Relationship-based access control: its expression and enforcement through hybrid logic

Authors:
Glenn Bruns;Philip W.L. Fong;Ida Siahaan;Michael Huth
Affiliations:
Bell Labs, Alcatel-Lucent, Naperville, IL, USA;University of Calgary, Calgary, AB, Canada;University of Calgary, Calgary, AB, Canada;Imperial College London, London, England UK
Venue:
Proceedings of the second ACM conference on Data and Application Security and Privacy
Year:
2012

Citing 7
Cited 4

A calculus for access control in distributed systems

ACM Transactions on Programming Languages and Systems (TOPLAS)
A modal deconstruction of access control logics

FOSSACS'08/ETAPS'08 Proceedings of the Theory and practice of software, 11th international conference on Foundations of software science and computational structures
A privacy preservation model for facebook-style social network systems

ESORICS'09 Proceedings of the 14th European conference on Research in computer security
Relationship-based access control: protection model and policy language

Proceedings of the first ACM conference on Data and application security and privacy
Access control via belnap logic: Intuitive, expressive, and analyzable policy composition

ACM Transactions on Information and System Security (TISSEC)
Relationship-based access control policies and their policy languages

Proceedings of the 16th ACM symposium on Access control models and technologies
Preventing Sybil Attacks by Privilege Attenuation: A Design Principle for Social Network Systems

SP '11 Proceedings of the 2011 IEEE Symposium on Security and Privacy

A user-to-user relationship-based access control model for online social networks

DBSec'12 Proceedings of the 26th Annual IFIP WG 11.3 conference on Data and Applications Security and Privacy
A white-box policy analysis and its efficient implementation

Proceedings of the 18th ACM symposium on Access control models and technologies
Relational abstraction in community-based secure collaboration

Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Relationship-based information sharing in cloud-based decentralized social networks

Proceedings of the 4th ACM conference on Data and application security and privacy

Quantified Score

Hi-index	0.00

Visualization

Abstract

Access control policy is typically defined in terms of attributes, but in many applications it is more natural to define permissions in terms of relationships that resources, systems, and contexts may enjoy. The paradigm of relationship-based access control has been proposed to address this issue, and modal logic has been used as a technical foundation. We argue here that hybrid logic -- a natural and well-established extension of modal logic -- addresses limitations in the ability of modal logic to express certain relationships. We identify a fragment of hybrid logic to be used for expressing relationship-based access-control policies, show that this fragment supports important policy idioms, and demonstrate that it removes an exponential penalty in existing attempts of specifying complex relationships such as "at least three friends". We also capture the previously studied notion of relational policies in a static type system.