Model-checking access control policies

Dimitar Guelev; Mark Ryan; Pierre-Yves Schobbens

doi:10.1007/978-3-540-30144-8_19

Model-checking access control policies

Dimitar Guelev, Mark Ryan, Pierre-Yves Schobbens

Faculte d'informatique

Résultats de recherche: Contribution dans un livre/un catalogue/un rapport/dans les actes d'une conférence › Article dans les actes d'une conférence/un colloque

Résumé

We present a model of access control which provides fine-grained data-dependent control, can express permissions about permissions, can express delegation, and can describe systems which avoid the root-bottleneck problem. We present a language for describing goals of agents; these goals are typically to read or write the values of some resources. We describe a decision procedure which determines whether a given coalition of agents has the means (possibly indirectly) to achieve its goal. We argue that this question is decidable in the situation of the potential intruders acting in parallel with legitimate users and taking whatever temporary opportunities the actions of the legitimate users present. Our technique can also be used to synthesise finite access control systems, from an appropriately formulated logical theory describing a high-level policy.

langue originale	Anglais
titre	Information Security
Sous-titre	ISC 2004
rédacteurs en chef	K. Zhang, Y. Zheng
Lieu de publication	Berlin
Editeur	Springer
Pages	219-230
Nombre de pages	12
ISBN (Electronique)	978-3-540-30144-8
ISBN (imprimé)	978-3-540-23208-7
Les DOIs	https://doi.org/10.1007/978-3-540-30144-8_19
Etat de la publication	Publié - 2004

Série de publications

Nom	Lecture Notes in Computer Science
Editeur	Springer
Volume	3225

Accès au document

10.1007/978-3-540-30144-8_19

Contient cette citation

@inproceedings{f946dfc655c8430b89db78122ce6b214,

title = "Model-checking access control policies",

abstract = "We present a model of access control which provides fine-grained data-dependent control, can express permissions about permissions, can express delegation, and can describe systems which avoid the root-bottleneck problem. We present a language for describing goals of agents; these goals are typically to read or write the values of some resources. We describe a decision procedure which determines whether a given coalition of agents has the means (possibly indirectly) to achieve its goal. We argue that this question is decidable in the situation of the potential intruders acting in parallel with legitimate users and taking whatever temporary opportunities the actions of the legitimate users present. Our technique can also be used to synthesise finite access control systems, from an appropriately formulated logical theory describing a high-level policy.",

author = "Dimitar Guelev and Mark Ryan and Pierre-Yves Schobbens",

year = "2004",

doi = "10.1007/978-3-540-30144-8_19",

language = "English",

isbn = "978-3-540-23208-7",

series = "Lecture Notes in Computer Science",

publisher = "Springer",

pages = "219--230",

editor = "K. Zhang and Y. Zheng",

booktitle = "Information Security",

}

Model-checking access control policies. / Guelev, Dimitar; Ryan, Mark; Schobbens, Pierre-Yves.
Information Security: ISC 2004. Ed. / K. Zhang; Y. Zheng. Berlin: Springer, 2004. p. 219-230 (Lecture Notes in Computer Science; Vol 3225).

Résultats de recherche: Contribution dans un livre/un catalogue/un rapport/dans les actes d'une conférence › Article dans les actes d'une conférence/un colloque

TY - GEN

T1 - Model-checking access control policies

AU - Guelev, Dimitar

AU - Ryan, Mark

AU - Schobbens, Pierre-Yves

PY - 2004

Y1 - 2004

N2 - We present a model of access control which provides fine-grained data-dependent control, can express permissions about permissions, can express delegation, and can describe systems which avoid the root-bottleneck problem. We present a language for describing goals of agents; these goals are typically to read or write the values of some resources. We describe a decision procedure which determines whether a given coalition of agents has the means (possibly indirectly) to achieve its goal. We argue that this question is decidable in the situation of the potential intruders acting in parallel with legitimate users and taking whatever temporary opportunities the actions of the legitimate users present. Our technique can also be used to synthesise finite access control systems, from an appropriately formulated logical theory describing a high-level policy.

AB - We present a model of access control which provides fine-grained data-dependent control, can express permissions about permissions, can express delegation, and can describe systems which avoid the root-bottleneck problem. We present a language for describing goals of agents; these goals are typically to read or write the values of some resources. We describe a decision procedure which determines whether a given coalition of agents has the means (possibly indirectly) to achieve its goal. We argue that this question is decidable in the situation of the potential intruders acting in parallel with legitimate users and taking whatever temporary opportunities the actions of the legitimate users present. Our technique can also be used to synthesise finite access control systems, from an appropriately formulated logical theory describing a high-level policy.

U2 - 10.1007/978-3-540-30144-8_19

DO - 10.1007/978-3-540-30144-8_19

M3 - Conference contribution

SN - 978-3-540-23208-7

T3 - Lecture Notes in Computer Science

SP - 219

EP - 230

BT - Information Security

A2 - Zhang, K.

A2 - Zheng, Y.

PB - Springer

CY - Berlin

ER -

Model-checking access control policies

Résumé

Série de publications

Accès au document

Empreinte digitale

Contient cette citation