A Proof Procedure for Data Dependencies
Journal of the ACM (JACM)
Logic for computer science: foundations of automatic theorem proving
Logic for computer science: foundations of automatic theorem proving
Role-Based Access Control Models
Computer
Chasing constrained tuple-generating dependencies
PODS '96 Proceedings of the fifteenth ACM SIGACT-SIGMOD-SIGART symposium on Principles of database systems
RBAC '97 Proceedings of the second ACM workshop on Role-based access control
RBAC '97 Proceedings of the second ACM workshop on Role-based access control
Formal specification for role based access control user/role and role/role relationship management
RBAC '98 Proceedings of the third ACM workshop on Role-based access control
The RSL99 language for role-based separation of duty constraints
RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
Flexible support for multiple access control policies
ACM Transactions on Database Systems (TODS)
Practical safety in flexible access control models
ACM Transactions on Information and System Security (TISSEC)
TRBAC: A temporal role-based access control model
ACM Transactions on Information and System Security (TISSEC)
Foundations of Databases: The Logical Level
Foundations of Databases: The Logical Level
A logical framework for reasoning about access control models
ACM Transactions on Information and System Security (TISSEC)
Delegation logic: A logic-based approach to distributed authorization
ACM Transactions on Information and System Security (TISSEC)
Lattice-Based Access Control Models
Computer
DATALOG with Constraints: A Foundation for Trust Management Languages
PADL '03 Proceedings of the 5th International Symposium on Practical Aspects of Declarative Languages
Proceedings of the IFIP TC11 WG11.3 Eleventh International Conference on Database Securty XI: Status and Prospects
ACM SIGOPS Operating Systems Review
Specifying and enforcing constraints in role-based access control
Proceedings of the eighth ACM symposium on Access control models and technologies
Binder, a Logic-Based Security Language
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Role-Based Access Control
SD3: A Trust Management System with Certified Evaluation
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Flexible access control policy specification with constraint logic programming
ACM Transactions on Information and System Security (TISSEC)
On mutually-exclusive roles and separation of duty
Proceedings of the 11th ACM conference on Computer and communications security
A Generalized Temporal Role-Based Access Control Model
IEEE Transactions on Knowledge and Data Engineering
Access Control Systems: Security, Identity Management and Trust Models
Access Control Systems: Security, Identity Management and Trust Models
Proceedings of the twenty-fifth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems
GEO-RBAC: A spatially aware RBAC
ACM Transactions on Information and System Security (TISSEC)
A Critique of the ANSI Standard on Role-Based Access Control
IEEE Security and Privacy
Beyond separation of duty: An algebra for specifying high-level security policies
Journal of the ACM (JACM)
Access control policy combining: theory meets practice
Proceedings of the 14th ACM symposium on Access control models and technologies
Privacy-Aware Role-Based Access Control
IEEE Security and Privacy
Minimal-change integrity maintenance using tuple deletions
Information and Computation
| Hi-index | 0.00 |
Access control is one of the most common and versatile mechanisms used for information systems security enforcement. An access control model formally describes how to decide whether an access request should be granted or denied. Since the role-based access control initiative has been proposed in the 90s, several access control models have been studied in the literature. An access control policy is an instance of a model. It defines the set of basic facts used in the decision process. Policies must satisfy a set of constraints defined in the model, which reflect some high level organization requirements. First-order logic has been advocated for some time as a suitable framework for access control models. Many frameworks have been proposed, focusing mainly on expressing complex access control models. However, though formally expressed, constraints are not defined in a unified language that could lead to some well-founded and generic enforcement procedures. Therefore, we make a clear distinction by proposing a logical framework focusing primarily on constraints, while keeping as much as possible a unified way of expressing constraints, policies, models, and reference monitors. This framework is closely tied to relational database integrity models. We then show how to use well-founded procedures in order to enforce and check constraints. Without requiring any rewriting previous to the inference process, these procedures provide clean and intuitive debugging traces for administrators. This approach is a step toward bridging the gap between general but hard to maintain formalisms and effective but insufficiently general ones.