Role-Based Access Control Models
Computer
Coloured Petri nets (2nd ed.): basic concepts, analysis methods and practical use: volume 1
Coloured Petri nets (2nd ed.): basic concepts, analysis methods and practical use: volume 1
An access control model supporting periodicity constraints and temporal reasoning
ACM Transactions on Database Systems (TODS)
Protection in operating systems
Communications of the ACM
Flexible support for multiple access control policies
ACM Transactions on Database Systems (TODS)
An algebra for composing access control policies
ACM Transactions on Information and System Security (TISSEC)
A uniform framework for regulating service access and information release on the web
Journal of Computer Security
CASL: the common algebraic specification language
Theoretical Computer Science
DATALOG with Constraints: A Foundation for Trust Management Languages
PADL '03 Proceedings of the 5th International Symposium on Practical Aspects of Declarative Languages
Rewriting Logic as a Unifying Framework for Petri Nets
Unifying Petri Nets, Advances in Petri Nets
A propositional policy algebra for access control
ACM Transactions on Information and System Security (TISSEC)
Dynamic access control through Petri net workflows
ACSAC '00 Proceedings of the 16th Annual Computer Security Applications Conference
Organization based access control
POLICY '03 Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks
Analyzing consistency of security policies
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Verifying Enterprise 's Mandatory Access Control Policies with Coloured Petri Nets
WETICE '03 Proceedings of the Twelfth International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises
An Approach for Modeling and Analysis of Security System Architectures
IEEE Transactions on Knowledge and Data Engineering
Composing security policies with polymer
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
Nomad: A Security Model with Non Atomic Actions and Deadlines
CSFW '05 Proceedings of the 18th IEEE workshop on Computer Security Foundations
Driving and Monitoring Provisional Trust Negotiation with Metapolicies
POLICY '05 Proceedings of the Sixth IEEE International Workshop on Policies for Distributed Systems and Networks
A Role-Based Access Control Policy Verification Framework for Real-Time Systems
WORDS '05 Proceedings of the 10th IEEE International Workshop on Object-Oriented Real-Time Dependable Systems
Towards reasonability properties for access-control policy languages
Proceedings of the eleventh ACM symposium on Access control models and technologies
Modeling Chinese Wall Policy Using Colored Petri Nets
CIT '06 Proceedings of the Sixth IEEE International Conference on Computer and Information Technology
Defeasible security policy composition for web services
Proceedings of the fourth ACM workshop on Formal methods in security
Verification of Strict Integrity Policy via Petri Nets
ICSNC '06 Proceedings of the International Conference on Systems and Networks Communication
Algorithms and Reductions for Rewriting Problems
Fundamenta Informaticae
The Confluence Property for Petri Nets and its Applications
SYNASC '06 Proceedings of the Eighth International Symposium on Symbolic and Numeric Algorithms for Scientific Computing
A simple and expressive semantic framework for policy composition in access control
Proceedings of the 2007 ACM workshop on Formal methods in security engineering
Weaving rewrite-based access control policies
Proceedings of the 2007 ACM workshop on Formal methods in security engineering
Access-Control Policies via Belnap Logic: Effective and Efficient Composition and Analysis
CSF '08 Proceedings of the 2008 21st IEEE Computer Security Foundations Symposium
A rewriting framework for the composition of access control policies
Proceedings of the 10th international ACM SIGPLAN conference on Principles and practice of declarative programming
A Formal Comparison of the Bell & LaPadula and RBAC Models
IAS '08 Proceedings of the 2008 The Fourth International Conference on Information Assurance and Security
Rewrite Based Specification of Access Control Policies
Electronic Notes in Theoretical Computer Science (ENTCS)
Analysis of Rewrite-Based Access Control Policies
Electronic Notes in Theoretical Computer Science (ENTCS)
ICATPN'00 Proceedings of the 21st international conference on Application and theory of petri nets
Towards security and privacy for pervasive computing
ISSS'02 Proceedings of the 2002 Mext-NSF-JSPS international conference on Software security: theories and systems
Term rewriting for access control
DBSEC'06 Proceedings of the 20th IFIP WG 11.3 working conference on Data and Applications Security
Trust in LORA: towards a formal definition of trust in BDI agents
KES'06 Proceedings of the 10th international conference on Knowledge-Based Intelligent Information and Engineering Systems - Volume Part II
Specifying and reasoning about dynamic access-control policies
IJCAR'06 Proceedings of the Third international joint conference on Automated Reasoning
Component-based description of programming languages
VoCS'08 Proceedings of the 2008 international conference on Visions of Computer Science: BCS International Academic Conference
Modular access control via strategic rewriting
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
Hi-index | 0.00 |
Security policies are one of the most fundamental elements of computer security. This paper uses colored Petri net process (CPNP) to specify and verify security policies in a modular way. It defines fundamental policy properties, i.e., completeness, termination, consistency and confluence, in Petri net terminology and gets some theoretical results. According to XACML combiners and property-preserving Petri net process algebra (PPPA), several policy composition operators are specified and property-preserving results are stated for the policy correctness verification.