Validation of Safety-Like Properties for Entity-Based Access Control Policies
In this paper safety problems for a simplified version of entity-based access control model are considered. By safety we mean the impossibility for a user to acquire access a given object by performing a sequence of legitimate operations over the database. Our model considers the database as a labelled graph. Object modification operations are guarded by FO-definable pre- and post-conditions. We show undecidability of the safety problem in general and describe an algorithm for deciding safety for a restricted class of access control policies.
KeywordsAccess control ABAC EBAC Safety Decidability
- 1.Bogaerts, J., Decat, M., Lagaisse, B., Joosen, W.: Entity-based access control: supporting more expressive access control policies. In: Proceedings of the 31st Annual Computer Security Applications Conference, pp. 291–300. ACM (2015)Google Scholar
- 4.Kolovski, V., Hendler, J., Parsia, B.: Analyzing web access control policies. In: Proceedings of the 16th International Conference on World Wide Web, pp. 677–686. ACM (2007)Google Scholar
- 6.Samarati, P., de Vimercati, S.C.: Access control: policies, models, and mechanisms. In: International School on Foundations of Security Analysis and Design, pp. 137–196. Springer (2000)Google Scholar
- 7.Servos, D., Osborn, S.L.: Current research and open problems in attribute-based access control. ACM Comput. Surv. 49(4), 65:1–65:45 (2017)Google Scholar