Information Technology Reference
In-Depth Information
status levels
that are assigned to agents that request access to system resources
(henceforth these agents are referred to as
requester agents
). These status lev-
els change dynamically in response to the actions the requester agent performs.
Because status levels are centrally important in our access control model, we
henceforth refer to the model as the
Status-based Access Control (SBAC)
model.
In the
SBAC
model, the information that is used to evaluate access requests
is expressed in terms of some general semantic notions: acts, actors, events,
times,
...
. By relating access control to these general notions, we argue that it
is possible to define the
SBAC
model as a very general framework for specifying
access control requirements, a framework that nevertheless may be specialised
and used in a variety of environments.
The
SBAC
model is defined in terms of a logic language; a range of
SBAC
policies may be expressed in the same language. As such, our proposal is related
to recent work on multi-policy formulation using logic languages (e.g., [2], [3],
[4] and [5]). However, none of the models defined in [2], [3], [4], or [5] includes
the notion of an event as a core component, and only [5] includes times. In [6],
an access control model is defined in which the notion of an event is important.
However, in the
SBAC
model an event has a wider interpretation, and
SBAC
policies are appropriate in distributed environments. In [7] an event-based access
control model is described. However, the model that is defined in [7] is a DAC-
based model that is not well-suited for distributed applications. The Ponder
language [8] has recently been proposed for specifying policies (including security
policies) for distributed systems. However, unlike the
SBAC
model, Ponder has
no formal semantics.
The rest of the paper is organized thus. In Section 2, some basic notions
are briefly described. In Section 3, we define the
SBAC
model. In Section 4,
we describe
SBAC
policy formulation and some computational issues. In Sec-
tion 5, an implementation of an
SBAC
policy is discussed. Finally, in Section 6,
conclusions are drawn, and suggestions for further work are made.
Due to space limitations, we consider a restricted form of the
SBAC
model in
this paper; we only consider one type of
SBAC
policy; and we give few technical
results. Further details of
SBAC
will appear in a forthcoming publication [9].
2 Preliminaries
The
SBAC
model and the
SBAC
policies that we describe in later sections
may be expressed in the language of (function-free)
locally stratified
clause form
logic [10], with certain predicates in the alphabet
Σ
of the language having a
fixed intended interpretation. As we only admit function-free clauses, the only
terms of relevance in
Σ
will be constants and variables.
Definition 1.
A normal clause is a formula of the form:
0)
.
The
head
,
C
, of the clause above is a single
atom
. The
body
of the clause (i.e.,
A
1
,...,A
m
, not B
1
,...,not B
n
) is a conjunction of literals (i.e., the comma is
C
←
A
1
,...,A
m
, not B
1
,...,not B
n
(
m
≥
0
,n
≥
