Specifying, enforcing and evolving access control policies is essential to prevent security breaches and unavailability of resources. These access control design concerns impose requirements that allow only authorized users to access protected computer-based resources. Addressing these concerns in a design results in the spreading of access control functionality across several design modules. The pervasive nature of access control functionality makes it difficult to evolve, analyze, and enforce access control policies. To tackle this problem, we propose using an aspect-oriented modeling(AOM) approach for addressing access control concerns. In the AOM approach, functionality that addresses a pervasive access control concern is localized in an aspect. Other functional design concerns are addressed in a model of the application referred to as a primary model. Composing access control aspects with a primary model results in an application model that addresses access control concerns. We illustrate our approach using a form of Role-Based Access Control.

Despite considerable number of work on authorization models, enforcing multiple policies is still a challenge in order to achieve the level of security required in many real-world systems. Moreover current approaches address security settings independently, and their incorporation into systems development lifecycle is not well understood. This paper presents a formal model for the specification of access control policies. The approach can handle the enforcement of multiple policies through policies composition. Temporal dependencies among authorizations can be formulated. Interval Temporal Logic (ITL) is our underlying formal framework and policies are modeled as safety properties expressing how authorizations are granted over time. The approach is compositional, and can be used to specify other system’s properties such as functional and temporal requirements. The use of a common formalism eases the integration of security requirements into system requirements so that they can be reasoned about uniformly throughout the development lifecycle. Furthermore specification of policies are executable in Tempura, a simulation tool for ITL.

Abstract Business Processes for Web Services (BPEL4WS) are the new paradigms for lightweight enterprise integration. They cross organizational boundaries and are provided by entities that see each other just as business partners. Web services require shift in the access control mechanism: from identity-based access control to trust management and negotiation, but this is not enough for cross organizational business processes. For many businesses no partner may guess a priori what kind of credentials will be sent by clients and clients may not know a priori which credentials are required for completing a business process. We propose a logical framework for reasoning about access control for BPEL4WS and a BPEL4WS based implementation using Collaxa server. Our model is based on interaction and exchange of requests for supplying or declining missing credentials. We identify the formal reasoning services (deduction, abduction, consistency checking) that characterise the problem and discuss their implementation.

In this paper we make a contribution to the proof and trust layer of the Semantic Web layer cake by integrating two well founded techniques, namely DAML-S (for describing Web services with machine-processable semantics) and SPKI/SDSI (for specifying authorization based access control). Our approach builds on the idea of autonomous granting of access rights and decision making based on independent trust structures. Our framework allows the specification of access control related and functionality related aspects in a unified way that is manageable and efficient. Therefore, our approach is useful not only in typical Web service based applications (client-server architecture) but also in peer to peer and agent based applications.

Current access control models typically assume that resources are under the strict custody of a trusted party, which monitors each access request to verify if it is compliant with the specified access control policy. There are many scenarios where this approach is becoming no longer adequate. Many clear trends in Web technology are creating a need for owners of sensitive information to manage access to it by legitimate users using the services of honest but curious third parties, that is, parties trusted with providing the required service but not authorized to read the actual data content. In this scenario, the data owner encrypts the data before outsourcing and stores them at the server. Only the data owner and users with knowledge of the key will be able to decrypt the data. Possible access authorizations are to be enforced by the owner. In this paper, we address the problem of enforcing selective access on outsourced data without need of involving the owner in the access control process. The solution puts forward a novel approach that combines cryptography with authorizations, thus enforcing access control via selective encryption. The paper presents a formal model for access control management and illustrates how an authorization policy can be translated into an equivalent encryption policy while minimizing the amount of keys and cryptographic tokens to be managed. The paper also introduces a two-layer encryption

Abstract. Business Processes for Web Services are the new paradigm for lightweight enterprise integration. They cross organizational boundaries, are provided by entities that see each other just as business partners, and require access control mechanisms based on trust management. Stateful Business Processes, enforcing separation of duties or service limitations based on past or current usage, pose additional research challenges. Clients, which may not know the right set of credentials to supply to each partner, may end up in dead-ends and servers should help them find out what must be revoked and what missing is that grant access to a particular resource. We propose a logical framework and an interactive algorithm based on negotiation of credentials for access control that works for Stateful Business Processes. We show that our algorithm is sound (no grant is given to unauthorized clients), complete (authorized clients get grant) and resistant against DoS attempt. 1

We investigate a generalization of the notion of XML security view introduced by Stoica and Farkas [17] and later refined by Fan et al. [8]. The model consists of access control policies specified over DTDs with XPath expression for data-dependent access control policies. We provide the notion of security views for characterizing information accessible to authorized users. This is a transformed (sanitized) DTD schema that can be used by users for query formulation and optimization. Then we show an algorithm to materialize “authorized ” version of the document from the view and an algorithm to construct the view from an access control specification. We also propose a number of generalizations for security policies 1. Categories and Subject Descriptors H.2.7 [Database Administration]: Security, integrity and protection—Access control

For distributed computing systems, specification and enforcement of permissions can be based on a public key infrastructure which deals with public keys for asymmetric cryptography. We review previous approaches and classify them as based on trusted authorities with licencing and dealing with free properties (characterizing attributes including identities), e.g. X.509, or based on owners with delegation dealing with bound properties (including capabilities), e.g. SPKI/SDSI. These approaches are extended and integrated into a hybrid model which uses protocols to convert free properties into bound properties. Furthermore we unify licencing and delegation by introducing administrative properties. The hybrid model is suitable for a wide range of applications requiring security policies for confidentiality and integrity. In the latter case appropriate challenge-response protocols are needed. Secure mediation is taken as an example for such applications.

Abstract. Autonomic Communication is a new paradigm for dynamic network integration. An Autonomic Network crosses organizational boundaries and is provided by entities that see each other just as business partners. Policy-base network anagement already requires a paradigm shift in the access control mechanism (from identity-based access control to trust management and negotiation), but this is not enough for cross organizational autonomic communication. For many services no partner may guess a priori what credentials will be sent by clients and clients may not know a priori which credentials are required for completing a service requiring the orchestration of many different autonomic nodes. We propose a logical framework and a Web-Service based implementation for reasoning about access control for Autonomic Communication. Our model is based on interaction and exchange of requests for supplying or declining missing credentials. We identify the formal reasoning services that characterise the problem and sketch their implementation. 1

One crucial aspect of information technology for e-Society is security, where authorization is one of the three important factors, besides availability and integrity. During the past years Role-Based Access Control (RBAC) has been proven a sound method of modeling the authorization within an organization. Recently we introduced a novel distributed concept RBAC which is based on distributed generation and administration of access rules through distributed authorization spheres. In this approach called Modular Authorization, we were able to provide techniques for a decentralized definition of access policies, which are inherited along the organizational structure.