Towards Access Control Model Engineering

Kühnhauser, Winfried E.; Pölck, Anja

doi:10.1007/978-3-642-25560-1_27

Winfried E. Kühnhauser¹⁸ &
Anja Pölck¹⁸

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7093))

Included in the following conference series:

International Conference on Information Systems Security

916 Accesses
5 Citations

Abstract

Formal security models have significantly improved the understanding of access control systems. They have influenced the way access control policies are specified and analyzed, and they provide a sound foundation for a policy’s implementation.

While their merits are many, designing security models is not an easy task, and their use in commercial systems is still far from everyday practice. This paper argues that model engineering principles and tools supporting these principles are important steps towards model based security engineering. It proposes a model engineering approach based on the idea that access control models share a common, model-independent core that, by core specialization and core extension, can be tailored to a broad scope of domain-specific access control models.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Amthor, P., Kühnhauser, W.E., Pölck, A.: Model-based Safety Analysis of SELinux Security Policies. In: Samarati, P., Foresti, S., J.H.G. (eds.) Proc. of 5th Int. Conference on Network and System Security, pp. 208–215. IEEE (2011)
Google Scholar
Barker, S.: The Next 700 Access Control Models or a Unifying Meta-Model? In: Proceedings of the 14th ACM Symposium on Access Control Models and Technologies, SACMAT 2009, pp. 187–196. ACM, New York (2009)
Google Scholar
Benats, G., Bandara, A., Yu, Y., Colin, J.N., Nuseibeh, B.: PrimAndroid: Privacy Policy Modelling and Analysis for Android Applications. In: 2011 IEEE International Symposium on Policies for Distributed Systems and Networks (Policy 2011), pp. 129–132. IEEE (2011)
Google Scholar
Fischer, A., Kühnhauser, W.E.: Efficient Algorithmic Safety Analysis of HRU Security Models. In: Katsikas, S., Samarati, P. (eds.) Proc. International Conference on Security and Cryptography (SECRYPT 2010), pp. 49–58. SciTePress (2010)
Google Scholar
Graham, G.S., Denning, P.J.: Protection: Principles and Practice. In: AFIPS 1972 (Spring): Proceedings of the Spring Joint Computer Conference, May 16-18, pp. 417–429. ACM, New York (1972)
Google Scholar
Harrison, M.A., Ruzzo, W.L., Ullman, J.D.: On Protection in Operating Systems. Operating Systems Review, special issue for the 5th Symposium on Operating Systems Principles 9(5), 14–24 (1975)
MATH Google Scholar
Jha, S., Li, N., Tripunitara, M., Wang, Q., Winsborough, W.: Towards Formal Verification of Role-Based Access Control Policies. IEEE Transactions on Dependable Secure Computing 5, 242–255 (2008)
Article Google Scholar
Lampson, B.W.: Protection. In: Fifth Annual Princeton Conference on Information Sciences and Systems, pp. 437–443 (March 1971); Protection. Operating Systems Review 8(1), 18–24 (reprinted January, 1974)
Google Scholar
Loscocco, P.A., Smalley, S.D.: Integrating Flexible Support for Security Policies into the Linux Operating System. In: Cole, C. (ed.) Proc. 2001 USENIX Annual Technical Conference, pp. 29–42 (2001)
Google Scholar
Marinovic, S., Craven, R., Ma, J., Dulay, N.: Rumpole: a Flexible Break-glass Access Control Model. In: Proceedings of the 16th ACM Symposium on Access Control Models and Technologies, SACMAT 2011, pp. 73–82. ACM (2011)
Google Scholar
Sandhu, R.S.: The Typed Access Matrix Model. In: Proc. IEEE Symposium on Security and Privacy, pp. 122–136. IEEE (May 1992)
Google Scholar
Zanin, G., Mancini, L.V.: Towards a Formal Model for Security Policies Specification and Validation in the SELinux System. In: Proc. of the 9th ACM Symposium on Access Control Models and Technologies, pp. 136–145. ACM (2004)
Google Scholar
Zhang, X., Li, Y., Nalla, D.: An Attribute-based Access Matrix Model. In: Proc. of the 2005 ACM Symposium on Applied Computing, pp. 359–363. ACM (2005)
Google Scholar

Download references

Author information

Authors and Affiliations

Ilmenau University of Technology, Ilmenau, Germany
Winfried E. Kühnhauser & Anja Pölck

Authors

Winfried E. Kühnhauser
View author publications
You can also search for this author in PubMed Google Scholar
Anja Pölck
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Center for Secure Information Systems, George Mason University, 4400 University Drive, 22030-4422, Fairfax, VA, USA
Sushil Jajodia
Center for Distributed Computing, Jadavpur University, 7000032, Kolkata, India
Chandan Mazumdar

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Kühnhauser, W.E., Pölck, A. (2011). Towards Access Control Model Engineering. In: Jajodia, S., Mazumdar, C. (eds) Information Systems Security. ICISS 2011. Lecture Notes in Computer Science, vol 7093. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-25560-1_27

Download citation

DOI: https://doi.org/10.1007/978-3-642-25560-1_27
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-25559-5
Online ISBN: 978-3-642-25560-1
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics