Access Control: Policies, Models, and Mechanisms
Access Control: Policies, Models, and
Mechanisms
Pierangela Samarati1 and Sabrina de Capitani di Vimercati2
1
Dipartimento di Tecnologie dell’Informazione, Universit` a di Milano
Via Bramante 65, 26013 Crema (CR), Italy samarati@dsi.unimi.it http://homes.dsi.unimi.it/~samarati
2
Dip. di Elettronica per l’Automazione, Universit` a di Brescia
Via Branze 38, 25123 Brescia, Italy decapita@ing.unibs.it http://www.ing.unibs.it/~decapita
Abstract. Access control is the process of mediating every request to resources and data maintained by a system and determining whether the request should be granted or denied. The access control decision is enforced by a mechanism implementing regulations established by a security policy. Different access control policies can be applied, corresponding to different criteria for defining what should, and what should not, be allowed, and, in some sense, to different definitions of what ensuring security means. In this chapter we investigate the basic concepts behind access control design and enforcement, and point out different security requirements that may need to be taken into consideration. We discuss several access control policies, and models formalizing them, that have been proposed in the literature or that are currently under investigation.
1
Introduction
An important requirement of any information management system is to protect data and resources against unauthorized disclosure (secrecy) and unauthorized or improper modifications (integrity), while at the same time ensuring their availability to legitimate users (no denials-of-service). Enforcing protection therefore requires that every access to a system and its resources be controlled and that all and only authorized accesses can take place. This process goes under the name of access control . The development of an access control system requires the definition of the regulations according to which access is to be controlled and their
Mechanisms
Pierangela Samarati1 and Sabrina de Capitani di Vimercati2
1
Dipartimento di Tecnologie dell’Informazione, Universit` a di Milano
Via Bramante 65, 26013 Crema (CR), Italy samarati@dsi.unimi.it http://homes.dsi.unimi.it/~samarati
2
Dip. di Elettronica per l’Automazione, Universit` a di Brescia
Via Branze 38, 25123 Brescia, Italy decapita@ing.unibs.it http://www.ing.unibs.it/~decapita
Abstract. Access control is the process of mediating every request to resources and data maintained by a system and determining whether the request should be granted or denied. The access control decision is enforced by a mechanism implementing regulations established by a security policy. Different access control policies can be applied, corresponding to different criteria for defining what should, and what should not, be allowed, and, in some sense, to different definitions of what ensuring security means. In this chapter we investigate the basic concepts behind access control design and enforcement, and point out different security requirements that may need to be taken into consideration. We discuss several access control policies, and models formalizing them, that have been proposed in the literature or that are currently under investigation.
1
Introduction
An important requirement of any information management system is to protect data and resources against unauthorized disclosure (secrecy) and unauthorized or improper modifications (integrity), while at the same time ensuring their availability to legitimate users (no denials-of-service). Enforcing protection therefore requires that every access to a system and its resources be controlled and that all and only authorized accesses can take place. This process goes under the name of access control . The development of an access control system requires the definition of the regulations according to which access is to be controlled and their
References: 15:706–734, 1993. 173, 174 2 4. A. Aho, J. Hoperoft, and J. Ullman. The Design and Analysis of Computer Algorithms. Addison-Wesley, 1974. 143 5 Kluwer Academic Publishers, 1999. 161 8 Technical Report ESD-TR-278, vol. 3, The Mitre Corp., Bedford, MA, 1973. 152, 153 Bedford, MA, 1973. 152 12 14. E. Bertino, S. de Capitani di Vimercati, E. Ferrari, and P. Samarati. Exceptionbased information flow control in object-oriented systems. ACM Transactions on Information and System Security (TISSEC), 1(1):26–65, 1998 Issues in Distributed and Mobile Object Systems. Springer Verlag – LNCS Stateof-the-Art series, 1998. 189 18 Gaithersburg, MD, 1985. 164 20 to composing access control policies. In Proc. of the Seventh ACM Conference on Computer and Communications Security, Athens, Greece, 2000 22. D. F. C. Brewer and M. J. Nash. The Chinese Wall security policy. In Proc. IEEE Symposium on Security and Privacy, pages 215–228, Oakland, CA, 1989 Addison-Wesley, 1995. 178 Access Control: Policies, Models, and Mechanisms Trust management for Web applications. Computer Networks and ISDN Systems, 29(8–13):953–964, 1997 Standard, ISo/IEC 9075:1999, 1999. 177, 180, 181 29 (PODS), Philadelphia, CA, 1999. 156, 159 31