Specifying and enforcing constraints in dynamic access control policies

Author

Essaouini, Nada ; Cuppens, Frederic ; Cuppens-Boulahia, Nora ; Abou El Kalam, Anas

Author_Institution

Telecom Bretagne, France

fYear

2014

fDate

23-24 July 2014

Firstpage

290

Lastpage

297

Abstract

Constraints in access control models are used to organize access privileges in order to avoid fraudulent situations. Ensuring that the constraints are satisfied during the evolution of the system is an important issue. Thus, there is a need to have a formal reasoning language in order to express the constraints policy and to prove that the constraints are always satisfied. In this work, we propose a formal language based on the deontic logic of actions and situation calculus. The proposed language is easy to use to specify various constraints mentioned in the literature. In addition, we formally specify the condition to prove that the system specification is secure with respect to the access control requirements.

Keywords

authorisation; constraint handling; formal languages; inference mechanisms; process algebra; access control requirements; access privileges; constraints policy; deontic logic; dynamic access control policies; formal reasoning language; fraudulent situations; situation calculus; system evolution; Authorization; Calculus; Cognition; Databases; Electronic mail; Prototypes;

fLanguage

English

Publisher

ieee

Conference_Titel

Privacy, Security and Trust (PST), 2014 Twelfth Annual International Conference on

Conference_Location

Toronto, ON

Print_ISBN

978-1-4799-3502-4

Type

conf

DOI

10.1109/PST.2014.6890951

Filename

6890951