1 / 22

An Algebra for Composing Access Control Policies (2002)

This paper introduces an algebra for composing access control policies to improve expressiveness and flexibility in authorization languages. The framework supports multiple policies, formal semantics, and policy composition. It outlines preliminary concepts, policy expressions, and operation definitions using closure, conjunction, scoping restriction, overriding, and more. Case examples from hospital and university settings are discussed, along with reasoning based on formal semantics and expressive analysis with respect to first-order logic. The paper concludes by highlighting the main contributions and proposing a modular approach for policy composition.

mmcdermott
Download Presentation

An Algebra for Composing Access Control Policies (2002)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. An Algebra for Composing AccessControl Policies(2002) Author: PIERO BONATTI, SABRINA DE CAPITANI DI, PIERANGELA SAMARATI Presenter: Siqing Du Date: 09-22-05

  2. Introduction • Increase expressiveness and flexibility of authorization languages • Supporting multiple polices in a single framework • Existing frameworks translate and merge different component policies into a single “program” (problems) • Policy composition framework • An algebra for combining security policies with formal semantics

  3. Characteristics of A Composition Framework • Heterogeneous policy support • Support for unknown policies • Controlled interface • Expressiveness • Support of different abstraction levels • Formal semantics

  4. An Algebra of Polices Preliminary Concepts • Authorization Term (s, o, a) {SxOxA} • A Policy is defined as a set of ground authorization terms (triples). • An authorization constraint language Lacon • A rule language Lrule • A semantic function closure p(Lrule) xp(SxOxA) --> p(SxOxA)

  5. Some simplification • Basic predicates, with at most three arguments, from distinct basic domains (S, A, O) • Hierarchical relationship within elements of a domain (s op s0) op={≥,≤,<,>,=} • Horn clauses

  6. Policy Expressions • Syntax (BNF) E: nonterminal policy expressions id: token type of policy identifiers T: template C: constructs describing Lacon R: constructs describing Lrule

  7. Operation Definition (1) • Environments e a partial mapping from policy identifiers to sets of ground authorizations • Addition (+) It merges two policies by returning their union.

  8. Operation Definition (2) • Conjunction (&)It merges two policies by returning their intersection. • Subtraction (-). It restricts a policy by eliminating all the accesses in a second policy.

  9. Operation Definition (3) • Closure (*) It closes a policy under a set of inference (derivation) rules. • Scoping restriction (ˆ) It restricts the application of a policy to a given set of subjects, objects, and actions. c: constraints : substitution

  10. Operation Definition (4) • Overriding (o). It replaces part of a policy with a corresponding fragment of a second policy. The portion to be replaced is specified by means of a third policy. for instance,

  11. Operation Definition (5) • Template (). It defines a partially specified policy that can be completed by supplying the parameters.

  12. Example1: Hospital • Three departments: Radiology, Surgery, Medicine • No access to the lab_tests data unless patient consent • Two divisions of Medical dept.: Cardiology and Oncology

  13. Example2 : University Laboratories • Student must be authorized by laboratory tutors (Smith, machine1,login) and department administration (cs101,cs-lab,login) • Forbidden to students blacklisted only a permission from provost can override

  14. Reasoning based on Formal Semantics

  15. Evaluating Policy Expressions • Translating algebraic expressions into equivalent logic programs (pe2lp) • In order to provide executable specifications compatible with different evaluation strategies. • pe2lp creates a distinct predicate symbol for each policy identifier and for each internal node in the syntax tree of the given algebraic expression. • Labeling an operator with a distinct integer. Formally, such extended expressions are called labeled policy expressions.

  16. Expressiveness Analysis with Respect to First-order Logic • The basic core of this algebra captures only a strict subset of FOL • Equivalence Let E be a policy expression, and F be a formula in L with one free variable x. We say that E and F are equivalent if and only if for all environments e defined for all free identifiers of E, and for all relations satisfy

  17. Evaluation with Respect to the Desiderata (1) • Heterogeneous policies can be supported either by exploiting the algebra constructs to represent the different policies or by referring to heterogeneous policies through policy identifiers then interpreted by means of wrappers. • Unknown policies are supported by means of policy identifiers that can remain unbound in the environment. • Interference of program rules and authorizations coming from different policies is controlled by restricting rule application to specific policies by means of the closure construct.

  18. Evaluation with Respect to the Desiderata (2) • Expressiveness is achieved by the different operators that easily allow the formulation of protection restrictions as illustrated in the examples and discussions contained herein. • Different abstraction levels are naturally supported by the component-based approach. • Formal semantics can be exploited to reason about properties of the specifications.

  19. Concluding Remarks • Main contributions: • Analyzed the problem of composing security policies in a modular and incremental fashion. • Identified six desiderata for policy composition framework • Proposed an algebra of security policies and a composition language. • Proposed an implementation approach based on logic programming and partial evaluation techniques. • Provided and extensive preliminary analysis of the algebra.

More Related