Abstract
We present a modelling language, called X -Policy, for web-based collaborative systems with dynamic access control policies. The access to resources in these systems depends on the state of the system and its configuration. The X -Policy language models systems as a set of actions. These actions can model system operations which are executed by users. The X -Policy language allows us to specify execution permissions on each action using complex access conditions which can depend on data values, other permissions, and agent roles. We demonstrate that X -Policy is expressive enough to model collaborative conference management systems. We model the EasyChair conference management system and we reason about three security attacks on EasyChair.
The long version [1] of this paper can be found at the authors’ web pages.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Qunoo, H., Ryan, M.: Modelling dynamic access control policies for web-based collaborative systems - long version. Technical report, School of Computer Science, University of Birmingham, Available at the authors’ webpage (April 2010)
Becker, M., Fournet, C., Gordon, A.: Design and semantics of a decentralized authorization language. In: 20th IEEE Computer Security Foundations Symposium, CSF 2007, pp. 3–15 (2007)
Becker, M.Y.: Specification and analysis of dynamic authorisation policies. IEEE Computer Security Foundations Symposium, 203–217 (2009)
DeTreville, J.: Binder, a logic-based security language. In: Proceedings of the 2002 IEEE Symposium on Security and Privacy (2002)
Gurevich, Y., Neeman, I.: DKAL: Distributed-knowledge authorization language. In: CSF 2008: Proceedings of the 2008, 21st IEEE Computer Security Foundations Symposium, Washington, DC, USA, pp. 149–162. IEEE Computer Society, Los Alamitos (2008)
Gurevich, Y., Neeman, I.: DKAL 2: A simplified and improved authorization language. Technical report, Microsoft Research - Cambridge (2009)
Li, N., Mitchell, J.C., Winsborough, W.H.: Design of a role-based trust management framework. In: Proc. IEEE Symposium on Security and Privacy, Oakland (May 2002)
McDermott, D., Doyle, J.: Nonmonotonic logic 1. Artificial Intelligence 13, 41–72 (1980)
Becker, M.Y., Sewell, P.: Cassandra: distributed access control policies with tunable expressiveness. In: 5th IEEE International Workshop on Policies for Distributed Systems and Networks, POLICY (2004)
Zhang, N., Ryan, M., Guelev, D.P.: Synthesising verified access control systems in XACML. In: 2004 ACM Workshop on Formal Methods in Security Engineering, Washington DC, USA, October 2004, pp. 56–65. ACM Press, New York (2004)
Qunoo, H., Ryan, M.: EC model in X-policy (December 2009), http://www.cs.bham.ac.uk/~hxq/X-policy/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Qunoo, H., Ryan, M. (2010). Modelling Dynamic Access Control Policies for Web-Based Collaborative Systems. In: Foresti, S., Jajodia, S. (eds) Data and Applications Security and Privacy XXIV. DBSec 2010. Lecture Notes in Computer Science, vol 6166. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-13739-6_20
Download citation
DOI: https://doi.org/10.1007/978-3-642-13739-6_20
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-13738-9
Online ISBN: 978-3-642-13739-6
eBook Packages: Computer ScienceComputer Science (R0)