Study On Flexible Access Control

Information security is a realm in trusted computing,and access control plays an important role in overall information security.Access control is to protect the data and resources maintained by a security system against unauthorized disclosure or improper modifications,while at the same time ensuring their availability to legitimate users.The development process of an access control system is usually carried out with a multi-phase approach based on the concepts of security policy,security model and security mechanism.However,the definition of an access control policy/model is far from being a trivial process.The most major difficulty lies in the interpretation of real-world security policies(often complex and sometimes ambiguous) and their translation in well defined and unambiguous rules,which are easily implemented by a computer system.With the development of access control theory and security requirements in many emerging applications,nowadays,expressiveness and flexibility have been become top requirements for an access control system together with,and usually in conflict with,simplicity and efficiency,that is,a modern access control policy needs to be flexible enough to capture security requirements in real world scenarios.This is why we study the flexible access control.Our flexible access control mainly refers to three aspects:flexible authorizations,logic based formalization,and integration of policies,which obtain a significant attention and also reflect the development tendency of the current access control.It has been investigated in this dissertation that how to specify flexible access control policies in real world using the powerful expressiveness and computation of logic programs,how to deal with conflicts in flexible access controls,how to balance expressiveness,simplicity and efficiency in flexible access control specifications,how to make use of common reasoning(i.e.,non-monotonic reasoning) to express the flexible characteristics, and how to integrate the advantages in the prevailing flexible access control theories on the basis of a unified framework.The dissertation focuses on the following several problems:the concept of flexible access control;the flexibility of role based access control(RBAC);conflict resolution strategy in flexible access control policy;design and analysis of the flexible authorization framework based on logic programs.By careful investigation of the above problems,the following results and contributions based on the four aspects have been obtained.(1) Knowledge and specification of the flexible access control To our best knowledge,the concept of flexible access control has not been specified definitely and summarized so far.We think that the meaning of flexible access control is ambiguous and evolving.We can simply view it as multi-attributes and multi-domains,which are traditional and classical,but today's flexible access control may refer to trust management,trust negotiation etc.Therefore inducing concepts and describing characteristics are necessary for flexible access controls.Further,we analyzed several problems about how to use logic programs to represent the flexible access control policies.Especially,we analyzed how to the "flexible" features are specified via logic rules.We also exploited the several prevailing framework theories for the next investigation. Thus,the following consequences have been acquired:-- The conceptual extension of flexible access controls is induced as:a) Expression from explicit to implicit;b) Determination from identity to attribute;c) Update from static to dynamic;d) Enforcement from single to compositional;e) Environment from close to open.-- The characteristics of flexible access controls are summarized as:a) Conditions(referring to system,context,history and so on);b) Hierarchies(include Subject,Object,Privilege and Role);c) Positive and negative authorizations;d) Attributes based specifications;e) Dynamic environments;f) Authorization derivations.-- The structural features of logic programs can specify the responding properties of security requirements,at the same time,also determine the semantics computation of the logic programs. -- Several prevailing authorization frameworks are complementary and cross between advantages and disadvantages.This gives us the space for further study.(2) Flexibility of RBAC ModelBased on analyzing the flexibility of RBAC,we have proposed the problem:a formal analysis for implementing LBAC in RBAC,which refers to how to implement lattice-based access control(LBAC) policy using the mechanisms of RBAC.Although there have been some researches on the relationships between LBAC and RBAC,these researches are non-formal.Our investigation is based on the formal method related to the ideas of relation,homomorphism and logic etc.The research has the following main contributions:-- The formal analysis shows how to use the RBAC framework to validate the key LBAC policies,suggesting that RBAC has a good role to play in unifying the formal treatment of a range of LBAC systems.-- The research can conclude that several studied lattice-based access control policies can be carried out in RBAC,and that the mechanism of managing access control in RBAC can be clearly exploited.-- Through using one security model as a unifying principle for studying others, we have possibility to explore a way for reasoning about combinations of security policies.(3) Conflict resolution strategy with preferenceTo our best knowledge,there are little conflict resolution polices with literal preference applied to access control.In terms of the principles of conflicts resolutions,we have researched the problem:Conflicts Resolution with LPOD Program,where rules with LPOD(Logic Program with Ordered Disjunction) are applied to solve conflicts.Our method has the following advantages:-- The method is a conflict resolution with preference.It is based on literals and dependent-context,different from rule priority and organization based strategy. Thus decision of this method is fine-grain;-- The semantics of LPOD program is not a stable model,but its semantic computation can transform into stable model.Therefore,it is novel.-- The criteria of selecting answer sets are more flexible and well accommodating to practical requirements.(4) Flexible authorization framework based on logic programs Our proposed authorization framework is composed of the programs of three main parts:PRAP module,URAP module and UR-RP authorization policy module,where PRAP means Privilege Role Assignment Program that is in charge of assigning privileges to roles;URAP expresses User Role Assignment Program whose function is the assignment of roles to users;UR-RP program combine PRAP and URAP for implementing the integration of multiple policies. The framework has the following advantages:-- As the administrative mechanism of the framework is based on RBAC,it may be easily further extended and refined.-- Since the framework is specified by logic programs,it is flexible.Using RBAC to organize the rules in a specification may enhance the construction of the specification.-- The component modules can adopt the advantages of the theories in the literature.For instance,PRAP makes use of the fine-grained and structural propagation mechanism in Bertino99 Framework for roles,objects and privileges;URAP employs the multiple conflict resolution and decision policies in FAF for users.UR-RP explicitly facilitates the session like RBAC.-- The component modules implement independently the policies,and interplay on base of the unifying framework.In fact,the functions of the implementations and interplay are based on the combination of logic programs.-- Since non-monotonic theory is used in our framework,we can use belief revision to capture flexible policies in real world.All the above consequences are worthwhile not only in theory but also in practice,and at the same time they are also the foundation of our further study on the flexible access control.