B., Felty, A., and Matwin, S. 2007. Formal correctness of conflict detection for firewalls. In Proceedings of the ACM Workshop on Formal Methods in Security Engineering (FMSE'07). ACM, New York, 22--30. Google Scholar
Digital Library
- CiscoWorks. 2004. Using management center for firewalls 1.3.2. Cisco Systems, Inc.Google Scholar
- Dijkstra, E. W. 1976. A Discipline of Programming. Prentice Hall, Englewood Cliffs, NJ. Google Scholar
Digital Library
- Ferraiolo, D. and Kuhn, D. R. 1992. Role-based access control. In Proceedings of the NIST-NSA National Computer Security Conference. 554--563.Google Scholar
- Ferraiolo, D. F., Kuhn, D. R., and Chandramouli, R. 2003. Role-Based Access Control 2nd Ed., Artech House, Norwood, MA. Google Scholar
Digital Library
- Fitting, M. 1991. Bilattices and the semantics of logic programming. J. Logic Program. 11, 1&2, 91--116. Google Scholar
Digital Library
- Fitting, M. 2006. Bilattices are nice things. In Self-Reference, Center for the Study of Language and Information.Google Scholar
- Ginsberg, M. 1988. Multivalued logics: A uniform approach to reasoning in AI. Comput. Intell. 4, 256--316.Google Scholar
Cross Ref
- Halpern, J. and Weissman, V. 2003. Using first-order logic to reason about policies. In Proceedings of the Computer Security Foundations Workshop (CSFW'03).Google Scholar
- Halpern, J. Y. and Meyden, R. V. D. 2001. A logical reconstruction of SPKI. In Proceedings of the 14th IEEE Workshop on Computer Security Foundations (CSFW'01). IEEE Computer Society, Los Alamitos, CA, 59. Google Scholar
Digital Library
- Jajodia, S., Samarati, P., Sapino, M. L., and Subrahmanian, V. S. 2001. Flexible support for multiple access control policies. ACM Trans. Datab. Syst. 26, 2, 214--260. Google Scholar
Digital Library
- Kleene, S. C. 1952. Introduction to Metamathematics. D. Van Nostrand.Google Scholar
- Lee, A. J., Boyer, J. P., Olson, L. E., and Gunter, C. A. 2006. Defeasible security policy composition for web services. In Proceedings of the 4th ACM Workshop on Formal Methods in Security (FMSE'06). ACM, New York, 45--54. Google Scholar
Digital Library
- Li, N., Grosof, B. N., and Feigenbaum, J. 2003. Delegation logic: A logic-based approach to distributed authorization. ACM Trans. Inform. Syst. Security 6. Google Scholar
Digital Library
- Li, N. and Mao, Z. 2007. Administration in role-based access control. In Proceedings of the 2nd ACM Symposium on Information, Computer and Communications Security (ASIACCS'07). ACM, New York, 127--138. Google Scholar
Digital Library
- Li, N., Wang, Q., Qardaji, W., Bertino, E., Rao, P., Lobo, J., and Lin, D. 2009. Access control policy combining: Theory meets practice. In Proceedings of the 14th ACM Symposium on Access Control Models and Technologies. ACM, New York, 135--144. Google Scholar
Digital Library
- McDougall, M., Alur, R., and Gunter, C. A. 2004. A model-based approach to integrating security policies for embedded devices. In Proceedings of the 4th ACM International Conference on Embedded Software (EMSOFT'04). ACM, New York, 211--219. Google Scholar
Digital Library
- Meyer, B. 1992. Applying “Design by Contract”. IEEE Computer 25, 10, 40--51. Google Scholar
Digital Library
- Mitchell, J. C. 1996. Foundations for Programming Languages. MIT Press, Cambridge, MA. Google Scholar
Digital Library
- Moffett, J. and Sloman, M. 1994. Policy conflict analysis in distributed systems management. J. Organiz. Comput. 4, 1, 1--22.Google Scholar
Cross Ref
- Moses, T. 2005. eXtensible access control markup language (XACML). Version 2.0, Committee specification, OASIS.Google Scholar
- Ni, Q., Bertino, E., and Lobo, J. 2009. D-algebra for composing access control policy decisions. In Proceedings of the ACM Symposium on Information, Computer and Communications Security (ASIACCS'09). ACM, New York, 298--309. Google Scholar
Digital Library
- Nuseibeh, B. and Easterbrook, S. 1999. The process of inconsistency management: A framework for understanding. In Proceedings of the Workshop on Database and Expert Systems Applications. IEEE, Los Alamitos, CA, 364--368. Google Scholar
Digital Library
- Rao, P., Lin, D., Bertino, E., Li, N., and Lobo, J. 2009. An algebra for fine-grained integration of XACML policies. In Proceedings of the 14th ACM Symposium on Access Control Models and Technologies (SACMAT'09). ACM, New York, 63--72. Google Scholar
Digital Library
- Reiter, R. 1980. A logic for default reasoning. Artif. Intell. 13, 1-2, 81--132.Google Scholar
Digital Library
- Ribeiro, C., Zuquete, A., Ferreira, P., and Guedes, P. 2001. SPL: An access control language for security policies and complex constraints. In Proceedings of the Network and Distributed System Security Symposium (NDSS'01).Google Scholar
- Sandhu, R. S., Bhamidipati, V., and Munawer, Q. 1999. The ARBAC97 model for role-based administration of roles. ACM Trans. Inform. Syst. Security 2, 1, 105--135. Google Scholar
Digital Library
- Schmidt, D. 1995. The Structure of Typed Programming Languages. The MIT Press, Cambridge, MA. Google Scholar
Digital Library
- Sedayao, J. 2001. Cisco IOS Access Lists. O'Reilly. Google Scholar
Digital Library
- Woo, T. Y. C. and Lam, S. S. 1993. Authorizations in distributed systems: A new approach. J. Comput. Security 2, 2-3, 107--136.Google Scholar
Cross Ref
Index Terms
Access control via belnap logic: Intuitive, expressive, and analyzable policy composition
Recommendations
A simple and expressive semantic framework for policy composition in access control
FMSE '07: Proceedings of the 2007 ACM workshop on Formal methods in security engineeringIn defining large, complex access control policies, one would like to compose sub-policies, perhaps authored by different organizations, into a single global policy. Existing policy composition approaches tend to be ad-hoc, and do not explain whether ...
Access-Control Policies via Belnap Logic: Effective and Efficient Composition and Analysis
CSF '08: Proceedings of the 2008 21st IEEE Computer Security Foundations SymposiumIt is difficult to develop and manage large, multi-author access control policies without a means to compose larger policies from smaller ones. Ideally, an access-control policy language will have a small set of simple policy combinators that allow for ...
Rivals to Belnap---Dunn Logic on Interlaced Trilattices
The work of Arnon Avron and Ofer Arieli has shown a deep relationship between the theory of bilattices and the Belnap-Dunn logic $$\mathsf {E}_{\mathtt {fde}}$$Efde. This correspondence has been interpreted as evidence that $$\mathsf {E}_{\mathtt {fde}}$...






Comments