Advertisement

Reasoning about security: A logic and a decision method for role-based access control

  • Fabio MassacciEmail author
Accepted Papers
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1244)

Abstract

Role-based access control (RBAC) is one of the most promising techniques for the design and implementation of security policies and its diffusion may be enhanced by the development of formal and automated method of analysis.

This paper presents a logic for practical reasoning about role based access control which simplifies and adapts to RBAC the calculus developed at Digital SRC. Beside a language and a formal semantics, a decision method based on analytic tableaux is also given. Analytic tableaux make it possible to reason about logical consequence, model generation and consistency of a formalised role-based security policy.

Keywords

Access Control Modal Logic Logical Consequence Security Policy Decision Method 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    M. Abadi, M. Burrows, B. Lampson, and G. Plotkin. A calculus for access control in distributed systems. ACM Trans. on Programming Languages and Systems, 15(4):706–734, 1993.Google Scholar
  2. 2.
    R. Anderson. A security policy model for clinical information systems. In Proc. of the Symp. on Security and Privacy. IEEE Press, 1996.Google Scholar
  3. 3.
    B. Beckert and R. Goré. Free variable tableaux for propositional modal logics. In Proc. of TABLEAUX-97, LNAI. Springer-Verlag, 1997. To appear.Google Scholar
  4. 4.
    D. Bell and L. La Padula. Secure computer systems: unified exposition and MULTICS. Report ESD-TR-75-306, The MITRE Corporation, March 1976.Google Scholar
  5. 5.
    E. Bertino, S. Jajodia, and P. Samarati. Supporting multiple access control policies in database systems. In Proc. of the Symp. on Security and Privacy, pp. 94–109. IEEE Press, 1996.Google Scholar
  6. 6.
    M. Burrows, M. Abadi, and R. Needham. A logic for authentication. ACM Trans. on Comp. Sys., 8(1):18–36, 1990. Also as research report SRC-39, DEC — System Research Center, 1989.Google Scholar
  7. 7.
    D. Clark and D. Wilson. A comparison of commercial and military computer security policies. In Proc. of the Symp. on Security and Privacy, pp. 184–194. IEEE Press, 1987.Google Scholar
  8. 8.
    F. Cuppens and R. Demolombe. A deontic logic for reasoning about confidentiality. In 3rd Int. Workshop on Deontic Logic in Computer Science, Portugal, 1996.Google Scholar
  9. 9.
    G. De Giacomo and F. Massacci. Tableaux and algorithms for propositional dynamic logic with converse. In Proc. of the 13th Int. Conf. on Automated Deduction (CADE-96), LNAI 1104, pp. 613–628. Springer-Verlag, 1996.Google Scholar
  10. 10.
    R. Fagin, J. Halpern, Y. Moses, and M. Vardi. Reasoning about Knowledge. The MIT Press, 1995.Google Scholar
  11. 11.
    D. Ferraiolo, J. Cugini, and K. Richard. Role-based access control (RBAC): Features and motivations. In Proc. of the Annual Computer Security Applications Conf.. IEEE Press, 1995.Google Scholar
  12. 12.
    D. Ferraiolo and R. Kuhn. Role based access control. In Proc. of the NIST-NCSC Nat. (U.S.) Comp. Security Conf., pp. 554–563, 1992.Google Scholar
  13. 13.
    D. Ferraiolo, D. Gilbert, and N. Lynch. An examination of federal and commercial access control policy needs. In Proc. of the NIST-NCSC Nat. (U.S.) Comp. Security Conf., pp. 107–116, 1993.Google Scholar
  14. 14.
    M. Fitting. Proof Methods for Modal and Intuitionistic Logics. Reidel, 1983.Google Scholar
  15. 15.
    L. Giuri and P. Iglio. A formal model for role based access control with constraints. In Proc. of the Computer Security Foundations Workshop, pp. 136–145. IEEE Press, 1996.Google Scholar
  16. 16.
    J. Glasgow, J. MacEwen, and P. Panangaden. A logic for reasoning about security. In Proc. of the Symp. on Security and Privacy, pp. 2–13. IEEE Press, 1990.Google Scholar
  17. 17.
    J. Halpern and Y. Moses. A guide to completeness and complexity for modal logics of knowledge and belief. Artificial Intelligence, 54:319–379, 1992.Google Scholar
  18. 18.
    M. Harrison, W. Ruzzo, and J. Ullman. Protection in operating systems. Comm. of the ACM, 19(8):461–471, 1976.Google Scholar
  19. 19.
    S. Kanger. Law and logic. Theoria, 38(3):105–132, 1972.Google Scholar
  20. 20.
    C. Krogh. Obligations in multiagent systems. In Scandinavian Conf. on Artificial Intelligence (SCAI-95), pp. 29–31. ISO Press, 1995.Google Scholar
  21. 21.
    B. Lampson. Protection. ACM Operating Sys. Reviews, 8(1):18–24, 1974.Google Scholar
  22. 22.
    B. Lampson, M. Abadi, M. Burrows, and E. Wobber. Authentication in distributed systems: Theory and practice. ACM Trans. on Computer Systems, 10(4):265–310, 1992.Google Scholar
  23. 23.
    F. Massacci. Strongly analytic tableaux for normal modal logics. In Proc. of the Int. Conf. on Automated Deduction (CADE-94), LNAI 814, pp. 723–737. Springer Verlag, 1994.Google Scholar
  24. 24.
    F. Massacci. Tableaux methods for access control in distributed systems. In Proc. of TABLEAUX-97, LNAI. Springer-Verlag, 1997. To appear.Google Scholar
  25. 25.
    C. McCollum, J. Messing, and L. Notargiacomo. Beyond the pale of MAC and DAC — defining new forms of access control. In Proc. of the Symp. on Security and Privacy, pp. 190–200, IEEE Press, 1990.Google Scholar
  26. 26.
    R. Sandhu, E. Coyne, H. Feinstein, and C. Youman. Role-based access controls models. IEEE Computer, 29(2), February 1996.Google Scholar
  27. 27.
    R. Sandhu. The typed access matrix model. In Proc. of the Symp. on Security and Privacy, pp. 122–136. IEEE Press, 1992.Google Scholar
  28. 28.
    R. Sandhu and P. Samarati. Access control: Principles and practice. IEEE Communications Magazine, pp. 40–48, September 1994.Google Scholar
  29. 29.
    P. Syverson. The use of logic in the analysis of cryptographic protocols. In Proc. of the Symp. on Security and Privacy, pp. 156–170. IEEE Press, 1991.Google Scholar
  30. 30.
    P. Syverson and P. van Oorschot. On unifying some cryptographic protocols logics. In Proc. of the Symp. on Security and Privacy. IEEE Press, 1994.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1997

Authors and Affiliations

  1. 1.Computer LaboratoryUniversity of CambridgeUK

Personalised recommendations