Abstract
Access control languages which support administrative controls, and thus allow the ordinary permissions of a system to change, have traditionally been constructed with first order predicate logic or graph rewriting rules. We introduce a new access control model to implement administrative controls directly in terms of the security properties – we call this Security Property Based Administrative Controls (SPAC).
Administrative approval is required only when a security property is changed (violated) relative to the current configuration. We show that in the case of information flow, and its effects on both integrity and confidentiality, SPACs are implementable, and the necessary administrative approvals exactly determinable.
Chapter PDF
References
Denning, D.E.: A lattice model of secure information flow. Communications of the ACM 19, 236–243 (1976)
Boebert, W.E., Kain, R.: A practical alternative to hierarchical integrity policies. In: 8th National Computer Security Conference, Gaithersburg, MD, pp. 18–27 (1985)
O’Brien, R., Rogers, C.: Developing applications on LOCK. In: Proc. 14th NISTNCSC National Computer Security Conference, pp. 147–156 (1991)
Bell, D.E., LaPadula, L.J.: Secure computer systems: Mathematical foundations and model. Technical Report M74-244, Mitre Corporation, Bedford MA (1973)
Biba, K.: Integrity considerations for secure computer systems. Technical Report TR-3153, MITRE Corp., Bedford, MA (1977)
Harrison, M.A., Ruzzo, W.L., Ullman, J.D.: On protection in operating system. In: Symposium on Operating Systems Principles, pp. 14–24 (1975)
Sandhu, R.S.: The typed access matrix model. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 122–136 (1992)
Soshi, M.: Safety analysis of the dynamic-typed access matrix model. In: Cuppens, F., Deswarte, Y., Gollmann, D., Waidner, M. (eds.) ESORICS 2000. LNCS, vol. 1895, pp. 106–121. Springer, Heidelberg (2000)
Bishop, M., Snyder, L.: The transfer of information and authority in a protection system. In: Proceedings of the seventh ACM symposium on Operating systems principles, pp. 45–54. ACM Press, New York (1979)
Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. IEEE Computer 29, 38–47 (1996)
Sandhu, R., Bhamidipati, V., Munawer, Q.: The ARBAC97 model for role-based administration of roles. ACM Transactions on Information and System Security 2, 105–135 (1999)
Munawer, Q., Sandhu, R.: Simulation of the augmented typed access matrix model (ATAM) using roles. In: INFOSECU 1999: International Conference on Information Security (1999)
Crampton, J.: Authorizations and Antichians. PhD thesis, Birkbeck College, Univ. of London, UK (2002)
Tidswell, J.F., Jaeger, T.: Integrated constraints and inheritance in DTAC. In: Proceedings of the 5th ACM Workshop on Role-Based Access Control (RBAC 2000), N.Y., pp. 93–102. ACM Press, New York (2000)
Tidswell, J., Jaeger, T.: An access control model for simplifying constraint expression. In: Jajodia, S., Samarati, P. (eds.) Proceedings of the 7th ACM Conference on Computer and Communications Security (CCS 2000), N.Y., pp. 154–163. ACM Press, New York (2000)
Jaeger, T., Tidswell, J.E.: Practical safety in flexible access control models. ACM Transactions on Information and System Security (TISSEC) 4, 158–190 (2001)
Koch, M., Mancini, L.V., Parisi-Presicce, F.: A graph-based formalism for RBAC. ACM Transactions on Information and System Security (TISSEC) 5, 332–365 (2002)
Koch, M., Mancini, L.V., Parisi-Presicce, F.: Decidability of safety in graph-based models for access control. In: Gollmann, D., Karjoth, G., Waidner, M. (eds.) ESORICS 2002. LNCS, vol. 2502, pp. 229–243. Springer, Heidelberg (2002)
Solworth, J.A., Sloan, R.H.: A layered design of discretionary access controls with decidable properties. In: Security and Privacy 2004, pp. 56–67. IEEE, Los Alamitos (2004)
Solworth, J.A., Sloan, R.H.: Decidable administrative controls of security properties (2004) (submitted for publication)
Foley, S., Gong, L., Qian, X.: A security model of dynamic labeling providing a tiered approach to verification. In: IEEE Symposium on Security and Privacy, Oakland, California, pp. 142–154. IEEE Computer Society Press, Los Alamitos (1996)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Solworth, J.A., Sloan, R.H. (2004). Security Property Based Administrative Controls. In: Samarati, P., Ryan, P., Gollmann, D., Molva, R. (eds) Computer Security – ESORICS 2004. ESORICS 2004. Lecture Notes in Computer Science, vol 3193. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30108-0_15
Download citation
DOI: https://doi.org/10.1007/978-3-540-30108-0_15
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-22987-2
Online ISBN: 978-3-540-30108-0
eBook Packages: Springer Book Archive