Hapi: A Domain-Specific Language for the Declaration of Access Policies
Authors: 
Vinícius Julião, 
Alexander Holmquist, Flávio Lúcio, Celso Simões, 
Fernando PereiraAuthors Info & Claims
Vinícius Julião, Alexander Holmquist, Flávio Lúcio, Celso Simões, Fernando PereiraAuthors Info & ClaimsPages 9 - 16
Abstract
Access policies specify what are the actions that different actors can perform on the available resources. Access policies are a core notion in multiuser environments, such as operating systems and distributed databases. Currently, most of these systems use general data specification languages, such as JSON, XML and YAML to describe access policies. Yet, domain-specific languages are also available for this task. One of such languages is Legalease, from Microsoft. This paper presents a new version of Legalease, called Hapi. Hapi replaces Legalease’s notion of a lattice with a partially ordered set (poset). We demonstrate that posets already give all the expressivity of Legalease, while simplifying its specification and the implementation of verification algorithms. Hapi is currently publicly available. The language is distributed with tools for translating programs to YAML and for visualizing access rights. Hapi provides developers with an Intermediary Representation of policies that allows this language to be easily embedded in any project. Said representation generalizes the notion of actors, actions and resources to user-defined entities; hence, being more flexible than typical data-access description languages.
References
[1]
Moritz Y. Becker, Cédric Fournet, and Andrew D. Gordon. 2010. SecPAL: Design and Semantics of a Decentralized Authorization Language. J. Comput. Secur. 18, 4 (2010), 619–665.
[2]
Richard J. Dudley and Nathan Duchene. 2010. Microsoft Azure: Enterprise Application Development. Packt Publishing, USA.
[3]
Armin Gerl. 2019. Modelling of a Privacy Language and Efficient Policy-based De-identification. Ph.D. Dissertation. U. Passau and INSA Lyon.
[4]
Saffija Kasem-Madani and Michael Meier. 2015. Security and Privacy Policy Languages: A Survey, Categorization and Gap Identification. CoRR abs/1512.00201(2015), 1–18. arxiv:1512.00201http://arxiv.org/abs/1512.00201
[5]
Markus Lorch, Seth Proctor, Rebekah Lepro, Dennis Kafura, and Sumit Shah. 2003. First Experiences Using XACML for Access Control in Distributed Systems. In XMLSEC. Association for Computing Machinery, New York, NY, USA, 25–37. https://doi.org/10.1145/968559.968563
[6]
T. J. Parr and R. W. Quong. 1995. ANTLR: A Predicated-LL(k) Parser Generator. Softw. Pract. Exper. 25, 7 (1995), 789–810. https://doi.org/10.1002/spe.4380250705
[7]
Samir Saklikar and Subir Saha. 2007. Next Steps for Security Assertion Markup Language (Saml). In SWS. ACM, New York, NY, USA, 52–65. https://doi.org/10.1145/1314418.1314427
[8]
Shayak Sen, Saikat Guha, Anupam Datta, Sriram K. Rajamani, Janice Tsai, and Jeannette M. Wing. 2014. Bootstrapping Privacy Compliance in Big Data Systems. In S&P. IEEE Computer Society, USA, 327–342. https://doi.org/10.1109/SP.2014.28
[9]
Abraham Silberschatz, Peter Baer Galvin, and Greg Gagne. 2008. Operating System Concepts(8th ed.). Wiley Publishing, USA.
[10]
Ha Xuan Son and Nguyen Minh Hoang. 2019. A Novel Attribute-Based Access Control System for Fine-Grained Privacy Protection. In ICCSP. Association for Computing Machinery, New York, NY, USA, 76–80. https://doi.org/10.1145/3309074.3309091
[11]
Bill Stonehem. 2016. Google Android Firebase: Learning the Basics. First Rank, USA.
[12]
William H. Stufflebeam, Annie I. Antón, Qingfeng He, and Neha Jain. 2004. Specifying Privacy Policies with P3P and EPAL: Lessons Learned. In WPES. Association for Computing Machinery, New York, NY, USA, 35. https://doi.org/10.1145/1029179.1029190
[13]
Jinesh Varia and Sajee Mathew. 2014. Overview of Amazon Web Services.
Recommendations
Declaratively defining domain-specific language debuggers
GCPE '11Tool support is vital to the effectiveness of domain-specific languages. With language workbenches, domain-specific languages and their tool support can be generated from a combined, high-level specification. This paper shows how such a specification ...
Fine-Grained Disclosure of Access Policies
Information and Communications SecurityAbstractIn open scenarios, where servers may receive requests to access their services from possibly unknown clients, access control is typically based on the evaluation of (certified or uncertified) properties, that clients can present. Since assuming ...
Declaratively defining domain-specific language debuggers
GPCE '11: Proceedings of the 10th ACM international conference on Generative programming and component engineeringTool support is vital to the effectiveness of domain-specific languages. With language workbenches, domain-specific languages and their tool support can be generated from a combined, high-level specification. This paper shows how such a specification ...
Comments
Information & Contributors
Information
Published In
September 2021
115 pages
ISBN:9781450390620
DOI:10.1145/3475061
Copyright © 2021 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 05 October 2021
Check for updates
Author Tags
Qualifiers
- Research-article
- Research
- Refereed limited
Funding Sources
- FAPEMIG
- CNPQ
Conference
SBLP'21
SBLP'21: 25th Brazilian Symposium on Programming Languages
September 27 - October 1, 2021
Joinville, Brazil
Acceptance Rates
Overall Acceptance Rate 22 of 50 submissions, 44%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 78Total Downloads
- Downloads (Last 12 months)3
- Downloads (Last 6 weeks)0
Reflects downloads up to 07 Aug 2024
Other Metrics
Citations
Cited By
View allView Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign inFull Access
View options
View or Download as a PDF file.
PDFeReader
View online with eReader.
eReaderHTML Format
View this article in HTML Format.
HTML Format