A unified framework for enforcing multiple access control policies
SIGMOD '97 Proceedings of the 1997 ACM SIGMOD international conference on Management of data
A modular approach to composing access control policies
Proceedings of the 7th ACM conference on Computer and communications security
Protection in operating systems
Communications of the ACM
A logical framework for reasoning about access control models
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
An algebra for composing access control policies
ACM Transactions on Information and System Security (TISSEC)
Security Engineering of Lattice-Based Policies
CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
A State-Transition Model of Trust Management and Access Control
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
Comparing the expressive power of access control models
Proceedings of the 11th ACM conference on Computer and communications security
Using First-Order Logic to Reason about Policies
ACM Transactions on Information and System Security (TISSEC)
Access-Control Policies via Belnap Logic: Effective and Efficient Composition and Analysis
CSF '08 Proceedings of the 2008 21st IEEE Computer Security Foundations Symposium
Run-Time Enforcement of Nonsafety Policies
ACM Transactions on Information and System Security (TISSEC)
On a formal framework for security properties
Computer Standards & Interfaces
Specifying and reasoning about dynamic access-control policies
IJCAR'06 Proceedings of the Third international joint conference on Automated Reasoning
Abstractions preserving parameter confidentiality
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
Modular access control via strategic rewriting
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
Flow based interpretation of access control: detection of illegal information flows
ICISS'11 Proceedings of the 7th international conference on Information Systems Security
Formal specification and validation of security policies
FPS'11 Proceedings of the 4th Canada-France MITACS conference on Foundations and Practice of Security
Proceedings of the 7th Workshop on Programming Languages and Analysis for Security
Hi-index | 0.00 |
There exist many approaches to specify and to define security policies. We present here a framework in which the basic components of security policies can be expressed, and we identify their role in the description of a policy, of a system and of a secure system. In this setting, we formally describe two approaches to define policies, and we relate them: the rule-based approach consists of specifying the conditions under which an action is granted and, the property-based approach consists of specifying the security properties the policy aims to enforce. We also show how a policy can be applied to constrain an existing system, and how a secure system can be defined from a security policy.