Trilattice-Based Access Control Models: How to Secure Current Computer Network

Designing security, from the hardware level, is essential to ensure the integrity of the intelligent cyber-physical infrastructure that is the Industrial Internet of Things (IIoT). If intelligent cyber-physical infrastructure fails to do the right things because it is insecure and vulnerable, then there will be negative social consequences [1]. Security is, in a sense, the access control to IIoT systems, which increasingly relies on the ability to compose different policies. Therefore, the advantage in any framework for compiling policies is that it is intuitive, formal, expressive, application-independent, as well as expandable to create domain-specific instances. Recently, such a scheme was proposed based on Belnap logic FOUR2 [2]. Four values of the Belnap bilattice have been interpreted as grant, deny, conflict, or unspecified with respect to access-control policy. Belnap’s four-valued logic has found a variety of applications in various fields, such as deductive database theory, distributed logic programming, and other areas. However, it turns out that the truth order in FOUR2 is a truth-and-falsity order at the same time [3]. The smallest lattice, where the orders of truth and falsity are independent of each other, which is especially important for security policy, is that of Shramko-Wansing’s SIXTEEN3. This generalization is well-motivated and leads from the bilattice FOUR2 with an information and a truth-and-falsity ordering to another algebraic structure, namely the trilattice SIXTEEN3 with an information ordering together with a truth ordering and a (distinct) falsity ordering.Based onSIXTEEN3 and new Boolean predicates to control access [4], we define an expressive access-control policy language, having composition statements based on the statements of Schramko-Wansing’s logic. Natural orderings on politics are obtained by independent lifting the orders of truth and falsity of trilattice, which results in a query language in which conflict freedom analysis can be developed. The reduction of formal verification of queries to that on predicates over access requests enables to carry out policy analysis. We evaluate our approach through examples of control access model policy.

Download Full-text

XACML-Based Fine-Grained Security Policy for Distributed System

Advanced Materials Research ◽

10.4028/www.scientific.net/amr.225-226.848 ◽

2011 ◽

Vol 225-226 ◽

pp. 848-851

Author(s):

Ai Juan Zhang ◽

Jing Xiang Gao ◽

Cheng Ji

Keyword(s):

Access Control ◽

Software Development ◽

Security Policy ◽

Control Policy ◽

Distributed Applications ◽

Security Policies ◽

Security Model ◽

Access Control Policy ◽

Fine Grained ◽

Security Modeling

Distributed applications often require integrating security policies of collaborating parties. The integration must be able to support complex authorization specifications and the fine-grained resources access requirements that the various parties may have. But now security modeling is not considered as a vital part in software development. In this paper, it is proposed to integrate the design of access control policy into software development. In this paper, UML is used to model access control policy, and then a framework is designed to generate the security model result expressed in XACML and to verify the policy correct and complete.

Download Full-text