Rewrite Based Specification of Access Control Policies

Authors:
Horatiu Cirstea;Pierre-Etienne Moreau;Anderson Santana de Oliveira
Affiliations:
Nancy Université & INRIA & UFRN & LORIA;Nancy Université & INRIA & UFRN & LORIA;Nancy Université & INRIA & UFRN & LORIA
Venue:
Electronic Notes in Theoretical Computer Science (ENTCS)
Year:
2009

Citing 10
Cited 3

The SLam calculus: programming with secrecy and integrity

POPL '98 Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
JFlow: practical mostly-static information flow control

Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Lattice-Based Access Control Models

Computer
NETRA:: seeing through access control

Proceedings of the fourth ACM workshop on Formal methods in security
Canonical Abstract Syntax Trees

Electronic Notes in Theoretical Computer Science (ENTCS)
A pattern matching compiler for multiple target languages

CC'03 Proceedings of the 12th international conference on Compiler construction
Tom: piggybacking rewriting on java

RTA'07 Proceedings of the 18th international conference on Term rewriting and applications
The algebra of security

SP'88 Proceedings of the 1988 IEEE conference on Security and privacy
Specifying and reasoning about dynamic access-control policies

IJCAR'06 Proceedings of the Third international joint conference on Automated Reasoning
Language-based information-flow security

IEEE Journal on Selected Areas in Communications

Component-based security policy design with colored Petri nets

Semantics and algebraic specification
You should better enforce than verify

RV'10 Proceedings of the First international conference on Runtime verification
A dynamic access control model

Applied Intelligence

Quantified Score

Hi-index	0.00

Visualization

Abstract

Data protection within information systems is one of the main concerns in computer systems security and different access control policies can be used to specify the access requests that should be granted or denied. These access control mechanisms should guarantee that information can be accessed only by authorized users and thus prevent all information leakage. We propose a methodology for specifying and implementing access control policies using the rewrite based framework Tom. This approach allows us to check that any reachable state obtained following a granted access in the implementation satisfies the policy specification. We show that when security levels are not totally ordered some information leakage can be detected.