Modular Access Control via Strategic Rewriting

Daniel J. Dougherty; Claude Kirchner; Hélène Kirchner; Anderson Santana De Oliveira

inria-00185697, version 1

Modular Access Control via Strategic Rewriting

Daniel J. Dougherty^a, Claude Kirchner^b^, 1, 2, Hélène Kirchner ^1, 2, Anderson Santana De Oliveira ()^b^, 1

12th European Symposium On Research In Computer Security - ESORICS 2007 4734 (2007) 578-593

Résumé : Security policies, in particular access control, are fundamental elements of computer security. We address the problem of authoring and analyzing policies in a modular way using techniques developed in the field of term rewriting, focusing especially on the use of rewriting strategies. Term rewriting supports a formalization of access control with a clear declarative semantics based on equational logic and an operational semantics guided by strategies. Well-established term rewriting techniques allow us to check properties of policies such as completeness and the absence of conflicts. A rich language for expressing rewriting strategies is used to define a theory of modular construction of policies in which we can better understand the preservation of properties of policies under composition. The robustness of the approach is illustrated on the composition operators of XACML.

a – Worcester Polytechnic Institute
b – INRIA
1 : PROTHEO (INRIA Lorraine - LORIA)
INRIA – CNRS : UMR7503 – Université Henri Poincaré - Nancy I – Université Nancy II – Institut National Polytechnique de Lorraine (INPL)
2 : INRIA Lorraine (INRIA Lorraine)
INRIA

inria-00185697, version 1
http://hal.inria.fr/inria-00185697
oai:hal.inria.fr:inria-00185697
Contributeur : Anderson Santana De Oliveira <>
Soumis le : Mardi 6 Novembre 2007, 17:32:16
Dernière modification le : Vendredi 16 Novembre 2007, 14:38:55

Voir la fiche détaillée

Documents associés

DOI : 10.1007/978-3-540-74835-9_38

Exporter

Bibtex EndNote TEI RefWorks

<?xml version="1.0" encoding="UTF-8"?>
<listBibl xmlns="http://www.tei-c.org/ns/1.0" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:mml="http://www.w3.org/1998/Math/MathML">
<listBibl type="inproceedings"><head>Communications avec actes</head>
<biblStruct type="inproceedings" xml:id="inria-00185697"><analytic>
<author><persName><forename>Daniel J.</forename><surname>Dougherty</surname></persName></author>
<author><persName><forename>Claude</forename><surname>Kirchner</surname></persName>
<affiliation>
<orgName type="laboratory">INRIA Lorraine - LORIA</orgName>
<orgName type="team">PROTHEO</orgName>
<country>FR</country>
<orgName type="institution">INRIA</orgName>
<orgName type="institution">CNRS : UMR7503</orgName>
<orgName type="institution">Université Henri Poincaré - Nancy I</orgName>
<orgName type="institution">Université Nancy II</orgName>
<orgName type="institution">Institut National Polytechnique de Lorraine (INPL)</orgName>
</affiliation>
<affiliation>
<orgName type="laboratory">INRIA Lorraine</orgName>
<orgName type="team">INRIA Lorraine</orgName>
<country>FR</country>
<orgName type="institution">INRIA</orgName>
</affiliation>
</author>
<author><persName><forename>Hélène</forename><surname>Kirchner</surname></persName>
<affiliation>
<orgName type="laboratory">INRIA Lorraine - LORIA</orgName>
<orgName type="team">PROTHEO</orgName>
<country>FR</country>
<orgName type="institution">INRIA</orgName>
<orgName type="institution">CNRS : UMR7503</orgName>
<orgName type="institution">Université Henri Poincaré - Nancy I</orgName>
<orgName type="institution">Université Nancy II</orgName>
<orgName type="institution">Institut National Polytechnique de Lorraine (INPL)</orgName>
</affiliation>
<affiliation>
<orgName type="laboratory">INRIA Lorraine</orgName>
<orgName type="team">INRIA Lorraine</orgName>
<country>FR</country>
<orgName type="institution">INRIA</orgName>
</affiliation>
</author>
<author><persName><forename>Anderson</forename><surname>Santana De Oliveira</surname></persName>
<affiliation>
<orgName type="laboratory">INRIA Lorraine - LORIA</orgName>
<orgName type="team">PROTHEO</orgName>
<country>FR</country>
<orgName type="institution">INRIA</orgName>
<orgName type="institution">CNRS : UMR7503</orgName>
<orgName type="institution">Université Henri Poincaré - Nancy I</orgName>
<orgName type="institution">Université Nancy II</orgName>
<orgName type="institution">Institut National Polytechnique de Lorraine (INPL)</orgName>
</affiliation>
</author>
<title type="main" level="a">Modular Access Control via Strategic Rewriting</title></analytic><monogr><meeting>12th European Symposium On Research In Computer Security - ESORICS 2007</meeting><imprint><publisher>Springer Berlin / Heidelberg</publisher><pubPlace><settlement>Dresden</settlement><country>Allemagne</country></pubPlace><biblScope type="publicationDate">2007-00-00</biblScope><biblScope type="vol">4734</biblScope><biblScope type="pp">578-593</biblScope></imprint></monogr><idno type="doi">10.1007/978-3-540-74835-9_38</idno><idno type="HALid">http://hal.inria.fr/inria-00185697</idno></biblStruct>
</listBibl>
</listBibl>