Relationship-based access control: its expression and enforcement through hybrid logic

CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy Pub Date : 2012-02-07 DOI:10.1145/2133601.2133616

G. Bruns, Philip W. L. Fong, I. Siahaan, M. Huth

{"title":"Relationship-based access control: its expression and enforcement through hybrid logic","authors":"G. Bruns, Philip W. L. Fong, I. Siahaan, M. Huth","doi":"10.1145/2133601.2133616","DOIUrl":null,"url":null,"abstract":"Access control policy is typically defined in terms of attributes, but in many applications it is more natural to define permissions in terms of relationships that resources, systems, and contexts may enjoy. The paradigm of relationship-based access control has been proposed to address this issue, and modal logic has been used as a technical foundation.\n We argue here that hybrid logic -- a natural and well-established extension of modal logic -- addresses limitations in the ability of modal logic to express certain relationships.\n We identify a fragment of hybrid logic to be used for expressing relationship-based access-control policies, show that this fragment supports important policy idioms, and demonstrate that it removes an exponential penalty in existing attempts of specifying complex relationships such as \"at least three friends\". We also capture the previously studied notion of relational policies in a static type system.","PeriodicalId":90472,"journal":{"name":"CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy","volume":"42 1","pages":"117-124"},"PeriodicalIF":0.0000,"publicationDate":"2012-02-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"86","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2133601.2133616","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 86

Abstract

Access control policy is typically defined in terms of attributes, but in many applications it is more natural to define permissions in terms of relationships that resources, systems, and contexts may enjoy. The paradigm of relationship-based access control has been proposed to address this issue, and modal logic has been used as a technical foundation. We argue here that hybrid logic -- a natural and well-established extension of modal logic -- addresses limitations in the ability of modal logic to express certain relationships. We identify a fragment of hybrid logic to be used for expressing relationship-based access-control policies, show that this fragment supports important policy idioms, and demonstrate that it removes an exponential penalty in existing attempts of specifying complex relationships such as "at least three friends". We also capture the previously studied notion of relational policies in a static type system.

查看原文本刊更多论文

基于关系的访问控制:通过混合逻辑表达和实施

访问控制策略通常是根据属性来定义的，但在许多应用程序中，根据资源、系统和上下文可能享有的关系来定义权限更为自然。为了解决这个问题，提出了基于关系的访问控制范式，并使用模态逻辑作为技术基础。我们认为混合逻辑——模态逻辑的自然和完善的扩展——解决了模态逻辑表达某些关系的能力的局限性。我们确定了用于表示基于关系的访问控制策略的混合逻辑片段，表明该片段支持重要的策略习惯，并证明它在指定复杂关系(如“至少三个朋友”)的现有尝试中消除了指数惩罚。我们还捕获了前面研究过的静态类型系统中的关系策略概念。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy

自引率

0.00%

发文量