Abstract
We define an extension of the category-based access control (CBAC) metamodel to accommodate a general notion of obligation. Since most of the well-known access control models are instances of the CBAC metamodel, we obtain a framework for the study of the interaction between authorisation and obligation, such that properties may be proven of the metamodel that apply to all instances of it. In particular, the extended CBAC metamodel allows security administrators to check whether a policy combining authorisations and obligations is consistent.
This work was partially funded by the European Office of Aerospace Research and Development (EOARD-AFOSR).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
We restrict attention to events without a duration.
- 2.
Or \(\mathcal {OARCA}_I\) if we need to distinguish between individual and collective obligations.
References
ANSI. RBAC, 2004. INCITS 359–2004
Baader, F., Nipkow, T.: Term Rewriting and All That. Cambridge University Press, Cambridge (1998)
Barker, S.: The next 700 access control models or a unifying meta-model? In: Proceedings of SACMAT 2009, pp. 187–196. ACM Press (2009)
Barker, S., Sergot, M.J., Wijesekera, D.: Status-based access control. ACM Trans. Inf. Syst. Secur. 12(1), 1–47 (2008)
Bertolissi, C., Fernández, M.: Category-based authorisation models: operational semantics and expressive power. In: Massacci, F., Wallach, D., Zannone, N. (eds.) ESSoS 2010. LNCS, vol. 5965, pp. 140–156. Springer, Heidelberg (2010)
Bertolissi, C., Fernández, M.: Rewrite specifications of access control policies in distributed environments. In: Cuellar, J., Lopez, J., Barthe, G., Pretschner, A. (eds.) STM 2010. LNCS, vol. 6710, pp. 51–67. Springer, Heidelberg (2011)
Bertolissi, C., Fernández, M., Barker, S.: Dynamic event-based access control as term rewriting. In: Barker, S., Ahn, G.-J. (eds.) Data and Applications Security 2007. LNCS, vol. 4602, pp. 195–210. Springer, Heidelberg (2007)
Bettini, C., Jajodia, S., Wang, X., Wijesekera, D.: Provisions and obligations in policy rule management. J. Netw. Syst. Manag. 11(3), 351–372 (2003)
Contejean, E., Paskevich, A., Urbain, X., Courtieu, P., Pons, O., Forest, J.: A3pat, an approach for certified automated termination proofs. In: Proceedings of PEPM 2010, pp. 63–72. ACM, New York (2010)
Davidson, D.: Essays on Actions and Events. Oxford University Press, Oxford (2001)
Dijkstra, E.W.: Selected Writings on Computing - A Personal Perspective. Texts and Monographs in Computer Science. Springer, New York (1982)
Gelfond, M., Lobo, J.: Authorization and obligation policies in dynamic systems. In: Garcia de la Banda, M., Pontelli, E. (eds.) ICLP 2008. LNCS, vol. 5366, pp. 22–36. Springer, Heidelberg (2008)
Irwin, K., Yu, T., Winsborough, W.H.: On the modeling and analysis of obligations. In: Proceedings of CCS 2006, pp. 134–143. ACM, New York (2006)
Katt, B., Zhang, X., Breu, R., Hafner, M., Seifert, J.-P.: A general obligation model and continuity: enhanced policy enforcement engine for usage control. In: Proceedings of SACMAT 2008, pp. 123–132. ACM, New York (2008)
Kowalski, R., Sergot, M.: A logic-based calculus of events. New. Gener. Comput. 4(1), 67–95 (1986)
Miller, R., Shanahan, M.: The event calculus in classical logic - alternative axiomatisations. Electron. Trans. Artif. Intell. 3(A), 77–105 (1999)
Mont, M.C., Beato, F.: On parametric obligation policies: enabling privacy-aware information lifecycle management in enterprises. In: POLICY, pp. 51–55 (2007)
Ni, Q., Bertino, E., Lobo, J.: An obligation model bridging access control policies and privacy policies. In: Proceedings of SACMAT 2008, pp. 133–142. ACM, New York (2008)
OASIS. eXtensible Access Control Markup language (XACML) (2003). http://www.oasis-open.org/xacml/docs/
Park, J., Sandhu, R.: The ucon abc usage control model. ACM Trans. Inf. Syst. Secur. 7(1), 128–174 (2004)
Pontual, M., Chowdhury, O., Winsborough, W.H., Yu, T., Irwin, K.: On the management of user obligations. In: Proceedings of SACMAT 2011, pp. 175–184. ACM, New York (2011)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Alves, S., Degtyarev, A., Fernández, M. (2015). Access Control and Obligations in the Category-Based Metamodel: A Rewrite-Based Semantics. In: Proietti, M., Seki, H. (eds) Logic-Based Program Synthesis and Transformation. LOPSTR 2014. Lecture Notes in Computer Science(), vol 8981. Springer, Cham. https://doi.org/10.1007/978-3-319-17822-6_9
Download citation
DOI: https://doi.org/10.1007/978-3-319-17822-6_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-17821-9
Online ISBN: 978-3-319-17822-6
eBook Packages: Computer ScienceComputer Science (R0)