Semantic Access Control Model: A Formal Specification

  • Mariemma I. Yagüe
  • María-del-Mar Gallardo
  • Antonio Maña
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3679)


The Semantic Access Control Model (SAC), built on the basis of separation of the authorization and access control management responsibilities, provides adequate solutions to the problems of access control in distributed and dynamic systems with heterogeneous security requirements. SAC is characterized by its flexibility for accommodating dissimilar security policies, but also by the ease of management and control over a large number of distributed elements and the support for interoperability of authorization mechanisms. In this paper, we present the semantic validation algorithms developed in SAC to detect semantically incomplete or incorrect access control policies. Additionally, the formal model of SAC along with some proofs of its soundness is introduced. This formalization is the basis for additional model checking of the semantic validation algorithms developed.


Access Control Authorization Distributed Systems Security Formal Methods in security 


  1. 1.
    Baraani, A., Pieprzyk, J., Safavi-Naini, R.: Security In Databases: A Survey Study (1996)Google Scholar
  2. 2.
    Bertino, E., Castano, S., Ferrari, E.: Securing XML documents with Author-X. IEEE Internet Computing 5(3), 21–31 (2001)CrossRefGoogle Scholar
  3. 3.
    Blaze, M., Feigenbaum, J., Ioannidis, J., Keromytis, A.D.: The role of trust management in distributed systems security. Secure Internet Programming: Issues in Distributed and Mobile Object Systems, 185–210 (1993)Google Scholar
  4. 4.
    Blaze, M., Feigenbaum, J., Lacy, J.: Decentralized Trust Management. In: Proc. of the IEEE Symposium on Security and Privacy, pp. 164–173 (1996)Google Scholar
  5. 5.
    Chadwick, D.W., Otenko, A.: The PERMIS X.509 role based privilege management infrastructure. Future Generation Computer Systems 19(2), 277–289 (2003)CrossRefGoogle Scholar
  6. 6.
    Damiani, E., de Capitani di Vimercati, S., Paraboschi, S., Samarati, P.: A Fine-Grained Access Control System for XML Documents. In ACM Transactions on Information and System Security (TISSEC) 5(2), 169–202 (2002)CrossRefGoogle Scholar
  7. 7.
    Thompson, M., et al.: Certificate-based Access Control for Widely Distributed Resources. In: Proc. of the 8th USENIX Security Symposium, pp. 215–227 (1999)Google Scholar
  8. 8.
    ITU-T. Recommendation X.509: Information Technology - Open Systems Interconnection - The Directory: Public-key and attribute certificate frameworks (2000),
  9. 9.
    Jajodia, S., Samarati, P., Subrahmanian, V.S.: A Logical Language for Expressing Authorizations. In: Proc. of the IEEE Symposium on Security and Privacy, pp. 31–42 (1997)Google Scholar
  10. 10.
    Kudo, M., Hada, S.: XML Document Security based on Provisional Authorisation. In: Proc. of the 7th ACM Conference on Computer and Communications Security, pp. 87–96 (2000)Google Scholar
  11. 11.
    López, J., Maña, A., Ortega, J.J., Troya, J.M., Yagüe, M.I.: Integrating PMI services in CORBA Applications. Computer Standards and Interfaces Journal 25(4), 391–409 (2003)Google Scholar
  12. 12.
    Maña, A., Yagüe, M.I., Benjumea, V.: Ec-gate: Electronic commerce based on e-gate technology, Golden Award of EGATE Open Contest 2002, paris (November 2002)Google Scholar
  13. 13.
    Maña, A., Yagüe, M.I., Benjumea, V.: EC-GATE: An Infrastructure for DRM. In: Proc. of the IASTED Intl. Conference on Communication, Network, and Information Security, pp. 283–288 (2003)Google Scholar
  14. 14.
    OASIS. XACML 1.1 Specification Set (2003)Google Scholar
  15. 15.
    Qian, X., Lunt, T.F.: A MAC Policy Framework for Multilevel Relational Databases. IEEE Transactions on Knowledge and Data Engineering 8(1), 1–14 (1996)CrossRefGoogle Scholar
  16. 16.
    Samarati, P., de Capitani di Vimercati, S.: Access control: Policies, models, and mechanisms. In: Focardi, R., Gorrieri, R. (eds.) FOSAD 2000. LNCS, vol. 2171, pp. 137–196. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  17. 17.
    Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-Based Access control Models. IEEE Computer 29(2), 38–47 (1996)Google Scholar
  18. 18.
    Sundsted, T.: With Liberty and single sign-on for all. The Liberty Alliance Project seeks to solve the current online identity crisis (2002)Google Scholar
  19. 19.
    Woo, T.Y.C., Lam, S.S.: Authorizations in distributed systems: A new approach. Journal of Computer Security 2(2), 107–136 (1993)Google Scholar
  20. 20.
    Yagüe, M.I.: Modelo basado en Metadatos para la Integración Semántica en Entornos Distribuidos. Aplicación al Escenario de Control de Accesos. Ph.D. dissertation, Computer Science Department. University of Málaga (2003)Google Scholar
  21. 21.
    Yagüe, M.I., Maña, A., López, J.: A Metadata-based Access Control Model for Web Services. Internet Research Journal: Electronic Networking Applications and Policy 25(1), 99–116 (2005)CrossRefGoogle Scholar
  22. 22.
    Yagüe, M.I., Maña, A., López, J., Pimentel, J., Troya, J.M.: A Secure Solution for Commercial Digital Libraries. Online Information Review Journal 27(3), 147–159 (2003)CrossRefGoogle Scholar
  23. 23.
    Yagüe, M.I., Maña, A., López, J., Troya, J.M.: Applying the Semantic Web Layers to Access Control. In: Proc. of the Int. Workshop on Web Semantics, pp. 47–63. IEEE Computer Society Press, Los Alamitos (September 2003)Google Scholar
  24. 24.
    Yagüe, M.I., Troya, J.M.: A Semantic Approach for Access Control in Web Services. In: Proc. of the W3C Euroweb 2002 International Conference (2002)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Mariemma I. Yagüe
    • 1
  • María-del-Mar Gallardo
    • 1
  • Antonio Maña
    • 1
  1. 1.Dpto. de Lenguajes y Ciencias de la ComputaciónUniversity of MálagaMálagaSpain

Personalised recommendations