A data structure for dynamic trees
Journal of Computer and System Sciences
Authentication in distributed systems: theory and practice
ACM Transactions on Computer Systems (TOCS)
A logic for reasoning about security
ACM Transactions on Computer Systems (TOCS)
A calculus for access control in distributed systems
ACM Transactions on Programming Languages and Systems (TOPLAS)
Role-Based Access Control Models
Computer
Security in computing
An access control model supporting periodicity constraints and temporal reasoning
ACM Transactions on Database Systems (TODS)
A role-based access control model and reference implementation within a corporate intranet
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
CCS '99 Proceedings of the 6th ACM conference on Computer and communications security
An authorization mechanism for a relational database system
ACM Transactions on Database Systems (TODS)
Fast Decision Procedures Based on Congruence Closure
Journal of the ACM (JACM)
Flexible support for multiple access control policies
ACM Transactions on Database Systems (TODS)
Logic for Applications
Delegation logic: A logic-based approach to distributed authorization
ACM Transactions on Information and System Security (TISSEC)
DATALOG with Constraints: A Foundation for Trust Management Languages
PADL '03 Proceedings of the 5th International Symposium on Practical Aspects of Declarative Languages
Compliance Checking in the PolicyMaker Trust Management System
FC '98 Proceedings of the Second International Conference on Financial Cryptography
Design of a Role-Based Trust-Management Framework
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Binder, a Logic-Based Security Language
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Decentralized Trust Management
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
SD3: A Trust Management System with Certified Evaluation
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
A logical reconstruction of SPKI
Journal of Computer Security - Special issue on CSFW14
Cassandra: Flexible Trust Management, Applied to Electronic Health Records
CSFW '04 Proceedings of the 17th IEEE workshop on Computer Security Foundations
Understanding SPKI/SDSI using first-order logic
International Journal of Information Security
Journal of the ACM (JACM)
Expressive policy analysis with enhanced system dynamicity
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
An analysis of interoperability between licenses
Proceedings of the tenth annual ACM workshop on Digital rights management
Checking structural integrity for metadata repository systems by means of description logics
DASFAA'10 Proceedings of the 15th international conference on Database systems for advanced applications
Dealing with logical omniscience: Expressiveness and pragmatics
Artificial Intelligence
Security rules versus security properties
ICISS'10 Proceedings of the 6th international conference on Information systems security
A notation for policies using feature structures
DPM'10/SETOP'10 Proceedings of the 5th international Workshop on data privacy management, and 3rd international conference on Autonomous spontaneous security
Specifying and verifying organizational security properties in first-order logic
Verification, induction termination analysis
Specifying and verifying organizational security properties in first-order logic
Verification, induction termination analysis
Logical approaches to authorization policies
Logic Programs, Norms and Action
An approach to the formal analysis of license interoperability
Computers and Electrical Engineering
Automated analysis of rule-based access control policies
PLPV '13 Proceedings of the 7th workshop on Programming languages meets program verification
Engineering access control policies for provenance-aware systems
Proceedings of the third ACM conference on Data and application security and privacy
Science of Computer Programming
| Hi-index | 0.00 |
A policy describes the conditions under which an action is permitted or forbidden. We show that a fragment of (multi-sorted) first-order logic can be used to represent and reason about policies. Because we use first-order logic, policies have a clear syntax and semantics. We show that further restricting the fragment results in a language that is still quite expressive yet is also tractable. More precisely, questions about entailment, such as “May Alice access the file?”, can be answered in time that is a low-order polynomial (indeed, almost linear in some cases), as can questions about the consistency of policy sets.