Time Dependent Policy-Based Access Control

Authors Panagiotis Vasilikos, Flemming Nielson, Hanne Riis Nielson



PDF
Thumbnail PDF

File

LIPIcs.TIME.2017.21.pdf
  • Filesize: 0.57 MB
  • 18 pages

Document Identifiers

Author Details

Panagiotis Vasilikos
Flemming Nielson
Hanne Riis Nielson

Cite As Get BibTex

Panagiotis Vasilikos, Flemming Nielson, and Hanne Riis Nielson. Time Dependent Policy-Based Access Control. In 24th International Symposium on Temporal Representation and Reasoning (TIME 2017). Leibniz International Proceedings in Informatics (LIPIcs), Volume 90, pp. 21:1-21:18, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2017) https://doi.org/10.4230/LIPIcs.TIME.2017.21

Abstract

Access control policies are essential to determine who is allowed to access data in a system without compromising the data's  security.  However,  applications inside a distributed environment may require those policies to be dependent on the actual content of the data, the flow of information, while also on other attributes of the environment such as the time.

In this paper, we use systems of Timed Automata to model distributed systems and we present a logic in which one can express time-dependent policies for access control. We show how a fragment of our logic can be reduced to a logic that current model checkers for Timed Automata such as UPPAAL can handle and we present a  translator that performs this reduction. We then use our translator and UPPAAL to enforce time-dependent policy-based access control on an example application from the aerospace industry.

Subject Classification

Keywords
  • Access Control
  • Timed Automata
  • Time-Dependent Policies
  • UPPAAL

Metrics

  • Access Statistics
  • Total Accesses (updated on a weekly basis)
    0
    PDF Downloads

References

  1. Luca Aceto, Anna Ingolfsdottir, Kim Guldstrand Larsen, and Jiri Srba. Reactive Systems: Modelling, Specification and Verification. Cambridge University Press, 2007. Google Scholar
  2. Rajeev Alur, Costas Courcoubetis, and David L. Dill. Model-checking in dense real-time. Inf. Comput., 104(1):2-34, 1993. Google Scholar
  3. Rajeev Alur and David L. Dill. A theory of timed automata. Theor. Comput. Sci., 126(2):183-235, 1994. Google Scholar
  4. David A. Basin, Matús Harvan, Felix Klaedtke, and Eugen Zalinescu. Monitoring usage-control policies in distributed systems. TIME, pages 88-95, 2011. Google Scholar
  5. Moritz Y. Becker, Cédric Fournet, and Andrew D. Gordon. Secpal: Design and semantics of a decentralized authorization language. Journal of Computer Security, 18(4):619-665, 2010. Google Scholar
  6. Elisa Bertino, Piero A. Bonatti, and Elena Ferrari. Trbac: A temporal role-based access control model. ACM Trans. Inf. Syst. Secur., 4(3):191-233, 2001. Google Scholar
  7. Hsing-Chung Chen, Shiuh-Jeng Wang, Jyh-Horng Wen, Yung-Fa Huang, and Chung-Wei Chen. A generalized temporal and spatial role-based access control model. JNW, 5(8):912-920, 2010. Google Scholar
  8. Carlo Combi, Roberto Posenato, Luca Viganò, and Matteo Zavatteri. Access controlled temporal networks. ICAART (2), pages 118-131, 2017. Google Scholar
  9. Carlo Combi, Luca Viganò, and Matteo Zavatteri. Security constraints in temporal role-based access-controlled workflows. CODASPY, pages 207-218, 2016. Google Scholar
  10. Henry DeYoung, Deepak Garg, and Frank Pfenning. An authorization logic with explicit time. CSF, pages 143-165, 2008. Google Scholar
  11. Sabrina De Capitani di Vimercati, Pierangela Samarati, and Ravi Sandhu. Access control. Computing Handbook, 3rd ed., 1:47:1-25, 2014. Google Scholar
  12. David F. Ferraiolo, Ravi S. Sandhu, Serban I. Gavrila, D. Richard Kuhn, and Ramaswamy Chandramouli. Proposed nist standard for role-based access control. ACM Trans. Inf. Syst. Secur., 4(3):224-264, 2001. Google Scholar
  13. Emsaieb Geepalla, Behzad Bordbar, and Kozo Okano. Verification of spatio-temporal role based access control using timed automata. NESEA, pages 1-6, 2012. Google Scholar
  14. Yong-Zhong He, Zhen Han, and Ye Du. Context active rbac and its applications. ISECS, pages 1041-1044, 2008. Google Scholar
  15. Xuezhen Huang, Jiqiang Liu, and Zhen Han. A privacy-aware access model on anonymized data. INTRUST, pages 201-212, 2014. Google Scholar
  16. David N. Jansen and Roel Wieringa. Extending ctl with actions and real time. J. Log. Comput., 12(4):607-621, 2002. Google Scholar
  17. Xin Jin, Ram Krishnan, and Ravi S. Sandhu. A unified attribute-based access control model covering dac, mac and rbac. DBSec, pages 41-45, 2012. Google Scholar
  18. James Joshi, Elisa Bertino, Usman Latif, and Arif Ghafoor. A generalized temporal role-based access control model. IEEE Trans. Knowl. Data Eng., 17(1):4-23, 2005. Google Scholar
  19. M. Fahim Ferdous Khan and Ken Sakamura. A discretionary delegation framework for access control systems. OTM Conferences, pages 865-882, 2016. Google Scholar
  20. Samrat Mondal and Shamik Sural. Security analysis of temporal-rbac using timed automata. IAS, pages 37-40, 2008. Google Scholar
  21. Samrat Mondal, Shamik Sural, and Vijayalakshmi Atluri. Security analysis of gtrbac and its variants using model checking. Computers and Security, 30(2-3):128-147, 2011. Google Scholar
  22. Kevin Mueller, Michael Paulitsch, Sergey Tverdyshev, and Holger Blasum. Mils-related information flow control in the avionic domain: A view on security-enhancing software architectures. DSN Workshops, pages 1-6, 2012. Google Scholar
  23. Andrew C. Myers and Barbara Liskov. A decentralized model for information flow control. In ACM Symposium on Operating System Principles, SOSP 1997, pages 129-142. ACM, 1997. Google Scholar
  24. Flemming Nielson, Hanne Riis Nielson, and Panagiotis Vasilikos. Information flow for timed automata. Accepted for Springer Lecture Notes in Computer Science, 2017. Google Scholar
  25. Hanne Riis Nielson and Flemming Nielson. Content dependent information flow control. J. Log. Algebr. Meth. Program., 87:6-32, 2017. Google Scholar
  26. Martin Leth Pedersen, Michael Hedegaard Sørensen, Daniel Lux, Ulrik Nyman, and René Rydhof Hansen. The timed decentralised label model. NordSec, pages 27-43, 2015. Google Scholar
  27. Carlos Ribeiro, Andre Zuquete, Paulo Ferreira, and Paulo Guedes. Spl: An access control language for security policies and complex constraints. NDSS, 2001. Google Scholar
  28. Ravi S. Sandhu. Lattice-based access control models. IEEE Computer, 1993. Google Scholar
  29. Ravi S. Sandhu and P. Samarati. Access control: Principles and practice. IEEE Com. Mag., 1996. Google Scholar
  30. UPPALL. URL: http://www.uppaal.com/index.php?sida=200&rubrik=95.
  31. Dennis M. Volpano, Geoffrey Smith, and Cynthia E. Irvine. A sound type system for secure flow analysis. Journal of Computer Security, 4(2/3):167-188, 1996. Google Scholar
  32. OASIS eXtensible Access Control Markup Language. URL: https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml.
  33. eXtensible Markup Language(XML) . URL: https://www.w3.org/XML/.
  34. Wenrong Zeng, Yuhao Yang, and Bo Luo. Content-based access control: Use data content to assist access control for large-scale content-centric databases. BigData Conference, pages 701-710, 2014. Google Scholar
Questions / Remarks / Feedback
X

Feedback for Dagstuhl Publishing


Thanks for your feedback!

Feedback submitted

Could not send message

Please try again later or send an E-mail