Access Control: Policies, Models, and Mechanisms

Topics: Access control, Access Control Matrix, Access control list Pages: 60 (27400 words) Published: October 26, 2014
Access Control: Policies, Models, and
Pierangela Samarati1 and Sabrina de Capitani di Vimercati2

Dipartimento di Tecnologie dell’Informazione, Universit`
a di Milano
Via Bramante 65, 26013 Crema (CR), Italy
Dip. di Elettronica per l’Automazione, Universit`
a di Brescia
Via Branze 38, 25123 Brescia, Italy

Abstract. Access control is the process of mediating every request to resources and data maintained by a system and determining whether the request should be granted or denied. The access control decision is enforced by a mechanism implementing regulations established by a security policy. Different access control policies can be applied, corresponding to different criteria for defining what should, and what should not, be allowed, and, in some sense, to different definitions of what ensuring security means. In this chapter we investigate the basic concepts behind access control design and enforcement, and point out different security requirements that may need to be taken into consideration. We discuss several access control policies, and models formalizing them, that have been proposed in the literature or that are currently under investigation.



An important requirement of any information management system is to protect data and resources against unauthorized disclosure (secrecy) and unauthorized or improper modifications (integrity), while at the same time ensuring their availability to legitimate users (no denials-of-service). Enforcing protection therefore requires that every access to a system and its resources be controlled and that all and only authorized accesses can take place. This process goes under the name of access control . The development of an access control system requires the definition of the regulations according to which access is to be controlled and their implementation as functions executable by a computer system. The development process is usually carried out with a multi-phase approach based on the following concepts:

Security policy: it defines the (high-level) rules according to which access control must be regulated.1 1

Often, the term policy is also used to refer to particular instances of a policy, that is, actual authorizations and access restrictions to be enforced (e.g., Employees can read bulletin-board).

R. Focardi and R. Gorrieri (Eds.): FOSAD 2000, LNCS 2171, pp. 137–196, 2001. c Springer-Verlag Berlin Heidelberg 2001


Pierangela Samarati and Sabrina de Capitani di Vimercati

Security model: it provides a formal representation of the access control security policy and its working. The formalization allows the proof of properties on the security provided by the access control system being designed. Security mechanism: it defines the low level (software and hardware) functions that implement the controls imposed by the policy and formally stated in the model.

The three concepts above correspond to a conceptual separation between different levels of abstraction of the design, and provides the traditional advantages of multi-phase software development. In particular, the separation between policies and mechanisms introduces an independence between protection requirements to be enforced on the one side, and mechanisms enforcing them on the other. It is then possible to: i) discuss protection requirements independently of their implementation, ii) compare different access control policies as well as different mechanisms that enforce the same policy, and iii) design mechanisms able to enforce multiple policies. This latter aspect is particularly important: if a mechanism is tied to a specific policy, a change in the policy would require changing the whole access control system; mechanisms able to enforce multiple policies avoid this drawback. The formalization phase between the policy definition and its implementation...

References: 15:706–734, 1993. 173, 174
4. A. Aho, J. Hoperoft, and J. Ullman. The Design and Analysis of Computer Algorithms. Addison-Wesley, 1974. 143
Kluwer Academic Publishers, 1999. 161
Technical Report ESD-TR-278, vol. 3, The Mitre Corp., Bedford, MA, 1973. 152,
Bedford, MA, 1973. 152
14. E. Bertino, S. de Capitani di Vimercati, E. Ferrari, and P. Samarati. Exceptionbased information flow control in object-oriented systems. ACM Transactions on
Information and System Security (TISSEC), 1(1):26–65, 1998
Issues in Distributed and Mobile Object Systems. Springer Verlag – LNCS Stateof-the-Art series, 1998. 189
Gaithersburg, MD, 1985. 164
to composing access control policies. In Proc. of the Seventh ACM Conference on
Computer and Communications Security, Athens, Greece, 2000
22. D. F. C. Brewer and M. J. Nash. The Chinese Wall security policy. In Proc. IEEE
Symposium on Security and Privacy, pages 215–228, Oakland, CA, 1989
Addison-Wesley, 1995. 178
Access Control: Policies, Models, and Mechanisms
Trust management for Web applications. Computer Networks and ISDN Systems,
29(8–13):953–964, 1997
Standard, ISo/IEC 9075:1999, 1999. 177, 180, 181
(PODS), Philadelphia, CA, 1999. 156, 159
Continue Reading

Please join StudyMode to read the full document

You May Also Find These Documents Helpful

  • Access Control Policy Essay
  • remote access control policy Essay
  • Essay about Access Control Policy
  • It 244 Access Control Policy Appendix F Essay
  • Access Control Policy Essay
  • Access Control Policy Essay
  • Essay on Access Control Policy
  • lab 8 Access Controls Essay

Become a StudyMode Member

Sign Up - It's Free