Steven Barker

Status-Based Access Control

Despite their widespread adoption, Role-based Access Control (RBAC) models exhibit certain shortcomings that make them less than ideal for deployment in, for example, distributed access control. In the distributed case, standard RBAC assumptions (e.g., of relatively static access policies, managed by human users, with complete information available about users and job functions) do not necessarily apply. Moreover, RBAC is restricted in the sense that it is based on one type of ascribed status, an assignment of a user to a role. In this article, we introduce the status-based access control (SBAC) model for distributed access control. The SBAC model (or family of models) is based on the notion of users having an action status as well as an ascribed status. A users action status is established, in part, from a history of events that relate to the user; this history enables changing access policy requirements to be naturally accommodated. The approach can be implemented as an autonomous agent that reasons about the events, actions, and a history (of events and actions), which relates to a requester for access to resources, in order to decide whether the requester is permitted the access sought. We define a number of algebras for composing SBAC policies, algebras that exploit the language that we introduce for SBAC policy representation: identification-based logic programs. The SBAC model is richer than RBAC models and the policies that can be represented in our approach are more expressive than the policies admitted by a number of monotonic languages that have been hitherto described for representing distributed access control requirements. Our algebras generalize existing algebras that have been defined for access policy composition. We also describe an approach for the efficient implementation of SBAC policies.

Efficient and flexible access control via logic program specialisation

We describe the use of a flexible meta-interpreter for performing access control checks on deductive databases. The meta-program is implemented in Prolog and takes as input a database and an access policy specification. We then proceed to specialise the meta-program for a given access policy and intensional database by using the logen partial evaluation system. In addition to describing the programs involved in our approach, we give a number of performance measures for our implementation of an access control checker, and we discuss the implications of using this approach for access control on deductive databases. In particular, we show that by using our approach we get flexible access control with virtually zero overhead.

Action-status access control

We introduce a generalization of Role-based Access Control that we call the Action-Status Access Control (ASAC) model. The ASAC model addresses certain shortcomings with RBAC models when applied in distributed computing contexts. The ASAC model is based on the notion of status, and a nonmonotonic theory of access control that is founded upon the notions of events, actions and times. The approach allows automatic changes to be made to policy requirements and agent authorizations that may be based, in part, on an agents intentional behaviors.

Protecting deductive databases from unauthorized retrieval and update requests

We show how deductive databases may be protected against unauthorized retrieval and update requests issued by authenticated users. To achieve this protection, a deductive database is expressed in a form that guarantees that only authorized access requests are permitted. Authorized retrieval and update requests are specified by using an access control theory that is expressed in normal clause logic. The approach has a number of attractive technical results associated with it, can be efficiently implemented, and can be used to protect the information in any normal deductive database.

Efficient and flexible access control via Jones-optimal logic program specialisation

We describe the use of a flexible meta-interpreter for performing access control checks on deductive databases. The meta-program is implemented in Prolog and takes as input a database and an access policy specification. For processing access control requests we specialise the meta-program for a given access policy and database by using the logen partial evaluation system. The resulting specialised control checking program is dependent solely upon dynamic information that can only be known at the time of actual access request evaluation. In addition to describing our approach, we give a number of performance measures for our implementation of an access control checker. In particular, we show that by using our approach we get flexible access control with virtually no overhead, satisfying the Jones optimality criterion. The paper also shows how to satisfy the Jones optimality criterion more generally for interpreters written in the non-ground representation.

Access control by action control

We address the problem of defining access control policies that may be used in the evaluation of requests made by client actors, in the course of e-trading, to perform actions on the resources maintained by an e-collective. An e-collective is a group of agents that may act individually or in conjunction with other agents to satisfy a clients request to act. Our principal contribution to this key problem is to define formally an access control model in terms of which policies may be specified for helping to ensure that only legitimate forms of client actions are performed in the course of engaging in e-trading. We call this model the action control model. In action control, the notion of intentional, empowered, authorized actions, that may be performed individualistically or jointly with other agents, and in a manner that is consistent with a group ethos, is the basis for specifying a set of permissives. A permissive is a generalization of the notion of a permission (as the latter term is usually interpreted in access control). In addition to the formal definition of the action control model, we give examples of action control policy specifications and we describe a candidate implementation and performance measures.

Action Control by Term Rewriting

We address the problem of defining access control policies that may be used in the evaluation of requests made by client actors, in the course of e-trading, to perform actions on the resources maintained by an e-collective. An e-collective is a group of agents that may act individually or in conjunction with other agents to satisfy a clients request to act. Our principal contribution to this key problem is to define formally an access control model in terms of which policies may be specified for helping to ensure that only legitimate forms of client actions are performed in the course of engaging in e-trading. We call this model the action control model. In action control, the notion of intentional, empowered, authorized actions, that may be performed individually or jointly with other agents and in a manner that is consistent with a group ethos, is the basis for specifying a set of permissives. A permissive is a generalization of the notion of permission (as the latter term is usually interpreted in access control). We define our action control model as a term rewrite system and we give examples of access policy representation.

Access policy specification for Web applications

We show how access to Web resources may be controlled by using an access control program that implements a reactive agent. The agent reasons about the events, actions and a history (of events and actions) that relate to a user in order to make decisions about permitting the user to access information that is held on remote servers. The access control program is based on an abstract access control model that is formally specified as a clause form theory. Access policies may be efficiently implemented in a variety of practical languages.

Event-oriented Web-based E-trading

We address the problem of defining policies that may be used in the evaluation of requests made by client actors, in the course of web-based e-trading, to perform actions on the resources maintained by the server agents of an e-cooperative. An e-cooperative is a group of agents in cyberspace that may act individually or in conjunction with other agents to satisfy a clients request to act. Our principal contribution to this key problem is to define formally an event-oriented model in terms of which policies may be specified for helping to ensure that only legitimate forms of client actions are performed in the course of engaging in e-trading via the web. We call this model the Event-oriented Web-based E-trading (EWE) model. Policies defined in terms of the EWE model are used to specify a set of actions that client actors can perform as a consequence of the client having a particular status. We define the EWE model using a logic programming language and we give examples of web-based e-trading policy representation, validation and evaluation.