Abstract
Graph-based specification formalisms for Access Control (AC) policies combine the advantages of an intuitive visual framework with a rigorous semantical foundation. A security policy framework specifies a set of (constructive) rules to build the system states and sets of positive and negative (declarative) constraints to specify wanted and unwanted substates. Models for AC (e.g. role-based, lattice-based or an access control list) have been specified in this framework elsewhere. Here we address the problem of inconsistent policies within this framework. Using formal properties of graph transformations, we can systematically detect inconsistencies between constraints, between rules and between a rule and a constraint and lay the foundation for their resolutions.
partially supported by the EC under TMR Network GETGRATS and under Esprit WG APPLIGRAPH, and by the Italian MURST.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
A. Corradini, H. Ehrig, M. Löwe, and J. Padberg. The category of typed graph grammars and their adjunction with categories of derivations. In 5th Int. Workshop on Graph Grammars and their Application to Computer Science, number 1073 in LNCS, pages 56–74. Springer, 1996.
H. Ehrig, R. Heckel, M. Kor., M. Löwe, L. Ribeiro, A. Wagner, and A. Corradini. Handbook of Graph Grammars and Computing by Graph Transformations. Vol. I: Foundations, chapter Algebraic Approaches to Graph Transformation Part II: Single Pushout Approach and Comparison with Double Pushout Approach. In Rozenberg [Roz97], 1997.
H. Ehrig, H.-J. Kreowski, U. Montanari, and G. Rozenberg, editors. Handbook of Graph Grammars and Computing by Graph Transformations. Vol. III: Concurrency, Parallelism, and Distribution. World Scientific, 1999.
M. Groβe-Rhode, F. Parisi-Presicce, and M. Simeoni. Refinements of Graph Transformation Systems via Rule Expressions. In H. Ehrig, G. Engels, H.-J. Kreowski, and G. Rozenberg, editors, Proc. of TAGT’98, number 1764 in Lect. Notes in Comp. Sci., pages 368–382. Springer, 2000.
R. Heckel and A. Wagner. Ensuring consistency of conditional graph grammars-a constructive approach. In Proc. SEGRAGRA’95 Graph Rewriting and Computation, number 2. Electronic Notes of TCS, 1995.
M. Koch, L.V. Mancini, and F. Parisi-Presicce. A Formal Model for Role-Based Access Control using Graph Transformation. In F. Cuppens, Y. Deswarte, D. Gollmann, and M. Waidner, editors, Proc. of the 6th European Symposium on Research in Computer Security (ESORICS 2000), number 1895 in Lect. Notes in Comp. Sci., pages 122–139. Springer, 2000.
M. Koch, L. V. Mancini, and F. Parisi-Presicce. On the Specification and Evolution of Access Control Policies. In S. Osborne, editor, Proc. 6th ACM Symp. on Access Control Models and Technologies, pages 121–130. ACM, May 2001.
M. Koch, L.V. Mancini, and F. Parisi-Presicce. Foundations for a graph-based approach to the Specification of Access Control Policies. In F. Honsell and M. Miculan, editors, Proc. of Foundations of Software Science and Computation Structures (FoSSaCS 2001), number 2030 in Lect. Notes in Comp. Sci., pages 287–302. Springer, 2001.
G. Rozenberg, editor. Handbook of Graph Grammars and Computing by Graph Transformations. Vol. I: Foundations. World Scientific, 1997.
R. S. Sandhu. Lattice-based access control models. IEEE Computer, 26(11):9–19, 1993.
R. S. Sandhu. Role-Based Access Control. In Advances in Computers, volume 46. Academic Press, 1998.
R.S. Sandhu and P. Samarati. Access Control: Principles and Practice. IEEE Communication Magazine, pages 40–48, 1994.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Koch, M., Mancini, L.V., Parisi-Presicce, F. (2002). Conflict Detection and Resolution in Access Control Policy Specifications. In: Nielsen, M., Engberg, U. (eds) Foundations of Software Science and Computation Structures. FoSSaCS 2002. Lecture Notes in Computer Science, vol 2303. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45931-6_16
Download citation
DOI: https://doi.org/10.1007/3-540-45931-6_16
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-43366-8
Online ISBN: 978-3-540-45931-6
eBook Packages: Springer Book Archive