Download presentation
Presentation is loading. Please wait.
Published byAllan Vance Modified over 10 years ago
1
Access Control A Meta-Model 1Dennis Kafura – CS5204 – Operating Systems
2
Access Control Meta-Model Dennis Kafura – CS5204 – Operating Systems Motivation Goal: develop a general and semantically well grounded model of access control from which specific access control systems can be expressed by specialization of the model’s elements. Advantages: Explicates the fundamental principles of access control Provides a common basis for specifying access control and understanding relationship among access control models Facilitates sharing of access control policy information across models Is the basis for developing policy languages with solid semantic foundation 2 Steve Barker King’s College London (Deceased: Jan 2012)
3
Access Control Meta-Model Fundamental Concepts Elements (all countable sets) Categories, C, denoted c o, c 1, … Principals, P, denoted p o, p 1, … Actions, A, denoted a o, a 1, … Resource identifiers, R, denoted r o, r 1, … Situational identifiers, S, denoted s o, s 1, … Event identifiers, E, denoted e o, e 1, … Meaning Categories represent groups or classes sharing, for example, a common attribute, a similar level of trust, or the same security clearance. Principals are individuals or agents Actions are operations that can be performed on Resources Situations are contexts and Events are significant occurrences Dennis Kafura – CS5204 – Operating Systems3
4
Access Control Meta-Model Fundamental Concepts Relations Dennis Kafura – CS5204 – Operating Systems4
5
Access Control Meta-Model Fundamental Concepts Meta-model, M core axiom: By choosing different definitions of pca, contains, and arca the model M can be specialized to define different access control models Dennis Kafura – CS5204 – Operating Systems5 C (p) (a,r) (p,a,r) (a,r): permission (p,a,r): authorization PCA ARCA C’
6
Access Control Meta-Model Defining the PCA Relation Form where P i is a condition, L i is a literal, and C i is a constraint Example “Principals are assigned to the pref(erred) category if they are categorized as being loyal and their current account balance is greater than 1000 Euro (which causes them to be categorized as members of the goodbalance category).” Dennis Kafura – CS5204 – Operating Systems6
7
Access Control Meta-Model Defining the PCA Relation Conditions and literals may also be defined “remotely” (by another authority) written as: Example “Principals that are categorized by having a clean driving license (CDL) according to the Driving Vehicle Licensing Authority database (dvla) or have preferred status (ps) are assigned to the “most-valued” customer (NVC) category. “ Dennis Kafura – CS5204 – Operating Systems7
8
Access Control Meta-Model Specializing contains and par Relations Hierarchical RBAC Each role is represented by a category The contains relation is defined as a partial order between pairs of categories (roles) The RBAC model can then be expressed as: Note: this is just the core axiom for a particular interpretation of categories and containment Dennis Kafura – CS5204 – Operating Systems8
9
Access Control Meta-Model Specializing contains and par Relations The Bell-LaPadula (multilevel security) model Relations The categories are interpreted as security level (e.g., public, classified, secret, top secret) The contains relation is an ordering of categories consistent with the notion of security level (e.g., contains(top secret, secret). The par relation is defined as: The first rule is “no read up” and the second is “write at same level” Dennis Kafura – CS5204 – Operating Systems9
10
Access Control Meta-Model Specializing the arca Relation Example: Policy: A principal’s request to buy gold is permitted provided that the amount of gold requested is not greater than the current stock level recorded in v1. In a gold market that is currently categorized as “volatile”, according to the source v2, a principal is permitted to buy a maximum of 50 units of gold. All principals are permitted provided that the principal is not in the “debtor” category Rules: Dennis Kafura – CS5204 – Operating Systems10
11
Access Control Meta-Model Other Expressions Time dependent expressions For a time interval [T start, T stop ] Relations may be defined as and Dennis Kafura – CS5204 – Operating Systems11
12
Access Control Meta-Model Other Expressions Trust third-party claims (aka, certificates) A claim/certificate issued by v can be expressed as Composition The authorizations of two models can be combined as Inconsistencies Single assignment: Separation of duties: Prerequisites: Dennis Kafura – CS5204 – Operating Systems12 Note: me(C,C’) means mutually exclusive.
13
Access Control Meta-Model Examples Example No principal that v 1 says is a debtor can be given anything other than unclassified clearance by v 2 Example A resource may not be read more than once per day (useful to satisfy Principle of Least Privilege) by a given principal Dennis Kafura – CS5204 – Operating Systems13
14
Access Control Meta-Model Practical Benefits Facilitates sharing of access control information Across applications Across models Aids policy administrators/authors Via specialization of general axioms Rapid prototyping of access control policies Supports development of policy languages Various syntaxes built on top of precise semantics E.g., can be represented in RuleML Dennis Kafura – CS5204 – Operating Systems14
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.