Abstract
The Semantic Access Control Model (SAC), built on the basis of separation of the authorization and access control management responsibilities, provides adequate solutions to the problems of access control in distributed and dynamic systems with heterogeneous security requirements. SAC is characterized by its flexibility for accommodating dissimilar security policies, but also by the ease of management and control over a large number of distributed elements and the support for interoperability of authorization mechanisms. In this paper, we present the semantic validation algorithms developed in SAC to detect semantically incomplete or incorrect access control policies. Additionally, the formal model of SAC along with some proofs of its soundness is introduced. This formalization is the basis for additional model checking of the semantic validation algorithms developed.
Work partially supported by the Spanish Ministry of Science and Technology under the Research Projects PRIVILEGE (TIC2003-08184-C02-01) and SELF (TIN2004-7943-C04-01).
Chapter PDF
References
Baraani, A., Pieprzyk, J., Safavi-Naini, R.: Security In Databases: A Survey Study (1996)
Bertino, E., Castano, S., Ferrari, E.: Securing XML documents with Author-X. IEEE Internet Computing 5(3), 21–31 (2001)
Blaze, M., Feigenbaum, J., Ioannidis, J., Keromytis, A.D.: The role of trust management in distributed systems security. Secure Internet Programming: Issues in Distributed and Mobile Object Systems, 185–210 (1993)
Blaze, M., Feigenbaum, J., Lacy, J.: Decentralized Trust Management. In: Proc. of the IEEE Symposium on Security and Privacy, pp. 164–173 (1996)
Chadwick, D.W., Otenko, A.: The PERMIS X.509 role based privilege management infrastructure. Future Generation Computer Systems 19(2), 277–289 (2003)
Damiani, E., de Capitani di Vimercati, S., Paraboschi, S., Samarati, P.: A Fine-Grained Access Control System for XML Documents. In ACM Transactions on Information and System Security (TISSEC) 5(2), 169–202 (2002)
Thompson, M., et al.: Certificate-based Access Control for Widely Distributed Resources. In: Proc. of the 8th USENIX Security Symposium, pp. 215–227 (1999)
ITU-T. Recommendation X.509: Information Technology - Open Systems Interconnection - The Directory: Public-key and attribute certificate frameworks (2000), http://www.itu.int/rec/recommendation.asp?type=folders&lang=e&parent=t-rec-x.509
Jajodia, S., Samarati, P., Subrahmanian, V.S.: A Logical Language for Expressing Authorizations. In: Proc. of the IEEE Symposium on Security and Privacy, pp. 31–42 (1997)
Kudo, M., Hada, S.: XML Document Security based on Provisional Authorisation. In: Proc. of the 7th ACM Conference on Computer and Communications Security, pp. 87–96 (2000)
López, J., Maña, A., Ortega, J.J., Troya, J.M., Yagüe, M.I.: Integrating PMI services in CORBA Applications. Computer Standards and Interfaces Journal 25(4), 391–409 (2003)
Maña, A., Yagüe, M.I., Benjumea, V.: Ec-gate: Electronic commerce based on e-gate technology, Golden Award of EGATE Open Contest 2002, paris (November 2002)
Maña, A., Yagüe, M.I., Benjumea, V.: EC-GATE: An Infrastructure for DRM. In: Proc. of the IASTED Intl. Conference on Communication, Network, and Information Security, pp. 283–288 (2003)
OASIS. XACML 1.1 Specification Set (2003)
Qian, X., Lunt, T.F.: A MAC Policy Framework for Multilevel Relational Databases. IEEE Transactions on Knowledge and Data Engineering 8(1), 1–14 (1996)
Samarati, P., de Capitani di Vimercati, S.: Access control: Policies, models, and mechanisms. In: Focardi, R., Gorrieri, R. (eds.) FOSAD 2000. LNCS, vol. 2171, pp. 137–196. Springer, Heidelberg (2001)
Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-Based Access control Models. IEEE Computer 29(2), 38–47 (1996)
Sundsted, T.: With Liberty and single sign-on for all. The Liberty Alliance Project seeks to solve the current online identity crisis (2002)
Woo, T.Y.C., Lam, S.S.: Authorizations in distributed systems: A new approach. Journal of Computer Security 2(2), 107–136 (1993)
Yagüe, M.I.: Modelo basado en Metadatos para la Integración Semántica en Entornos Distribuidos. Aplicación al Escenario de Control de Accesos. Ph.D. dissertation, Computer Science Department. University of Málaga (2003)
Yagüe, M.I., Maña, A., López, J.: A Metadata-based Access Control Model for Web Services. Internet Research Journal: Electronic Networking Applications and Policy 25(1), 99–116 (2005)
Yagüe, M.I., Maña, A., López, J., Pimentel, J., Troya, J.M.: A Secure Solution for Commercial Digital Libraries. Online Information Review Journal 27(3), 147–159 (2003)
Yagüe, M.I., Maña, A., López, J., Troya, J.M.: Applying the Semantic Web Layers to Access Control. In: Proc. of the Int. Workshop on Web Semantics, pp. 47–63. IEEE Computer Society Press, Los Alamitos (September 2003)
Yagüe, M.I., Troya, J.M.: A Semantic Approach for Access Control in Web Services. In: Proc. of the W3C Euroweb 2002 International Conference (2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Yagüe, M.I., Gallardo, MdM., Maña, A. (2005). Semantic Access Control Model: A Formal Specification. In: di Vimercati, S.d.C., Syverson, P., Gollmann, D. (eds) Computer Security – ESORICS 2005. ESORICS 2005. Lecture Notes in Computer Science, vol 3679. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11555827_3
Download citation
DOI: https://doi.org/10.1007/11555827_3
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-28963-0
Online ISBN: 978-3-540-31981-8
eBook Packages: Computer ScienceComputer Science (R0)