research-article

Fine-Grained Access Control via Policy-Carrying Data

Authors:

Julian A. Padget,

Wamberto W. VasconcelosAuthors Info & Claims

ACM Transactions on Internet Technology (TOIT), Volume 18, Issue 3

Article No.: 31, Pages 1 - 24

https://doi.org/10.1145/3133324

Published: 05 February 2018 Publication History

Abstract

We address the problem of associating access policies with datasets and how to monitor compliance via policy-carrying data. Our contributions are a formal model in first-order logic inspired by normative multi-agent systems to regulate data access, and a computational model for the validation of specific use cases and the verification of policies against criteria. Existing work on access policy identifies roles as a key enabler, with which we concur, but much of the rest focusses on authentication and authorization technology. Our proposal aims to address the normative principles put forward in Berners-Lee’s bill of rights for the internet, through human-readable but machine-processable access control policies.

References

[1]

Huib Aldewereld, Virginia Dignum, and Wamberto W. Vasconcelos. 2016. Group norms for multi-agent organisations. ACM Trans. Auton. Adapt. Syst. 11, 2 (2016), 15:1--15:31.

Digital Library

[2]

Ross J. Anderson. 2001. Security Engineering: A Guide to Building Dependable Distributed Systems (1st ed.). John Wiley 8 Sons, New York, NY.

Digital Library

[3]

Giulia Andrighetto, Guido Governatori, Pablo Noriega, and Leendert W. N. van der Torre (Eds.). 2013. Normative Multi-Agent Systems. Dagstuhl Follow-Ups, Vol. 4. Schloss Dagstuhl–Leibniz-Zentrum fuer Informatik, Dagstuhl, Germany. i--xi.

[4]

Krzysztof R. Apt. 1997. From Logic Programming to Prolog. Prentice Hall, London.

Digital Library

[5]

Tina Balke, Marina De Vos, and Julian A. Padget. 2013. Evaluating the cost of enforcement by agent-based simulation: A wireless mobile grid example, See Boella et al. (2013).

[6]

David Basin, Felix Klaedtke, Srdjan Marinovic, and Eugen Zălinescu. 2013. Monitoring compliance policies over incomplete and disagreeing logs. In Runtime Verification. LNCS, Vol. 7687. Springer.

[7]

David Basin, Felix Klaedtke, and Samuel Müller. 2010. Policy monitoring in first-order temporal logic. In Proceedings of the 22nd International Conference on Computer Aided Verification (CAV’10). LNCS, Vol. 6141. Springer Verlag, 1--18.

Digital Library

[8]

Tim Berners-Lee. 1999. Weaving the Web: The Past, Present and Future of the World Wide Web by its Inventor. Orion Business.

Digital Library

[9]

Bruce J. Biddle. 1979. Role Theory. Academic Press, San Diego.

[10]

Guido Boella, Edith Elkind, Bastin Tony Roy Savarimuthu, Frank Dignum, and Martin K. Purvis (Eds.). 2013. Proceedings of the Principles 8 Practice of Multi-Agent Systems (PRIMA’13). LNCS, Vol. 8291. Springer.

[11]

Guido Boella and Leendert van der Torre. 2003. Permissions and obligations in hierarchical normative systems. In Proceedings of the 9th International Conference on A.I. and Law (ICAIL’03). ACM, 109--118.

Digital Library

[12]

Laura Brandimarte, Alessandro Acquisti, and George Loewenstein. 2013. Misplaced confidences: Privacy and the control paradox. Soc. Psychol. Pers. Sci. 4, 3 (2013), 340--347.

[13]

Bruce G. Buchanan and Richard O. Duda. 1983. Principles of rule-based expert systems. In Advances in Computers, Vol. 22, Marshall C. Yovits (Ed.). Elsevier, 163--216.

[14]

Claudio Castellini. 2005. Automated Reasoning in Quantified Modal and Temporal Logics. Ph.D. Dissertation. School of Informatics, University of Edinburgh.

[15]

Samuel R. Cauvin, Martin J. Kollingbaum, Derek Sleeman, and Wamberto W. Vasconcelos. 2016. Towards a Distributed Data-Sharing Economy. In Proceedings of theInternationalWorkshop on Coordination, Organizations, Institutions and Norms (COIN@ECAI’16). (2016).

[16]

Yuan Cheng, Jaehong Park, and Ravi S. Sandhu. 2012. A user-to-user relationship-based access control model for online social networks. In 26th Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy XXVI(DBSec’12), Nora Cuppens-Boulahia, Frédéric Cuppens, and Joaquín García-Alfaro (Eds.). LNCS, Vol. 7371. Springer, 8--24.

Digital Library

[17]

Owen Cliffe. 2007. Specifying and Analysing Institutions in Multi-agent Systems Using Answer Set Programming. Ph.D. Dissertation. University of Bath.

[18]

Owen Cliffe, Marina De Vos, and Julian A. Padget. 2005. Specifying and analysing agent-based social institutions using answer set programming. In Agents, Norms and Institutions for Regulated Multi-Agent Systems (ANIREM’05) and Organizations in Multi-Agent Systems (OOOP’05), Revised Selected Papers. LNCS, Vol. 3913.Olivier Boissier, Julian A. Padget, Virginia Dignum, Gabriela Lindemann, Eric T. Matson, Sascha Ossowski, Jaime Simão Sichman, and Javier Vázquez-Salceda (Eds.). Springer, 99--113.

Digital Library

[19]

Murat Şensoy, Timothy J. Norman, Wamberto W. Vasconcelos, and Katia Sycara. 2012. OWL-POLAR: A framework for semantic policy representation and reasoning. Journal of Web Semantics 12 (2012), 148--160.

Digital Library

[20]

David Ferraiolo, Vijayalakshmi Atluri, and Serban Gavrila. 2011. The policy machine: A novel architecture and framework for access control policy specification and enforcement. Journal of Systems Architecture - Embedded Systems Design 57, 4 (2011), 412--424.

Digital Library

[21]

Michael Fisher. 2006. METATEM: The story so far. In Proceedings of the of 3rd International Conference on Programming Multi-Agent Systems (ProMAS’05). LNAI, Vol. 3862. Springer-Verlag, 3--22.

Digital Library

[22]

Melvin Fitting. 1996. First-Order Logic and Automated Theorem Proving (2nd ed.). Springer-Verlag, New York, NY.

Digital Library

[23]

Andrés García-Camino, Juan A. Rodríguez-Aguilar, Carles Sierra, and Wamberto W. Vasconcelos. 2009. Constraint rule-based programming of norms for electronic institutions. Auton. Agents Multi-Agent Syst. 18, 1 (2009), 186--217.

Digital Library

[24]

Michael Gelfond and Vladimir Lifschitz. 1998. Action languages. Electron. Trans. Artif. Intell. 2, 3--4 (1998), 193--210. http://www.ep.liu.se/ej/etai/1998/007/.

[25]

Guido Governatori, Francesco Olivieri, Antonino Rotolo, and Simone Scannapieco. 2013. Computing strong and weak permissions in defeasible logic. J. Philos. Logic 42, 6 (2013), 799--829. http://www.jstor.org/stable/42001261.

[26]

Marit Hansen. 2012. Top 10 mistakes in system design from a privacy perspective and privacy protection goals. In Privacy and Identity Management for Life. IFIP Adv. in Inf. 8 Comm. Techn., Vol. 375. Springer, 14--31.

[27]

Luke Hopton, Owen Cliffe, Marina De Vos, and Julian A. Padget. 2009. AQL: A query language for action domains modelled using answer set programming, Esra Erdem, Fangzhen Lin, and Torsten Schaub (Eds.). LNCS, Vol. 5753. Springer.

Digital Library

[28]

Investigatory Powers Bill 2016. UK Legislation. Retrieved February 27, 2017 from http://www.legislation.gov.uk/id?title=Investigatory+Powers+Act+2016.

[29]

Sushil Jajodia, Pierangela Samarati, Maria Luisa Sapino, and V. S. Subrahmanian. 2001. Flexible support for multiple access control policies. ACM Trans. Database Syst. 26, 2 (June 2001), 214--260.

Digital Library

[30]

John R. Searle. 1995. The Construction of Social Reality. Allen Lane, Penguin Press.

[31]

Andrew J. I. Jones and Marek J. Sergot. 1996. A formal characterisation of institutionalised power. Logic J. IGPL 4, 3 (1996), 427--443.

[32]

Günter Karjoth, Matthias Schunter, and Michael Waidner. 2003. Platform for enterprise privacy practices: Privacy-enabled management of customer data. In Proceedings of the 2nd International Conference on Privacy-enhancing Technologies (PET’02). Springer.

Digital Library

[33]

Thomas Christopher King, Tingting Li, Marina De Vos, Virginia Dignum, Catholijn M. Jonker, Julian Padget, and M. Birna van Riemsdijk. 2015. A framework for institutions governing institutions. In Proceedings of the International Conference on Autonomous Agents 8 Multiagent Systems (AAMAS’15). 473--481. http://dl.acm.org/citation.cfm?id=2772940.

Digital Library

[34]

Jemima Kiss. 2014. An online Magna Carta: Berners-Lee calls for bill of rights for web. Web content. Retreived December 18, 2017 from http://www.theguardian.com/technology/2014/mar/12/online-magna-carta-berners-lee-web.

[35]

Robert A. Kowalski and Marek J. Sergot. 1986. A logic-based calculus of events. New Gener. Comput. 4, 1 (1986), 67--95.

Digital Library

[36]

Tingting Li, Tina Balke, Marina De Vos, Julian A. Padget, and Ken Satoh. 2013. A model-based approach to the automatic revision of secondary legislation. In Proceedings of the International Conference on Artificial Intelligence and Law, Enrico Francesconi and Bart Verheij (Eds.). ACM, 202--206.

Digital Library

[37]

Bernard Litaer. 2002. The Future of Money: Creating New Wealth, Work and a Wiser World. Century.

[38]

Alberto Martelli and Ugo Montanari. 1982. An efficient unification algorithm. ACM Trans. Program. Lang. Syst. 4, 2 (April 1982), 258--282. 0164-0925

Digital Library

[39]

Paul McNamara. 2006. Deontic logic. In Logic and the Modalities in the Twentieth Century. Vol. 7. North-Holland.

[40]

Felipe Meneguzzi, Odinaldo Rodrigues, Nir Oren, Wamberto W. Vasconcelos, and Michael Luck. 2015. BDI reasoning with normative considerations. Eng. App. Art. Int. 43 (2015), 127--146.

Digital Library

[41]

John-Jules C. Meyer, Frank P. M. Dignum, and Roel J. Wieringa. 1994. The Paradoxes of Deontic Logic Revisited: A Computer Science Perspective. Technical Report UU-CS-1994-38. University of Utrecht, Utrecht.

[42]

John-Jules C. Meyer and Roel. J. Wieringa. 1993. Applications of deontic logic in computer science: A concise overview. In Deontic Logic in Computer Science: Normative System Specification. John Wiley 8 Sons.

Digital Library

[43]

Douglass C. North. 1990. Institutions, Institutional Change and Economic Performance. Cambridge University Press.

[44]

Elinor Ostrom. 2005. Understanding Institutional Diversity. Princeton University Press.

[45]

P3P 2006. The Platform for Privacy Preferences 1.1 (P3P1.1) Specification. World Wide Web Consortium (W3C). Retrieved February 27, 2017 from https://www.w3.org/TR/P3P11/.

[46]

Julian Padget, Emad ElDeen Elakehal, Tingting Li, and Marina De Vos. 2016. InstAL: An Institutional Action Language. Springer International, 101--124.

[47]

Julian Padget and Wamberto W. Vasconcelos. 2015. Policy-carrying data: A step towards transparent data sharing. Proc. Comput. Sci. 52 (2015), 59--66.

[48]

Wolter Pieters, Julian Padget, Francien Dechesne, Virginia Dignum, and Huib Aldewereld. 2015. Effectiveness of qualitative and quantitative security obligations. Journal of Information Security and Applications 22 (2015), 3--16.

Digital Library

[49]

Javier Pinto and Raymond Reiter. 1995. Reasoning about time in the situation calculus. Ann. Math. Artif. Intell. 14, 2--4 (1995), 251--268.

[50]

Raymond Reiter. 1978. On closed world databases. In Logic and Databases. Plenum Press, NY.

[51]

Stefan Sackmann and Martin Kähmer. 2008. ExPDT: A policy-based approach for automating compliance. Wirtschafts./Angew. Inf. 50 (2008), 366--374. Issue 5.

[52]

Ravi S. Sandhu, Edward J. Coyne, Hal L. Feinstein, and Charles E. Youman. 1996. Role-based access control models. Computer 29, 2 (Feb. 1996), 38--47.

Digital Library

[53]

Stefan Saroiu, Alec Wolman, and Sharad Agarwal. 2015. Policy-carrying data: A privacy abstraction for attaching terms of service to mobile data. In Proceedings of the International Workshop on Mobile Computing Systems and Applications(HotMobile’15). ACM Press.

Digital Library

[54]

Bastin Tony Roy Savarimuthu, Julian Padget, and Maryam Purvis. 2013. Social norm recommendation for virtual agent societies, See Boella et al. (2013), 308--323.

[55]

Vivy Suhendra. 2011. A survey on access control deployment. In Security Technol. Comm. in Comp. 8 Inf. Science, Vol. 259. Springer.

[56]

Matthew Thompson, Julian Padget, and Steve Battle. 2015. Governing narrative events with institutional norms. In Proceedings of the 6th Workshop on Computational Models of Narrative (CMN’15), Mark A. Finlayson, Ben Miller, Antonio Lieto, and Rémi Ronfard (Eds.). OASICS, Vol. 45. Schloss Dagstuhl-Leibniz-Zentrum fuer Informatik, 142--151.

[57]

Gianluca Tonti, Jeffrey M. Bradshaw, Renia Jeffers, Rebecca Montanari, Niranjan Suri, and Andrzej Uszok. 2003. Semantic web languages for policy representation and reasoning: A comparison of KAoS, Rei, and Ponder. In Proceedings of the IEEE International Symposium on Wearable Computers (ISWC’03). LNCS, Vol. 2870. Springer.

Digital Library

[58]

Ralph H. Turner. 2001. Role Theory. Springer, Boston, MA, 233--254.

[59]

Sarah Underwood. 2016. Blockchain beyond bitcoin. Commun. ACM 59, 11 (Oct. 2016), 15--17.

Digital Library

[60]

Wamberto Weber Vasconcelos, Andrés García-Camino, Dorian Gaertner, Juan A. Rodríguez-Aguilar, and Pablo Noriega. 2012. Distributed norm management for multi-agent systems. Expert Syst. Appl. 39, 5 (2012), 5990--5999.

Digital Library

[61]

Wamberto W. Vasconcelos, Martin J. Kollingbaum, and Timothy J. Norman. 2009. Normative conflict resolution in multi-agent systems. Auton. Agents Multi-Agent Syst. 19, 2 (2009), 124--152.

Digital Library

[62]

Georg H. von Wright. 1951. Deontic logic. Mind 60, 237 (1951), 1--15.

[63]

Xiaoguang Wang, Qi Yong, Yuehua Dai, Jianbao Ren, and Zhang Hang. 2013. Protecting outsourced data privacy with lifelong policy carrying. In IEEE International Conferences on High Performance Computing and Communications and Embedded and Ubiquitous Computing (HPCC-EUC’13).

Cited By

Ragothaman KWang YRimal BLawrence M(2023)Access Control for IoT: A Survey of Existing Research, Dynamic Policies and Future DirectionsSensors10.3390/s2304180523:4(1805)Online publication date: 6-Feb-2023
https://doi.org/10.3390/s23041805
Peng JZhou HMeng QYang J(2020)Big data security access control algorithm based on memory index acceleration in WSNsEURASIP Journal on Wireless Communications and Networking10.1186/s13638-020-01725-12020:1Online publication date: 7-May-2020
https://dl.acm.org/doi/10.1186/s13638-020-01725-1
Cauvin SOren NVasconcelos WBlitza E(2019)Policies to Regulate Distributed Data ExchangeAuswirkungen des Meeresspiegelanstiegs auf maritime Grenzen10.1007/978-3-030-17294-7_11(146-161)Online publication date: 4-Apr-2019
https://doi.org/10.1007/978-3-030-17294-7_11

Index Terms

Fine-Grained Access Control via Policy-Carrying Data
1. Security and privacy
  1. Database and storage security
    1. Information accountability and usage control
  2. Formal methods and theory of security
    1. Formal security models
    2. Logic and verification
2. Theory of computation
  1. Logic
    1. Modal and temporal logics

Recommendations

Fine-grained access control for cloud computing

Fine-grained access control schemes are commonly used in cloud computing. In this type of schemes, each data item is given its own access control policy. The entity that wants to access the data item needs to provide its credentials to a policy ...
Combined access control model embedding configurable policy for fine-grained data security
Abstract
With the wide applications of the Internet of Things, a lot of business data is generated by mobile embedded devices, and traditional data access control faces the new security risk. To enforce security and privacy requirements of information, ...
Access control policy management

Comments

Information & Contributors

Information

Published In

cover image ACM Transactions on Internet Technology

ACM Transactions on Internet Technology Volume 18, Issue 3

Special Issue on Artificial Intelligence for Secruity and Privacy and Regular Papers

August 2018

314 pages

ISSN:1533-5399

EISSN:1557-6051

DOI:10.1145/3185332

Editor:
Munindar P. Singh
Department of Computer Science, North Carolina State University

Issue’s Table of Contents

Copyright © 2018 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 05 February 2018

Accepted: 01 August 2017

Revised: 01 August 2017

Received: 01 October 2016

Published in TOIT Volume 18, Issue 3

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed

Funding Sources

Scrutable Autonomous Systems
Engineering and Physical Sciences Research Council (EPSRC, UK)

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
279
Total Downloads

Downloads (Last 12 months)7
Downloads (Last 6 weeks)1

Reflects downloads up to 09 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Ragothaman KWang YRimal BLawrence M(2023)Access Control for IoT: A Survey of Existing Research, Dynamic Policies and Future DirectionsSensors10.3390/s2304180523:4(1805)Online publication date: 6-Feb-2023
https://doi.org/10.3390/s23041805
Peng JZhou HMeng QYang J(2020)Big data security access control algorithm based on memory index acceleration in WSNsEURASIP Journal on Wireless Communications and Networking10.1186/s13638-020-01725-12020:1Online publication date: 7-May-2020
https://dl.acm.org/doi/10.1186/s13638-020-01725-1
Cauvin SOren NVasconcelos WBlitza E(2019)Policies to Regulate Distributed Data ExchangeAuswirkungen des Meeresspiegelanstiegs auf maritime Grenzen10.1007/978-3-030-17294-7_11(146-161)Online publication date: 4-Apr-2019
https://doi.org/10.1007/978-3-030-17294-7_11

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Issue’s Table of Contents