Download presentation
Presentation is loading. Please wait.
Published byJennifer Brewer Modified over 11 years ago
1
Flexible access control policy specification with constraint logic programming Steve Barker, Peter J. Stuckey Presenter: Vijayant Dhankhar
2
2 Outline Introduction and Motivation Other Proposed Approaches Constrained Logic Programming Intro. RBAC SFK Model and ESFK Results Conclusion
3
3 Introduction Access control policies have been limited in expressive power Allow simple types of access policy to be defined for protecting simple types of information systems. Goal: flexibly represent access policies for protecting the increasingly diverse and complex types of systems
4
4 Access Control Policies Closed – positive authorizations Open – negative authorizations Hybrid – both Temporal - specify an interval of time for which an authorization is to hold Conflict Resolution Strategy resolve the inconsistent authorizations by specifying which of the authorizations in a conflicting pair ought to hold
5
5 Candidate Approaches Simple Solution: Turing complete language Special Purpose languages: temporal authorization language High-level declarative language: PROLOG
6
6 Approach (LP vs. CLP) conciseness of specification easily understandable strong technical results that enable properties of a policy to be proved enable certain policies to be formulated that cannot be satisfactorily represented in LP efficiency uninstantiated arithmetic variables
7
7 CLP primitive constraint [ p(t 1 … t n ) ; arity = n ] constraint –conjunction of primitive constraints c 1 ^ c 2 ^ …. ^ c k equational constraints t1 = t2 or t1 t2 (eg. User = Fred) constraints over nonnegative integers T = 3 or X > Y or Y = (Z ÷ 1000)
8
8 CLP cont literal –primitive constraint –atom User Defined Predicate Symbol –p(t 1,…,t n ) goal sequence of literals L 1 ^ …. ^ L m rule H L 1 ^ …. ^ L k or [ ] Head: H; Body: L 1 ^ …. ^ L k If k=0 then Rule is a Fact
9
9 CLP cont constraint logic program ( ) is a finite set of rules definite program no negative literals could be cyclic stratified program allows negative literals no cycle with negative edge recursion free programs allow negative literal no cycles terminate
10
10 CLP cont definition of n-place predicate symbol in logic program »Where Bi is rule of form Clark Completion * Conjunction of definitions of user defined predicates in Solver solv: C Bool
11
11 Operational Semantics State G: current literal or Goal C: current constraint Reduction for Definite Programs
12
12 Operational Semantics Cont Reduction with Negation Constructive Negation Negation as Failure
13
13 RBAC SFK Models
14
14 SFK Model Domain: A set U of user identifiers A set O of object identifiers A set A of access privilege identifiers A set R of role identifiers Relations: AUTHORIZATION U x A x O PERMISSION A x O URA U x R PRA A x O x R DRA A x O x R ACTIVE U x R
15
15 Primitive Predicates in Model
16
16 Representing RBAC Programs Role Hierarchies in RBAC Programs –DS: irreflexive and intransitive hence acyclic –senior_to: represented as Facts (finite/non recursive) NOTE: set of n 2 Facts at worst
17
17 Representing RBAC Programs Sessions –appending an activate(u i, r j ) fact. –RULE: (active(U, R) activate(U, R)) –deactivates a role R1 by retracting the appropriate activate fact User-Role Review: –to extract information about the access policy the program represents
18
18 Representing RBAC Programs Authorized Access permitted assumes that the activation by U of R1 also activates all roles that are junior to R1 Activation policy [check active(U, R2)]
19
19 Beyond RBAC Programs Denial Role Assignments –Authorization expressed in terms of pra dra senior_to, etc. –Various policies implementable Object Hierarchies irreflexive-intransitive DI reflexive transitive INCLUDES
20
20 Beyond RBAC Programs Inheritance Policies –permission inheritance path –denial inheritance path
21
21 Beyond RBAC Programs Defining Authorized Access
22
22 Separation of Duties (RBAC C3A ) SSD R x R DSD R x R
23
23 Permission Role Review (RBAC S4A ) To extend RBAC C3A programs to RBAC S4A programs, permission-role and denial-role reviews must be supported. –pra queries –dra queries
24
24 Temporal Authorizations enable a SA to specify that user access to a data item for a restricted interval of time Paper considers RBAC H2A an extra argument is added to the ura, pra, and dra predicates
25
25 Temporal Authorizations Authorized Denied
26
26 Representing Time Discrete time points (natural numbers) –constraint predicates
27
27 Temporal RBAC Examples URA PRA DRA
28
28 Temporal RBAC Derivation Rules –Example or NONSTRATIFIED – paper claims it terminates
29
29 Access Control Evaluation Using Operational Semantics for CLP –Example: Jo requests write access on o1 on 2001/03/02, and active role r2
30
30 Results
31
31 Results (Separation of Duties)
32
32 Administrative Queries Example: Query: Answer:
33
33 Performance Measures 53 role RBAC H2A role hierarchy (a total of 312 senior to facts) 530 users and 497 objects. 650 ura rules, 1092 dra rules, and 1185 pra rules simple solver (LP), constraint solving specialized(CLP)
34
34 Future Work In future work we want to consider how other forms of limitation on access –accessing objects only at certain locations –from certain machines –etc.
35
35 Conclusions Could be easily extended to do Administrative RBAC (predicate admin_scope etc..). Use of Negation as Failure instead of Constructive Negation. –Administrative Queries with negation –Not as expressive in policy (can not create new bindings for query variables)
36
36 Conclusions Cont No restrictions specified to make the program Stratified or Recursion Free. –In case of derivations, 3 valued to 2 valued consequence (does it hold?). [Ura(…) L1 ^ not Ura(…)] History based constraints should be added to ESFK model. –Help in modeling states in Temporal RBAC
37
37 Conclusions Cont SA does Administration of rules? –User does Activate (ui, rj) fact.
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.