A calculus for access control in distributed systems
ACM Transactions on Programming Languages and Systems (TOPLAS)
A modal deconstruction of access control logics
FOSSACS'08/ETAPS'08 Proceedings of the Theory and practice of software, 11th international conference on Foundations of software science and computational structures
A privacy preservation model for facebook-style social network systems
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
Relationship-based access control: protection model and policy language
Proceedings of the first ACM conference on Data and application security and privacy
Access control via belnap logic: Intuitive, expressive, and analyzable policy composition
ACM Transactions on Information and System Security (TISSEC)
Relationship-based access control policies and their policy languages
Proceedings of the 16th ACM symposium on Access control models and technologies
Preventing Sybil Attacks by Privilege Attenuation: A Design Principle for Social Network Systems
SP '11 Proceedings of the 2011 IEEE Symposium on Security and Privacy
A user-to-user relationship-based access control model for online social networks
DBSec'12 Proceedings of the 26th Annual IFIP WG 11.3 conference on Data and Applications Security and Privacy
A white-box policy analysis and its efficient implementation
Proceedings of the 18th ACM symposium on Access control models and technologies
Relational abstraction in community-based secure collaboration
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Relationship-based information sharing in cloud-based decentralized social networks
Proceedings of the 4th ACM conference on Data and application security and privacy
Hi-index | 0.00 |
Access control policy is typically defined in terms of attributes, but in many applications it is more natural to define permissions in terms of relationships that resources, systems, and contexts may enjoy. The paradigm of relationship-based access control has been proposed to address this issue, and modal logic has been used as a technical foundation. We argue here that hybrid logic -- a natural and well-established extension of modal logic -- addresses limitations in the ability of modal logic to express certain relationships. We identify a fragment of hybrid logic to be used for expressing relationship-based access-control policies, show that this fragment supports important policy idioms, and demonstrate that it removes an exponential penalty in existing attempts of specifying complex relationships such as "at least three friends". We also capture the previously studied notion of relational policies in a static type system.