Artificial Intelligence
An algebra for composing access control policies
ACM Transactions on Information and System Security (TISSEC)
A fine-grained access control system for XML documents
ACM Transactions on Information and System Security (TISSEC)
Principles of Program Analysis
Principles of Program Analysis
The Design and Analysis of Computer Algorithms
The Design and Analysis of Computer Algorithms
Securing XML Documents with Author-X
IEEE Internet Computing
A propositional policy algebra for access control
ACM Transactions on Information and System Security (TISSEC)
The secondary and approximate authorization model and its application to Bell-LaPadula policies
Proceedings of the eleventh ACM symposium on Access control models and technologies
Access-Control Policies via Belnap Logic: Effective and Efficient Composition and Analysis
CSF '08 Proceedings of the 2008 21st IEEE Computer Security Foundations Symposium
D-algebra for composing access control policy decisions
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
Access control policy combining: theory meets practice
Proceedings of the 14th ACM symposium on Access control models and technologies
xfACL: an extensible functional language for access control
Proceedings of the 16th ACM symposium on Access control models and technologies
Quantitative access control with partially-observable Markov decision processes
Proceedings of the second ACM conference on Data and Application Security and Privacy
PTaCL: a language for attribute-based access control in open systems
POST'12 Proceedings of the First international conference on Principles of Security and Trust
Toward efficient and confidentiality-aware federation of access control policies
Proceedings of the 7th Workshop on Middleware for Next Generation Internet Computing
A white-box policy analysis and its efficient implementation
Proceedings of the 18th ACM symposium on Access control models and technologies
Hi-index | 0.00 |
In distributed computer systems, it is possible that the evaluation of an authorization policy may suffer unexpected failures, perhaps because a sub-policy cannot be evaluated or a sub-policy cannot be retrieved from some remote repository. Ideally, policy evaluation should be resilient to such failures and, at the very least, fail "gracefully" if no decision can be computed. We define syntax and semantics for an XACML-like policy language. The semantics are incremental and reflect different assumptions about the manner in which failures can occur. Unlike XACML, our language uses simple binary operators to combine sub-policy decisions. This enables us to characterize those few binary operators likely to be used in practice, and hence to identify a number of strategies for optimizing policy evaluation and policy representation.