Bilattices and the semantics of logic programming
Journal of Logic Programming
A calculus for access control in distributed systems
ACM Transactions on Programming Languages and Systems (TOPLAS)
The structure of typed programming languages
The structure of typed programming languages
Foundations of programming languages
Foundations of programming languages
Artificial Intelligence
The ARBAC97 model for role-based administration of roles
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
The role of trust management in distributed systems security
Secure Internet programming
Cisco IOS access lists
Flexible support for multiple access control policies
ACM Transactions on Database Systems (TODS)
An algebra for composing access control policies
ACM Transactions on Information and System Security (TISSEC)
A Discipline of Programming
Delegation logic: A logic-based approach to distributed authorization
ACM Transactions on Information and System Security (TISSEC)
Computer
The Process of Inconsistency Management: A Framework for Understanding
DEXA '99 Proceedings of the 10th International Workshop on Database & Expert Systems Applications
A Logical Reconstruction of SPKI
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
A model-based approach to integrating security policies for embedded devices
Proceedings of the 4th ACM international conference on Embedded software
Composing security policies with polymer
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
Defeasible security policy composition for web services
Proceedings of the fourth ACM workshop on Formal methods in security
Role-Based Access Control, Second Edition
Role-Based Access Control, Second Edition
Administration in role-based access control
ASIACCS '07 Proceedings of the 2nd ACM symposium on Information, computer and communications security
A simple and expressive semantic framework for policy composition in access control
Proceedings of the 2007 ACM workshop on Formal methods in security engineering
Formal correctness of conflict detection for firewalls
Proceedings of the 2007 ACM workshop on Formal methods in security engineering
Access-Control Policies via Belnap Logic: Effective and Efficient Composition and Analysis
CSF '08 Proceedings of the 2008 21st IEEE Computer Security Foundations Symposium
D-algebra for composing access control policy decisions
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
An algebra for fine-grained integration of XACML policies
Proceedings of the 14th ACM symposium on Access control models and technologies
Access control policy combining: theory meets practice
Proceedings of the 14th ACM symposium on Access control models and technologies
Relationship-based access control: its expression and enforcement through hybrid logic
Proceedings of the second ACM conference on Data and Application Security and Privacy
Automated analysis of rule-based access control policies
PLPV '13 Proceedings of the 7th workshop on Programming languages meets program verification
A white-box policy analysis and its efficient implementation
Proceedings of the 18th ACM symposium on Access control models and technologies
On protection in federated social computing systems
Proceedings of the 4th ACM conference on Data and application security and privacy
Hi-index | 0.00 |
Access control to IT systems increasingly relies on the ability to compose policies. Hence there is benefit in any framework for policy composition that is intuitive, formal (and so “analyzable” and “implementable”), expressive, independent of specific application domains, and yet able to be extended to create domain-specific instances. Here we develop such a framework based on Belnap logic. An access-control policy is interpreted as a four-valued predicate that maps access requests to either grant, deny, conflict, or unspecified -- the four values of the Belnap bilattice. We define an expressive access-control policy language PBel, having composition operators based on the operators of Belnap logic. Natural orderings on policies are obtained by lifting the truth and information orderings of the Belnap bilattice. These orderings lead to a query language in which policy analyses, for example, conflict freedom, can be specified. Policy analysis is supported through a reduction of the validity of policy queries to the validity of propositional formulas on predicates over access requests. We evaluate our approach through firewall policy and RBAC policy examples, and discuss domain-specific and generic extensions of our policy language.