Event Systems and Access Control

Dominique M\'ery (INRIA Lorraine - LORIA); Stephan Merz (INRIA; Lorraine - LORIA)

arXiv:cs/0604081·cs.LO·August 16, 2016·3 cites

Event Systems and Access Control

Dominique M\'ery (INRIA Lorraine - LORIA), Stephan Merz (INRIA, Lorraine - LORIA)

PDF

Open Access

TL;DR

This paper explores how access control policies can be verified and preserved in event-based information systems, proposing methods to refine user rights and combine system obligations for effective enforcement.

Contribution

It introduces proof rules for verifying access control enforcement and presents a novel approach to refine user rights through combining low-level rights with system obligations.

Findings

01

Proof rules for verifying access control enforcement

02

Methods for preserving access control during system refinement

03

A new approach to refine user rights by combining rights and obligations

Abstract

We consider the interpretations of notions of access control (permissions, interdictions, obligations, and user rights) as run-time properties of information systems specified as event systems with fairness. We give proof rules for verifying that an access control policy is enforced in a system, and consider preservation of access control by refinement of event systems. In particular, refinement of user rights is non-trivial; we propose to combine low-level user rights and system obligations to implement high-level user rights.

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.

Taxonomy

TopicsAccess Control and Trust · Security and Verification in Computing · Cryptography and Data Security