Multiple Access Control Policies - PowerPoint PPT Presentation

Multiple access control policies
1 / 28

  • Uploaded on
  • Presentation posted in: General

Multiple Access Control Policies. A Unified Framework for Enforcing Multiple Access Control Policies [by Jajodia and Samarti] Authorization in Distributed Systems: A New Approach [by Woo and Lam] References:

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.

Download Presentation

Multiple Access Control Policies

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript

Multiple access control policies

Multiple Access Control Policies

A Unified Framework for Enforcing Multiple Access Control Policies [by Jajodia and Samarti]

Authorization in Distributed Systems: A New Approach [by Woo and Lam]


* A logical Framework for Reasoning on Data Access Control Policies ACM Trans. Bertino and Catania. Vol. 6, No. 1.

* The well-founded Semantics for General Logic Programs. Gelder and Ross.



  • Access control policies are devised for controlling access to information.

  • Policy requires its own language, which specifies policy bases.

  • Policy base encodes a set of authorization requirements and is given a precise semantics based upon a formal notion of authorization policy.

Multiple access control policies1

Multiple Access Control Policies

  • Problem: Protection requirements within a system vary dramatically, and no single policy may simultaneously satisfy them all.

  • This paper presents a flexible authorization manager (FAM) that enforce multiple access control policies within a unified system.

  • FAM is based on a language through which users can specify authorizations and access control policies.

Multiple access control policies

  • The FAM language contains three components.

    • Data objects of different types

    • Hierarchy

    • Language specifications



  • A data system DS consists of a 4-tuple (Obj, T, S, A), where Obj, T, S, A are object, type, subject, action.

  • User Hierarchy. A DS is said to be user-hierarchical iff there exists a finite partially ordered set (G, ) such that: x is a -minimal element of G iff x  U

Multiple access control policies

  • Authorization Specifications consist of constant symbols, variable symbols and predicate symbols.

  • Predicate symbols:

    • cando

    • dercando

    • do

    • done

    • error

    • dirin

    • in

    • typeof

    • owner



  • cando(file1, Employees, +write)  .

  • cando(file1, s, +write)  in(s, Employees)

  • dercando(o,s,+a)  cando(o,s,+a)&in(s,s)

  • dercando(file1,s,-read)  dercando(file2,s ,read) & in(s,s) & in(s,s)

  • dercando(o,s,-write)  done(o,s,read) & typeof(o, Exams) & typeof(o, Solutions)

Multiple access control policies

  • error(o,s,a)  cando(o,s,+a)&cando(o,s,-a)

  • error(o,s,a)  done(o,s,read) & done(o,s,read) & typeof(o,Budget-A) & typeof(o, Budget-B)

Fam programs


  • An authorization specification AS is said to be a FAM-program iff the set of decision (do) rules in AS is:

    • Clash-free and

    • For each triple (o,u,a), there exists at least one weakly applicable do-rule in AS.

Multiple access control policies

  • Clash-free

    do(file1, X,+read)  dirin(X, Employees)

    do(file1, X, -read)  dirin (X, Policeman)

  • Weakly Applicable

    Consider the triple (file1, john, read)

    do(file1, s,+a)  dercando(file1, s, +a)

    do(o, s, +read)  ¬dercando(o, s, +read)& ¬dercando(o, s, -read)&typeof(o, Pblc-docs)

Cam program


  • An authoization specification AS is said to be a semi-CAM program iff each do rule in AS has a head of the form do(OT, ST,+AT)

    do(O, U, -A)  ¬do(O, U, +A)

Fam policy library

FAM policy library

  • Closed, open and hybrid

  • Hybrid: no overriding, subgroup overriding, and path overriding.

  • Conflict resolution:

    • No conflicts allowed

    • Permissions take precedence

    • Denials take precedence



  • Closed policy

    • dercando (o, u, +a)  cando(o, s, +a) & in(u, s)

    • do(o, u, +a)  dercando(o, u, +a)

    • error(o, s, a)  cando(o, s, -a)

    • do(o, u, -a)  ¬do(o, u, +a)

  • Open policy

    • dercando (o, u, -a)  cando(o, s, -a) & in(u, s)

    • do(o, u, +a)  ¬dercando(o, u, -a)

Multiple access control policies

  • Subgroup overrides along a path

    • dercando(o, s, +a)  cando(o, s, +a)

    • dercando(o, s, -a)  cando(o, s, -a)

    • dercando(o, s, +a)  dercando(o, s, +a)& ¬cando(o, s, -a) & dirin(s, s)

    • dercando(o, s, -a)  dercando(o, s, -a)& ¬cando(o, s, +a)& dirin(s, s)

Authorization in distributed systems

Authorization in Distributed Systems

  • Problem: need to have a language that is expressive enough for specifying commonly encountered authorization requirements. The requirements here include multiple access policies and supporting distributed environment.

Authorization policy

Authorization policy

  • An authorization policy over a set of subjects S, a set of objects O and a set of access rights R is a 4-tuple (P+, P-, N+, N-) where each component is a subset of {(r, s, o) | r  R, s  S, o  O}

  • A grant (r, s, o) iff (r, s, o)  P+

  • A deny (r, s, o) iff (r, s, o)  N+

  • A fail (r, s, o) iff (r, s, o)  P+  N+



  • Let V = {x, y,…}, P = {p,q}, S = {A, B, G}, O = {X, Y, Z}

  • read-(G, x)

  • read+(A, X)  read+(A, Y)

  • x  G  read-(G, Y)  read-(x, Y)

  • ¬p  write+(x, Z)  ¬read+(x, y)

Closed policy base

Closed Policy Base

  • A base is closed if it contains only closed rules, which contains no literal variables.

    B admits two extensions {write+(A,Y)} and {write+(A,X)}

Generalized form

Generalized Form

  • Let be a rule

Open policy base

Open Policy Base

  • Each open rule in B as standing for all its ground instances (closed rules).

  • If S={A,B} and O = {X,Y}



Examples of policy base

Examples of Policy Base

  • If a subject s has not been explicitly granted a right r to an object o, then s will inherit a denial of r to o if it belongs to a group g that has a denial of r to o.

The bad vs evil

The Bad vs. Evil

  • [Woo] cannot resolve conflicts.

    • Horizontal composition

      • Each SSO specifies a policy base for a part of a system and multiple SSOs may cover the whole system. The policies may compliment or conflict among them.

    • Vertical composition

      • An SSO is responsible for his subordinate administrators. The leaf policy bases are mot specific and detailed than the root policy base. A composition of this would give rise to conflicts.

Multiple access control policies

  • [Jajodia] propose a logic language for expressing authorization rules and show how this language can express most of the access control policies. Programs that can be written in this language are a subset of stratified datalog program and therefore they are able to express only a limited set of authorization specifications.

Multiple access control policies

Thank you

  • Login