research-article

D-algebra for composing access control policy decisions

Authors:

Jorge LoboAuthors Info & Claims

ASIACCS '09: Proceedings of the 4th International Symposium on Information, Computer, and Communications Security

Pages 298 - 309

https://doi.org/10.1145/1533057.1533097

Published: 10 March 2009 Publication History

Abstract

This paper proposes a D-algebra to compose decisions from multiple access control policies. Compared to other algebra-based approaches aimed at policy composition, D-algebra is the only one that satisfies both functional completeness (any possible decision matrix can be expressed by a D-algebra formula) and computational effectiveness (a formula can be computed efficiently given any decision matrix). The D-algebra has several relevant applications in the context of access control policies, namely the analysis of policy languages decision mechanisms, and the development of tools for policy authoring and enforcement.

References

[1]

P. Ashley, S. Hada, G. Karjoth, and M. Schunter. E-p3p privacy policies and privacy authorization. In WPES, pages 103--109, 2002.

Digital Library

[2]

M. Backes, M. Dürmuth, and R. Steinwandt. An algebra for composing enterprise privacy policies. In P. Samarati, P. Y. A. Ryan, D. Gollmann, and R. Molva, editors, ESORICS, volume 3193 of Lecture Notes in Computer Science, pages 33--52. Springer, 2004.

[3]

M. Backes, B. Pfitzmann, and M. Schunter. A toolkit for managing enterprise privacy policies. In E. Snekkenes and D. Gollmann, editors, ESORICS, volume 2808 of Lecture Notes in Computer Science, pages 162--180. Springer, 2003.

[4]

A. Barth, A. Datta, J. C. Mitchell, and H. Nissenbaum. Privacy and contextual integrity: Framework and applications. In SP '06: Proceedings of the 2006 IEEE Symposium on Security and Privacy (S&P'06), pages 184--198, Washington, DC, USA, 2006. IEEE Computer Society.

Digital Library

[5]

P. A. Bonatti, S. D. C. di Vimercati, and P. Samarati. A modular approach to composing access control policies. In ACM Conference on Computer and Communications Security, pages 164--173, 2000.

Digital Library

[6]

P. A. Bonatti, S. D. C. di Vimercati, and P. Samarati. An algebra for composing access control policies. ACM Trans. Inf. Syst. Secur., 5(1):1--35, 2002.

Digital Library

[7]

G. Bruns, D. S. Dantas, and M. Huth. A simple and expressive semantic framework for policy composition in access control. In P. Ning, V. Atluri, V. D. Gligor, and H. Mantel, editors, FMSE, pages 12--21. ACM, 2007.

Digital Library

[8]

G. Bruns and M. Huth. Access-control policies via belnap logic: Effective and efficient composition and analysis. In CSF, pages 163--176. IEEE Computer Society, 2008.

Digital Library

[9]

C. C. Chang. Algebraic analysis of many valued logics. Transactions of the American Mathematical Society, 88(2):467--490, jul 1958.

[10]

C. C. Chang. A new proof of the completeness of the lukasiewicz axioms. Transactions of the American Mathematical Society, 93(1):74--80, 1959.

[11]

M. Fitting. Kleene's logic, generalized. J. Log. Comput., 1(6):797--810, 1991.

[12]

R. L. Graham. On n-valued functionally complete truth functions. The Journal of Symbolic Logic, 32(2):190--195, 1967.

[13]

W. H. Jobe. Functional completeness and canonical forms in many-valued logics. The Journal of Symbolic Logic, 27(4):409--422, 1962.

[14]

J. Lukasiewicz. O logice trojwartosciowej. Ruch filozoficzny, 5:170--171, 1920.

[15]

J. Lukasiewicz. Aristotle's Syllogistic from the Standpoint of Modern Formal Logic. Garland Pub., New York, USA, first edition, 1987.

[16]

N. M. Martin. The sheffer functions of 3-valued logic. The Journal of Symbolic Logic, 19(1):45--51, 1954.

[17]

R. McNaughton. A theorem about infinite-valued sentential logic. The Journal of Symbolic Logic, 16(1):1--13, 1951.

[18]

OASIS. eXtensible Access Control Markup Language (XACML) 2.0. Available at http://www.oasis-open.org/.

[19]

D. Raub and R. Steinwandt. An algebra for enterprise privacy policies closed under composition and conjunction. In ETRICS, pages 130--144, 2006.

Digital Library

[20]

A. Rose and J. B. Rosser. Fragments of many-valued statement calculi. Transactions of the American Mathematical Society, 87(1):1--53, 1958.

[21]

J. B. Rosser and A. R. Turquette. Many-Valued Logics. North-Holland Publishing Co., Amsterdam, Netherland, first edition, 1952.

[22]

D. Wijesekera and S. Jajodia. Policy algebras for access control: the propositional case. In ACM Conference on Computer and Communications Security, pages 38--47, 2001.

Digital Library

[23]

D. Wijesekera and S. Jajodia. A propositional policy algebra for access control. ACM Trans. Inf. Syst. Secur., 6(2):286--325, 2003.

Digital Library

Cited By

Bertolissi CFernández MDietrich SChowdhury OTakabi D(2022)Modular Composition of Access Control Policies: A Framework to Build Multi-Site Multi-Level CombinationsProceedings of the 27th ACM on Symposium on Access Control Models and Technologies10.1145/3532105.3535043(7-18)Online publication date: 7-Jun-2022
https://dl.acm.org/doi/10.1145/3532105.3535043
Qiu JTian ZDu CZuo QSu SFang B(2020)A Survey on Access Control in the Age of Internet of ThingsIEEE Internet of Things Journal10.1109/JIOT.2020.29693267:6(4682-4696)Online publication date: Jun-2020
https://doi.org/10.1109/JIOT.2020.2969326
Putnam CHanschke CTodd JGemmell JKollia M(2019)Interactive Technologies Designed for Children with AutismACM Transactions on Accessible Computing10.1145/334228512:3(1-37)Online publication date: 12-Sep-2019
https://dl.acm.org/doi/10.1145/3342285
Show More Cited By

Index Terms

D-algebra for composing access control policy decisions
1. Security and privacy
  1. Security services
    1. Access control
  2. Systems security
    1. Operating systems security
2. Social and professional topics
  1. Computing / technology policy
    1. Computer crime

Recommendations

An algebra for composing access control policies

Despite considerable advancements in the area of access control and authorization languages, current approaches to enforcing access control are all based on monolithic and complete specifications. This assumption is too restrictive when access control ...
A propositional policy algebra for access control

Security-sensitive environments protect their information resources against unauthorized use by enforcing access control mechanisms driven by access control policies. Due to the need to compare, contrast, and compose such protected information resources,...
Policy algebras for access control: the propositional case
CCS '01: Proceedings of the 8th ACM conference on Computer and Communications Security

Although different organizations operate under different requirements for protection of their data, increasingly there is a need for organizations to connect their computing resources together to achieve common goals. The fundamental problem addressed ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

ASIACCS '09: Proceedings of the 4th International Symposium on Information, Computer, and Communications Security

March 2009

408 pages

ISBN:9781605583945

DOI:10.1145/1533057

General Chairs:
Wanqing Li
University of Wollongong, Australia
,
Willy Susilo
University of Wollongong, Australia
,
Udaya Tupakula
Macquarie University, Australia
,
Program Chairs:
Rei Safavi-Naini
University of Calgary, Canada
,
Vijay Varadharajan
Macquarie University, Australia

Copyright © 2009 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 10 March 2009

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Conference

Asia CCS 09

Sponsor:

SIGSAC

Asia CCS 09: Asia CCS 2009 ACM Symposium on Information, Computer and Communications Security

March 10 - 12, 2009

Sydney, Australia

Acceptance Rates

Overall Acceptance Rate 418 of 2,322 submissions, 18%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

44
Total Citations
View Citations
456
Total Downloads

Downloads (Last 12 months)1
Downloads (Last 6 weeks)0

Reflects downloads up to 09 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Bertolissi CFernández MDietrich SChowdhury OTakabi D(2022)Modular Composition of Access Control Policies: A Framework to Build Multi-Site Multi-Level CombinationsProceedings of the 27th ACM on Symposium on Access Control Models and Technologies10.1145/3532105.3535043(7-18)Online publication date: 7-Jun-2022
https://dl.acm.org/doi/10.1145/3532105.3535043
Qiu JTian ZDu CZuo QSu SFang B(2020)A Survey on Access Control in the Age of Internet of ThingsIEEE Internet of Things Journal10.1109/JIOT.2020.29693267:6(4682-4696)Online publication date: Jun-2020
https://doi.org/10.1109/JIOT.2020.2969326
Putnam CHanschke CTodd JGemmell JKollia M(2019)Interactive Technologies Designed for Children with AutismACM Transactions on Accessible Computing10.1145/334228512:3(1-37)Online publication date: 12-Sep-2019
https://dl.acm.org/doi/10.1145/3342285
Wu CBuyya RRamamohanarao K(2019)Cloud Pricing ModelsACM Computing Surveys10.1145/334210352:6(1-36)Online publication date: 16-Oct-2019
https://dl.acm.org/doi/10.1145/3342103
Li FLi ZHan WWu TChen LGuo YChen J(2019)Cyberspace-Oriented Access Control: A Cyberspace Characteristics-Based Model and its PoliciesIEEE Internet of Things Journal10.1109/JIOT.2018.28390656:2(1471-1483)Online publication date: Apr-2019
https://doi.org/10.1109/JIOT.2018.2839065
Crampton JWilliams CAhn GPretschner AGhinita G(2017)Canonical Completeness in Lattice-Based Languages for Attribute-Based Access ControlProceedings of the Seventh ACM on Conference on Data and Application Security and Privacy10.1145/3029806.3029808(47-58)Online publication date: 22-Mar-2017
https://dl.acm.org/doi/10.1145/3029806.3029808
Li FLi ZHan WWu TChen LGuo Y(2017)Cyberspace-Oriented Access Control: Model and Policies2017 IEEE Second International Conference on Data Science in Cyberspace (DSC)10.1109/DSC.2017.100(261-266)Online publication date: Jun-2017
https://doi.org/10.1109/DSC.2017.100
(2017)Formal specification and integration of distributed security policiesComputer Languages, Systems and Structures10.1016/j.cl.2016.12.00449:C(1-35)Online publication date: 1-Sep-2017
https://dl.acm.org/doi/10.1016/j.cl.2016.12.004
Crampton JWilliams CWang XBauer LKerschbaum F(2016)On Completeness in Languages for Attribute-Based Access ControlProceedings of the 21st ACM on Symposium on Access Control Models and Technologies10.1145/2914642.2914654(149-160)Online publication date: 6-Jun-2016
https://dl.acm.org/doi/10.1145/2914642.2914654
Li THankin C(2015)A model-based approach to interdependency between safety and security in ICSProceedings of the 3rd International Symposium for ICS & SCADA Cyber Security Research10.14236/ewic/ICS2015.4(31-41)Online publication date: 17-Sep-2015
https://dl.acm.org/doi/10.14236/ewic/ICS2015.4
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents