Overview

Providing interoperation among different information systems while preserving the security requirements of individual components led to the development of flexible access control models such as logic-based languages. The current studies however, do not provide methodology to translate existing access control models into the language framework. This research concentrates on techniques to translate existing access control specifications to a previously developed logic-based language. This includes methods to automatically translate Access Control Lists and Bell-LaPadula models into Authorization Specification Language (ASL) statements. These types of translations are clearly needed to ensure a unified framework for access control management. Manual translations are inefficient and prone to errors. One requirement for this study is the development of algorithms to automate the translation process while preserving the access control requirements of the original systems.

Existing authorization models enforce a particular access control policy and may not be flexible enough to encapsulate all the security requirements of a given system. This study includes the two most widely used access control models, Access Control List and Bell-LaPadula model. The aim was not to modify the Authorization Specification Language predicates, but to develop a set of actions and rules to enable the desired transformations. Automated Policy Translation Architecture (APTA) is designed to translate Access Control List and Bell-LaPadula specifications into Authorization Specification Language statements. APTA takes the already existing security policies and transmits them to the appropriate Automated Translation Module (ATM), depending on the type of the original policy definition. The ATMs perform the necessary steps to create a corresponding ASL specification of the original policy. The technical contribution of this study is the development of algorithms that led to formal transformation rules for both models previously mentioned. While the translation from ACL to ASL is straightforward, the translation from BLP to ASL, that ensures that both BLP axioms are satisfied, is a substantially harder problem. To closely mimic the Bell-La Padula axioms this model defines for each security label two associated roles: one for read and one for write. This solution was ascertained by the differences in the read/write policies defined by the BLP model, namely “read down” and “write up”.

Future research

The Automated Policy Translation (APTA) model was designed to translate Access Control List and Bell-LaPadula specifications into Authorization Specification Language. APTA takes the already existing security policies and generate the corresponding ASL specification of the original policy. Currently APTA incorporates ATMs for ACL and BLP policies, not fully taking advantage of the expressiveness of ASL. The efficiency and simplicity of these translations make APTA suitable for real-world applications. Future plans to extend APTA include developing ATMs for role based and provisional access control models. In addition, an interesting research problem would be to analyze the dynamic behavior of existing translation systems. The current model guarantees that the security requirements of the original systems are satisfied at the time of the translations. However, no mechanism has been developed to ensure that future changes to the generated ASL will not violate the original security requirements.

Links: C. Farkas, A. Stoica, P. Talekar, Automated Policy Translation, Proceedings of CCCT 2003