Hypergraph-based Access Control Using Formal Language Expressions - HGAC

Alexander Lawall

2015

Abstract

In all organizations, access assignments are essential in order to ensure data privacy, permission levels and the correct assignment of tasks. Traditionally, such assignments are based on total enumeration, with the consequence that constant effort has to be put into maintaining the assignments. This problem still persists when using abstraction layers, such as group and role concepts, e.g. Access Control Matrix and Role-Based Access Control. Role and group memberships are statically defined and members have to be added and removed constantly. This paper describes a novel approach - Hypergraph-Based Access Control HGAC - to assign human and automatic subjects to access rights in a declarative manner. The approach is based on an organizational (meta-) model and a declarative language. The language is used to express queries and formulate predicates. Queries define sets of subjects based on their properties and their position in the organizational model. They also contain additional information that causes organizational relations to be active or inactive depending on predicates. In HGAC, the subjects that have a specific permission are determined by such a query. The query itself is not defined statically but created by traversing a hypergraph path. This allows a structured aggregation of permissions on resources. Consequently, multiple resources can share parts of their queries.

References

  1. Benantar, M. (2006). Access Control Systems: Security, Identity Management and Trust Models. Access Control Systems: Security, Identity Management and Trust Models. Springer.
  2. Chen, L. (2011). Analyzing and Developing Role-Based Access Control Models. PhD thesis, University of London.
  3. Chen, Y. and Zhang, L. (2011). Research on role-based dynamic access control. In Proceedings of the 2011 iConference, iConference 7811, pages 657-660, New York, NY, USA. ACM.
  4. Ferraiolo, D., Kuhn, D., and Chandramouli, R. (2003). Role-based Access Control. Artech House computer security series. Artech House.
  5. Ferraiolo, D. F., Barkley, J. F., and Kuhn, D. R. (1999). A role-based access control model and reference implementation within a corporate intranet. ACM Trans. Inf. Syst. Secur., 2:34-64.
  6. Ferraiolo, D. F., Sandhu, R., Gavrila, S., Kuhn, D. R., and Chandramouli, R. (2001). Proposed NIST standard for role-based access control. ACM Transactions on Information and System Security, 4:224-274.
  7. Ferrari, E. (2010). Access Control in Data Management Systems. Synthesis lectures on data management. Morgan & Claypool.
  8. Fowler, M. (2010). Domain-specific languages. AddisonWesley Professional.
  9. Gallo, G., Longo, G., Pallottino, S., and Nguyen, S. (1993). Directed Hypergraphs and Applications. Discrete Appl. Math., 42(2-3):177-201.
  10. Graham, G. S. and Denning, P. J. (1972). Protection: Principles and Practice. In Proceedings of the May 16-18, 1972, Spring Joint Computer Conference, AFIPS 7872 (Spring), pages 417-429, New York, NY, USA. ACM.
  11. Hoffmann, D. W. (2011). Theoretische Informatik. München: Carl Hanser, München, 2. edition.
  12. Knorr, K. (2000). Dynamic access control through Petri net workflows. In Computer Security Applications, 2000. ACSAC 7800. 16th Annual Conference, pages 159-167.
  13. Krcmar, H. (2010). Informationsmanagement. Springer, Berlin; Heidelberg.
  14. Lawall, A., Schaller, T., and Reichelt, D. (2012). An Approach towards Subject-Oriented Access Control. In S-BPM ONE 2012, pages 33-42, Heidelberg. Springer-Verlag.
  15. Lawall, A., Schaller, T., and Reichelt, D. (2013a). Integration of Dynamic Role Resolution within the S-BPM Approach. In S-BPM ONE 2013, pages 21-33, Heidelberg. Springer.
  16. Lawall, A., Schaller, T., and Reichelt, D. (2013b). Who Does What - Comparison of Approaches for the Definition of Agents in Workflows. In Web Intelligence (WI) and Intelligent Agent Technologies (IAT), 2013 IEEE/WIC/ACM International Joint Conferences on, volume 3, pages 74-77.
  17. Lawall, A., Schaller, T., and Reichelt, D. (2014a). CrossOrganizational and Context-Sensitive Modeling of Organizational Dependencies in C-ORG. In S-BPM ONE (Scientific Research), pages 89-109, Heidelberg. Springer-Verlag.
  18. Lawall, A., Schaller, T., and Reichelt, D. (2014b). Enterprise Architecture: A Formalism for Modeling Organizational Structures in Information Systems. In Barjis, J. and Pergl, R., editors, Enterprise and Organizational Modeling and Simulation, volume 191 of Lecture Notes in Business Information Processing, pages 77-95. Springer Berlin Heidelberg.
  19. Lawall, A., Schaller, T., and Reichelt, D. (2014c). LocalGlobal Agent Failover Based on Organizational Models. In Web Intelligence (WI) and Intelligent Agent Technologies (IAT), 2014 IEEE/WIC/ACM International Joint Conferences on, volume 3, pages 420- 427.
  20. Lawall, A., Schaller, T., and Reichelt, D. (2014d). Restricted Relations between Organizations for CrossOrganizational Processes. In Business Informatics (CBI), 2014 IEEE 16th Conference on, pages 74-80, Geneva.
  21. Liu, Y. A., Wang, C., Gorbovitski, M., Rothamel, T., Cheng, Y., Zhao, Y., and Zhang, J. (2006). Core Role-based Access Control: Efficient Implementations by Transformations. In Proceedings of the 2006 ACM SIGPLAN Symposium on Partial Evaluation and Semantics-based Program Manipulation, PEPM 7806, pages 112-120, New York, NY, USA. ACM.
  22. Sandhu, R. S. (1992). The Typed Access Matrix Model. In Proceedings of the 1992 IEEE Symposium on Security and Privacy, SP 7892, pages 122-136, Washington, DC, USA. IEEE Computer Society.
  23. Sandhu, R. S. (1998). Role-Based Access Control. Advances in Computers, 46:237-286.
  24. Sandhu, R. S., Coyne, E. J., Feinstein, H. L., and Youman, C. E. (1996). Role-based access control models. Computer, 29(2):38-47.
  25. Saunders, G., Hitchens, M., and Varadharajan, V. (2001). Role-based Access Control and the Access Control Matrix. SIGOPS Oper. Syst. Rev., 35(4):6-20.
  26. Seufert, S. E. (2002). Die Zugriffskontrolle. PhD thesis, Bamberg, Univ., Diss., 2002.
  27. Vahs, D. (2007). Organisation: Einführung in die Organisationstheorie und -praxis. Schäffer-Poeschel.
  28. Williamson, G., Sharoni, I., Yip, D., and Spaulding, K. (2009). Identity Management: A Primer. Mc Press Series. MC Press Online.
Download


Paper Citation


in Harvard Style

Lawall A. (2015). Hypergraph-based Access Control Using Formal Language Expressions - HGAC . In Proceedings of 4th International Conference on Data Management Technologies and Applications - Volume 1: DATA, ISBN 978-989-758-103-8, pages 267-278. DOI: 10.5220/0005484602670278


in Bibtex Style

@conference{data15,
author={Alexander Lawall},
title={Hypergraph-based Access Control Using Formal Language Expressions - HGAC},
booktitle={Proceedings of 4th International Conference on Data Management Technologies and Applications - Volume 1: DATA,},
year={2015},
pages={267-278},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005484602670278},
isbn={978-989-758-103-8},
}


in EndNote Style

TY - CONF
JO - Proceedings of 4th International Conference on Data Management Technologies and Applications - Volume 1: DATA,
TI - Hypergraph-based Access Control Using Formal Language Expressions - HGAC
SN - 978-989-758-103-8
AU - Lawall A.
PY - 2015
SP - 267
EP - 278
DO - 10.5220/0005484602670278