Abstract
Assurance that an access control configuration will not result in the leakage of a right to an unauthorized principal, called safety, is fundamental to ensuring that the most basic of access control policies can be enforced. Safety is achieved either through the use of limited models or the verification of safety via constraints. Currently, almost all critical safety requirements are enforced using limited models because constraint expression languages are far too complex for typical administrators to use properly. We propose a new approach to expressing constraints that has the following properties: (1) an access control policy is expressed using a graphical model in which the nodes represent sets (e.g., of subjects, objects, etc.) and the edges represent binary relationships on those sets and (2) constraints are expressed using a few, simple set operators on graph nodes. While it is possible to extend the semantics of the basic graph model in several ways, and we propose some we found useful, the basic result is that a wide variety of safety policies can be expressed with simple, binary constraints. We demonstrate this model using several examples ranging from safety expression for multilevel security models to separation of duty. Our hope is that this model can be a base for defining critical safety requirements for models that have more flexibility that traditional multilevel models.
Original language | English (US) |
---|---|
Pages | 154-163 |
Number of pages | 10 |
State | Published - Dec 1 2000 |
Event | 7th ACM Conference on Computer Communications Security - Athens, Greece Duration: Nov 1 2000 → Nov 4 2000 |
Other
Other | 7th ACM Conference on Computer Communications Security |
---|---|
Country/Territory | Greece |
City | Athens |
Period | 11/1/00 → 11/4/00 |
All Science Journal Classification (ASJC) codes
- Software
- Computer Networks and Communications