Clara Bertolissi

Dynamic event-based access control as term rewriting

Despite the widespread adoption of Role-based Access Control (RBAC) models, new access control models are required for new applications for which RBAC may not be especially well suited and for which implementations of RBAC do not enable properties of access control policies to be adequately defined and proven. To address these issues, we propose a form of access control model that is based upon the key notion of an event. The access control model that we propose is intended to permit the representation of access control requirements in a distributed and changing computing environment, the proving of properties of access control policies defined in terms of our model, and direct implementations for access control checking.

A rewriting framework for the composition of access control policies

In large, and often distributed, environments, where access control information may be shared across multiple sites, the combination of individual specifications in order to define a coherent access control policy is of fundamental importance. In order to ensure non-ambiguous behaviour, formal languages, often relying on firstorder logic, have been developed for the description of access control policies. We propose in this paper a formalisation of policy composition by means of term rewriting. We show how, in this setting, we are able to express a wide range of policy combinations and reason about them. Modularity properties of rewrite systems can be used to derive the correctness of the global policy, i.e. that every access request has an answer and this answer is unique

A Rewriting Calculus for Cyclic Higher-order Term Graphs

Introduced at the end of the nineties, the Rewriting Calculus (ρ-calculus, for short) is a simple calculus that fully integrates term-rewriting and λ-calculus. The rewrite rules, acting as elaborated abstractions, their application and the obtained structured results are first class objects of the calculus. The evaluation mechanism, generalizing beta-reduction, strongly relies on term matching in various theories.In this paper we propose an extension of the ρ-calculus, handling graph like structures rather than simple terms. The transformations are performed by explicit application of rewrite rules as first class entities. The possibility of expressing sharing and cycles allows one to represent and compute over regular infinite entities.The calculus over terms is naturally generalized by using unification constraints in addition to the standard ρ-calculus matching constraints. This therefore provides us with the basics for a natural extension of an explicit substitution calculus to term graphs. Several examples illustrating the introduced concepts are given.

Category-Based authorisation models: operational semantics and expressive power

In this paper we give an operational specification of a meta-model of access control using term rewriting. To demonstrate the expressiveness of the meta-model, we show how several traditional access control models, and also some novel models, can be defined as special cases. The operational specification that we give permits declarative representation of access control requirements, is suitable for fast prototyping of access control checking, and facilitates the process of proving properties of access control policies.

A metamodel of access control for distributed environments

We describe a metamodel for access control, designed to take into account the specific requirements of distributed environments. We see a distributed system consisting of several sites, each with its own resources to protect, as a federation, and propose a framework for the specification (and enforcement) of global access control policies that take into account the local policies specified by each member of the federation. The framework provides mechanisms to specify heterogeneous local access control policies, to define policy composition operators, and to use them to define conflict-free access authorisation decisions. We use a declarative formalism in order to give an operational semantics to the distributed metamodel. We then show how properties of policies can be directly obtained from standard results for the operational semantics of access request evaluation.

An algebraic-functional framework for distributed access control

We propose an access control model that takes into account the specific behaviour of distributed, highly dynamic environments, and describe their representation using an algebraic-functional framework. The declarative nature of the model facilitates the analysis of policies, and direct implementations for access control checking even when resources and information are widely dispersed.

Rewrite specifications of access control policies in distributed environments

We define a metamodel for access control that takes into account the requirements of distributed environments, where resources and access control policies may be distributed across several sites. This distributed metamodel is an extension of the category-based metamodel proposed in previous work (from which standard centralised access control models such as MAC, DAC, RBAC, Bell-Lapadula, etc. can be derived). We use a declarative formalism in order to give an operational semantics to the distributed metamodel. We then show how various distributed access control models can be derived as instances of the distributed metamodel, including distributed models where each site implements a different kind of local access control model.

Distributed event-based access control

We propose an event-based access control model, called Distributed-DEBAC, that takes into account the behaviour of distributed systems. Distributed-DEBAC policies are specified using an algebraic-functional framework. The declarative nature of the model facilitates the analysis of policies, and direct implementations for access control checking even when resources and information are widely dispersed. We give examples of application.

Time and Location Based Services with Access Control

We propose an access control model that extends RBAC (role-based access control) to take time and location into account, and use term rewriting systems to specify access control policies in this model. We discuss implementation techniques for rewrite-based policy specifications, and the integration of these policies in Web applications. The declarative nature of the model facilitates the analysis of policies and the evaluation of access requests: we present two case-studies.

Expressing combinatory reduction systems derivations in the rewriting calculus

The last few years have seen the development of the rewriting calculus (also called rho-calculus or ρ-calculus) that uniformly integrates first-order term rewriting and the λ-calculus. The combination of these two latter formalisms has been already handled either by enriching first-order rewriting with higher-order capabilities, like in the Combinatory Reduction Systems (CRS), or by adding to the λ-calculus algebraic features. The various higher-order rewriting systems and the rewriting calculus share similar concepts and have similar applications, and thus, it is important to compare these formalisms to better understand their respective strengths and differences.We show in this paper that we can express Combinatory Reduction Systems derivations in terms of rewriting calculus derivations. The approach we present is based on a translation of each possible CRS-reduction into a corresponding ρ-reduction. Since for this purpose we need to make precise the matching used when evaluating CRS, the second contribution of the paper is to present an original matching algorithm for CRS terms that uses a simple term translation and the classical matching of lambda terms.