Skip to main content
SpringerLink
Log in

Access Control and Obligations in the Category-Based Metamodel: A Rewrite-Based Semantics

  • Conference paper
  • First Online:
Logic-Based Program Synthesis and Transformation (LOPSTR 2014)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 8981))

Abstract

We define an extension of the category-based access control (CBAC) metamodel to accommodate a general notion of obligation. Since most of the well-known access control models are instances of the CBAC metamodel, we obtain a framework for the study of the interaction between authorisation and obligation, such that properties may be proven of the metamodel that apply to all instances of it. In particular, the extended CBAC metamodel allows security administrators to check whether a policy combining authorisations and obligations is consistent.

This work was partially funded by the European Office of Aerospace Research and Development (EOARD-AFOSR).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    We restrict attention to events without a duration.

  2. 2.

    Or \(\mathcal {OARCA}_I\) if we need to distinguish between individual and collective obligations.

References

  1. ANSI. RBAC, 2004. INCITS 359–2004

    Google Scholar 

  2. Baader, F., Nipkow, T.: Term Rewriting and All That. Cambridge University Press, Cambridge (1998)

    Google Scholar 

  3. Barker, S.: The next 700 access control models or a unifying meta-model? In: Proceedings of SACMAT 2009, pp. 187–196. ACM Press (2009)

    Google Scholar 

  4. Barker, S., Sergot, M.J., Wijesekera, D.: Status-based access control. ACM Trans. Inf. Syst. Secur. 12(1), 1–47 (2008)

    Google Scholar 

  5. Bertolissi, C., Fernández, M.: Category-based authorisation models: operational semantics and expressive power. In: Massacci, F., Wallach, D., Zannone, N. (eds.) ESSoS 2010. LNCS, vol. 5965, pp. 140–156. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  6. Bertolissi, C., Fernández, M.: Rewrite specifications of access control policies in distributed environments. In: Cuellar, J., Lopez, J., Barthe, G., Pretschner, A. (eds.) STM 2010. LNCS, vol. 6710, pp. 51–67. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  7. Bertolissi, C., Fernández, M., Barker, S.: Dynamic event-based access control as term rewriting. In: Barker, S., Ahn, G.-J. (eds.) Data and Applications Security 2007. LNCS, vol. 4602, pp. 195–210. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  8. Bettini, C., Jajodia, S., Wang, X., Wijesekera, D.: Provisions and obligations in policy rule management. J. Netw. Syst. Manag. 11(3), 351–372 (2003)

    Article  Google Scholar 

  9. Contejean, E., Paskevich, A., Urbain, X., Courtieu, P., Pons, O., Forest, J.: A3pat, an approach for certified automated termination proofs. In: Proceedings of PEPM 2010, pp. 63–72. ACM, New York (2010)

    Google Scholar 

  10. Davidson, D.: Essays on Actions and Events. Oxford University Press, Oxford (2001)

    Book  Google Scholar 

  11. Dijkstra, E.W.: Selected Writings on Computing - A Personal Perspective. Texts and Monographs in Computer Science. Springer, New York (1982)

    Book  MATH  Google Scholar 

  12. Gelfond, M., Lobo, J.: Authorization and obligation policies in dynamic systems. In: Garcia de la Banda, M., Pontelli, E. (eds.) ICLP 2008. LNCS, vol. 5366, pp. 22–36. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  13. Irwin, K., Yu, T., Winsborough, W.H.: On the modeling and analysis of obligations. In: Proceedings of CCS 2006, pp. 134–143. ACM, New York (2006)

    Google Scholar 

  14. Katt, B., Zhang, X., Breu, R., Hafner, M., Seifert, J.-P.: A general obligation model and continuity: enhanced policy enforcement engine for usage control. In: Proceedings of SACMAT 2008, pp. 123–132. ACM, New York (2008)

    Google Scholar 

  15. Kowalski, R., Sergot, M.: A logic-based calculus of events. New. Gener. Comput. 4(1), 67–95 (1986)

    Article  Google Scholar 

  16. Miller, R., Shanahan, M.: The event calculus in classical logic - alternative axiomatisations. Electron. Trans. Artif. Intell. 3(A), 77–105 (1999)

    MathSciNet  Google Scholar 

  17. Mont, M.C., Beato, F.: On parametric obligation policies: enabling privacy-aware information lifecycle management in enterprises. In: POLICY, pp. 51–55 (2007)

    Google Scholar 

  18. Ni, Q., Bertino, E., Lobo, J.: An obligation model bridging access control policies and privacy policies. In: Proceedings of SACMAT 2008, pp. 133–142. ACM, New York (2008)

    Google Scholar 

  19. OASIS. eXtensible Access Control Markup language (XACML) (2003). http://www.oasis-open.org/xacml/docs/

  20. Park, J., Sandhu, R.: The ucon abc usage control model. ACM Trans. Inf. Syst. Secur. 7(1), 128–174 (2004)

    Article  Google Scholar 

  21. Pontual, M., Chowdhury, O., Winsborough, W.H., Yu, T., Irwin, K.: On the management of user obligations. In: Proceedings of SACMAT 2011, pp. 175–184. ACM, New York (2011)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, University of Porto, Porto, Portugal

    Sandra Alves

  2. Department of Informatics, King’s College London, London, WC2R 2LS, UK

    Anatoli Degtyarev & Maribel Fernández

Authors
  1. Sandra Alves
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Anatoli Degtyarev
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Maribel Fernández
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Maribel Fernández .

Editor information

Editors and Affiliations

  1. IASI-CNR, Rome, Italy

    Maurizio Proietti

  2. Nagoya Institute of Technology, Nagoya, Japan

    Hirohisa Seki

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Alves, S., Degtyarev, A., Fernández, M. (2015). Access Control and Obligations in the Category-Based Metamodel: A Rewrite-Based Semantics. In: Proietti, M., Seki, H. (eds) Logic-Based Program Synthesis and Transformation. LOPSTR 2014. Lecture Notes in Computer Science(), vol 8981. Springer, Cham. https://doi.org/10.1007/978-3-319-17822-6_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-17822-6_9

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-17821-9

  • Online ISBN: 978-3-319-17822-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation