Christopher Alm’s research while affiliated with Hamburg University and other places

Since its emergence in the early 1990s, role-based access control (RBAC) has gained more and more popularity. Its flexibility has been leading to a multitude of proposed access control models and mechanisms based on the role paradigm. They adapt RBAC according to the specific needs of specific settings, for example, by providing support for delegation of rights in workflow environments. The goal of this paper is to develop a holistic classification framework for such models and mechanisms. By using this framework, firstly, a comparison of different models and mechanisms can be achieved. Secondly, considering them from the perspective of the classification, requirements of a specific setting can be mapped onto a model or mechanism, once the existing models and mec hanisms are classified. This is particularly helpful for security officers of organizations who need to evaluate different models and mechanisms. Finally, the framework assists designers of access control models by giving them a structured view on the properties such models can have. We apply the framework to BEA WebLogic Server, Adage, and X-GTRBAC.

XACML has become a standard access control policy language in web service environments. However, there is still no feasible solution for XACML policy administration and validation that overcomes the complexity and verbosity of XACML, in particular with regard to high-level access control principles such as history-based separation of duty. Hence, XACML policy management is still difficult and error-prone. In order to solve this problem, we present a translation approach from the high-level declarative access control policy language OPL to XACML. Thereby we can, on the one hand, handle the complexity of the administration of policies including advanced authorization constraints. On the other hand, we are able to keep an XACML based enforcement environment which may be already in place.

Existing policy languages suffer from a limited ability of directly and elegantly expressing high-level access control principles such as history-based separation of duty [22], binding of duty [26], context constraints [24], Chinese wall properties [10], and obligations [20]. It is often difficult to extend a language in order to retrofit these features once required or it is necessary to use complicated and complex language constructs to express such concepts. The latter, however, is cumbersome and error-prone for humans dealing with policy administration. We present the flexible policy language OPL that can represent a wide range of access control principles in XML directly, by providing dedicated language constructs for each supported principle. It can be easily extended with further principles if necessary. OPL is based on a module concept, and it can easily cope with the language complexity that usually comes with a growing expressiveness. OPL is suitable to be used in an enterprise environment, since it combines the required expressiveness with the simplicity necessary for an appropriate administration.

To date, no methodical approach has been found to integrate multiple access control extensions and concepts proposed for RBAC in an access control model that deals with the complexity of such a model and still leaves the model open for further extensions. As we know from the case studies of our research project [1], bringing together various access control concepts such as separation of duty, workflow-related concepts, and context constraints is necessary in real world scenarios such as in the health care sector and in the financial sector. To solve this problem, this report presents an extensible and flexible framework for the specification of complex RBAC models that is based on the modularization of access control concepts. Each concept is packed into a so-called authorization module and can then be reused and com-bined with other modules in order to specify a full access control model. The framework can be used to define new access control concepts rapidly and concisely as well as to explore and analyze them thoroughly. Further-more, it is capable of delivering a policy data model for each generated access control model which can be used to develop an appropriate policy language. As a method we use formal, object-oriented specification in the Object-Z notation. In particular, we demonstrate how formal reasoning can be applied in order to provide an in-depth analysis of the specification.

Existing policy languages suffer from having a limited ability of directly and elegantly expressing high-level access control principles such as history-based separation of duty, binding of duty, context constraints, Chinese wall, and obligations. Furthermore, it is often difficult to extend a language in order to retrofit these features once required or it is necessary to make use of complicated and complex language constructs to express a concept. In particular, the latter may cause human mistakes in the policy administration. To address this problem, this report introduces a flexible, new policy language. The full language specification is given including a formal semantics written in Object Z and a formal syntax defined in XML. OPL can represent a wide range of access control principl es directly by providing dedicated XML tags for each supported principle. It can be easily extended with further principles if necessary. Since OPL is based on a module concept, it can cope with the language complexity that usually comes with a growing expressiveness. Altogether OPL is suitable to be used in an enterprise environment: it combines the required expressiveness with the simplicity necessary for an appropriate administration. A considerable reference scenario is included in this report.