Today more and more security-relevant data is stored on computer systems; security-critical business processes are mapped to their digital counterparts. This situation applies to various domains such as health care industry, digital government, and financial service institutes requiring that different security requirements must be fulfilled. Authorization constraints can help the policy architect design and express higher-level organizational rules. Although the importance of authorization constraints has been addressed in the literature, there does not exist a systematic way to verify and validate authorization constraints. In this paper, we specify both non-temporal and history-based authorization constraints in the Object Constraint Language (OCL) and first-order linear temporal logic (LTL). Based upon these specifications, we attempt to formally verify role-based access control policies with the help of a theorem prover and to validate policies with the USE system, a validation tool for OCL constraints. We also describe an authorization engine, which supports the enforcement of authorization constraints.
Abstract. Authorisation constraints can help the policy architect design and express higher-level security policies for organisations such as financial institutes or governmental agencies. Although the importance of constraints has been addressed in the literature, there does not exist a systematic way to validate and test authorisation constraints. In this paper, we attempt to specify non-temporal constraints and historybased constraints in Object Constraint Language (OCL) which is a constraint specification language of Unified Modeling Language (UML) and describe how we can facilitate the USE tool to validate and test such policies. We also discuss the issues of identification of conflicting constraints and missing constraints.
Security policies play an important role in today's computer systems. We show some severe limitations of the widespread standard role-based access control (RBAC) model, namely that object-based dynamic separation of duty as in- The RBAC model/Separation of dutyRole-based access control (RBAC) [18,1,2,9] has received considerable attention as a promising alternative to traditional discretionary and mandatory access control. Moreover, an extensive field study by the National Institute of Standards and Technology (NIST) pointed out that in practice permissions are assigned to users according to their roles/functions in the organization [8]. The explicit representation of roles greatly simplifies the security management and makes possible to use security principles like separation of duty and least privilege [18]. In the following, we give an overview of RBAC96, a widespread RBAC model introduced by Sandhu et al. [18]. In Figures 1 and 2 the entity sets of RBAC96 and the relationships between them are shown.A further important concept of the advanced RBAC96 models are constraints on the relations assigned to, auth, active in, etc. With help of these constraints, separation of duty (SOD) can be enforced. SOD is a well-known principle that prevents fraud and error by requiring that at least two persons are required to complete a task. SOD is often applied in everyday life, e.g., a paper submitted to a conference typically is required to be reviewed by three referees who must be different from the author. There are several attempts to express SOD constraints in the computer security world, specifically in the area of banking like the ClarkWilson model [6] or Sandhu's Transaction Control Expressions [17]. Usually, it can be differentiated between static and dynamic SOD. Static SOD means that a user is not permitted to perform certain steps of a task. By contrast, in dynamic SOD a user may carry out those steps, but only if he has not done/does not certain other steps of the task. Thus, dynamic SOD is more flexible than static SOD and hence better satisfies real-world requirements.Usually, RBAC is expressed in set-theoretic notation. When using formal methods, one needs to express RBAC in some definite formalism (like the Z formalism used in [5]). We here formalize RBAC in many-sorted first-order logic, which also is a well-studied and tool-supported formalism [14]. In the specification given in Fig. 3, the axiom states that a session may activate a role only if its user is assigned to the role.
Asset information obtained via infrastructure analysis is essential for developing and establishing risk management. However, information about assets acquired by existing infrastructure analysis processes is often incomplete or lacking in detail, especially concerning their interconnected topology. In this paper, we present the Interconnected-asset Ontology, IO, as a step towards a standardized representation of detailed asset information. The utilization of an asset ontology as a machine-readable representation supports the automation of risk management processes and the standardization of asset information reduces redundant acquisition processes that are often found in practice.
Role-based access control (RBAC) is a powerful means for laying out and developing higher-level organizational policies such as separation of duty, and for simplifying the security management process. One of the important aspects of RBAC is authorization constraints that express such organizational policies. While RBAC has generated a great interest in the security community, organizations still seek a flexible and effective approach to impose role-based authorization constraints in their security-critical applications. In this paper, we present a Web Services-based authorization framework that can be employed to enforce organization-wide authorization constraints. We describe a generic authorization engine, which supports organization-wide authorization constraints and acts as a central policy decision point within the authorization framework. This authorization engine is implemented by means of the USE system, a validation tool for UML models and OCL constraints. Using this system, we also demonstrate how the authorization constraints can be specified in OCL and then be implemented by USE.
Organizations with stringent security requirements like banks or hospitals frequently adopt role-based access control (RBAC) principles to simplify their internal permission management. Authorization constraints represent a fundamental advanced RBAC concept enabling precise restrictions on access rights. Thereby, the complexity of the resulting security policies increases so that tool support for comfortable creation and adequate validation is required. We propose a new approach to developing and analyzing RBAC policies using UML for modeling RBAC core concepts and OCL to realize authorization constraints. Dynamic (i. e., time-dependent) constraints, their visual representation in UML and their analysis are of special interest. The approach results in a domain-specific language for RBAC which is highly configurable and extendable with respect to new RBAC concepts and classes of authorization constraints and allows the developer to validate RBAC policies in an effective way. The approach is supported by a UML and OCL validation tool.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
334 Leonard St
Brooklyn, NY 11211
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.