Decidability and expressiveness aspects of logic queries
PODS '87 Proceedings of the sixth ACM SIGACT-SIGMOD-SIGART symposium on Principles of database systems
The schematic protection model: its definition and analysis for acyclic attenuating schemes
Journal of the ACM (JACM)
Foundations of deductive databases and logic programming
Authorizations in relational database management systems
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
Role-Based Access Control Models
Computer
Verification of relational tranducers for electronic commerce
PODS '00 Proceedings of the nineteenth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems
Automating first-order relational logic
SIGSOFT '00/FSE-8 Proceedings of the 8th ACM SIGSOFT international symposium on Foundations of software engineering: twenty-first century applications
Protection in operating systems
Communications of the ACM
Relational transducers for electronic commerce
Journal of Computer and System Sciences - Special issue on the seventeenth ACM SIGACT-SIGMOD-SIGART symposium on principles of database systems
The complexity of acyclic conjunctive queries
Journal of the ACM (JACM)
TRBAC: A temporal role-based access control model
ACM Transactions on Information and System Security (TISSEC)
An algebra for composing access control policies
ACM Transactions on Information and System Security (TISSEC)
A lightweight approach to specification and analysis of role-based access control extensions
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
POPL '77 Proceedings of the 4th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
Foundations of Databases: The Logical Level
Foundations of Databases: The Logical Level
Delegation logic: A logic-based approach to distributed authorization
ACM Transactions on Information and System Security (TISSEC)
Decidable and Undecidable Fragments of First-Order Branching Temporal Logics
LICS '02 Proceedings of the 17th Annual IEEE Symposium on Logic in Computer Science
DATALOG with Constraints: A Foundation for Trust Management Languages
PADL '03 Proceedings of the 5th International Symposium on Practical Aspects of Declarative Languages
The CONTINUE Server (or, How I Administered PADL 2002 and 2003)
PADL '03 Proceedings of the 5th International Symposium on Practical Aspects of Declarative Languages
Decidability of Safety in Graph-Based Models for Access Control
ESORICS '02 Proceedings of the 7th European Symposium on Research in Computer Security
ACM SIGOPS Operating Systems Review
Static verification of security requirements in role based CSCW systems
Proceedings of the eighth ACM symposium on Access control models and technologies
The complexity of relational query languages (Extended Abstract)
STOC '82 Proceedings of the fourteenth annual ACM symposium on Theory of computing
Binder, a Logic-Based Security Language
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
SD3: A Trust Management System with Certified Evaluation
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
WETICE '03 Proceedings of the Twelfth International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises
Efficient comparison of enterprise privacy policies
Proceedings of the 2004 ACM symposium on Applied computing
Security analysis in role-based access control
Proceedings of the ninth ACM symposium on Access control models and technologies
Cassandra: Flexible Trust Management, Applied to Electronic Health Records
CSFW '04 Proceedings of the 17th IEEE workshop on Computer Security Foundations
Specification and verification of data-driven web services
PODS '04 Proceedings of the twenty-third ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems
Verification and change-impact analysis of access-control policies
Proceedings of the 27th international conference on Software engineering
DynAlloy: upgrading alloy with actions
Proceedings of the 27th international conference on Software engineering
Beyond proof-of-compliance: security analysis in trust management
Journal of the ACM (JACM)
Space-bounded reducibility among combinatorial problems
Journal of Computer and System Sciences
Verifying temporal heap properties specified via evolution logic
ESOP'03 Proceedings of the 12th European conference on Programming
Soutei, a logic-based trust-management system
FLOPS'06 Proceedings of the 8th international conference on Functional and Logic Programming
Rewriting-Based Access Control Policies
Electronic Notes in Theoretical Computer Science (ENTCS)
A simple and expressive semantic framework for policy composition in access control
Proceedings of the 2007 ACM workshop on Formal methods in security engineering
Weaving rewrite-based access control policies
Proceedings of the 2007 ACM workshop on Formal methods in security engineering
Enforcing security properties in task-based systems
Proceedings of the 13th ACM symposium on Access control models and technologies
A rewriting framework for the composition of access control policies
Proceedings of the 10th international ACM SIGPLAN conference on Principles and practice of declarative programming
EON: modeling and analyzing dynamic access control systems with logic programs
Proceedings of the 15th ACM conference on Computer and communications security
Rewrite Based Specification of Access Control Policies
Electronic Notes in Theoretical Computer Science (ENTCS)
Expressive policy analysis with enhanced system dynamicity
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
Termination of Priority Rewriting
LATA '09 Proceedings of the 3rd International Conference on Language and Automata Theory and Applications
On the Construction and Verification of Self-modifying Access Control Policies
SDM '09 Proceedings of the 6th VLDB Workshop on Secure Data Management
Paralocks: role-based information flow control and beyond
Proceedings of the 37th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Distributed event-based access control
International Journal of Information and Computer Security
Formal engineering of XACML access control policies in VDM++
ICFEM'07 Proceedings of the formal engineering methods 9th international conference on Formal methods and software engineering
A logic for state-modifying authorization policies
ACM Transactions on Information and System Security (TISSEC)
Component-based security policy design with colored Petri nets
Semantics and algebraic specification
Dynamic policy based model for trust based access control in P2P applications
ICC'09 Proceedings of the 2009 IEEE international conference on Communications
Analysis of privacy and security policies
IBM Journal of Research and Development
Security-typed programming within dependently typed programming
Proceedings of the 15th ACM SIGPLAN international conference on Functional programming
The state of the art in end-user software engineering
ACM Computing Surveys (CSUR)
Security rules versus security properties
ICISS'10 Proceedings of the 6th international conference on Information systems security
Semi-automatic synthesis of security policies by invariant-guided abduction
FAST'10 Proceedings of the 7th International conference on Formal aspects of security and trust
More than skin deep: measuring effects of the underlying model on access-control system usability
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Service Oriented Computing and Applications
Conformance checking of dynamic access control policies
ICFEM'11 Proceedings of the 13th international conference on Formal methods and software engineering
A knowledge-based verification method for dynamic access control policies
ICFEM'11 Proceedings of the 13th international conference on Formal methods and software engineering
Enforcing stateful authorization and information flow policies in fine
ESOP'10 Proceedings of the 19th European conference on Programming Languages and Systems
Formal specification and validation of security policies
FPS'11 Proceedings of the 4th Canada-France MITACS conference on Foundations and Practice of Security
A framework for the modular specification and orchestration of authorization policies
NordSec'10 Proceedings of the 15th Nordic conference on Information Security Technology for Applications
Automated extraction of security policies from natural-language software documents
Proceedings of the ACM SIGSOFT 20th International Symposium on the Foundations of Software Engineering
A logic for state-modifying authorization policies
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
Obligations and their interaction with programs
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
Modular access control via strategic rewriting
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
Model checking agent knowledge in dynamic access control policies
TACAS'13 Proceedings of the 19th international conference on Tools and Algorithms for the Construction and Analysis of Systems
Model-based, event-driven programming paradigm for interactive web applications
Proceedings of the 2013 ACM international symposium on New ideas, new paradigms, and reflections on programming & software
Proceedings of the 2013 ACM international symposium on New ideas, new paradigms, and reflections on programming & software
Science of Computer Programming
Hi-index | 0.00 |
Access-control policies have grown from simple matrices to non- trivial specifications written in sophisticated languages. The increasing complexity of these policies demands correspondingly strong automated reasoning techniques for understanding and debugging them. The need for these techniques is even more pressing given the rich and dynamic nature of the environments in which these policies evaluate. We define a framework to represent the behavior of access-control policies in a dynamic environment. We then specify several interesting, decidable analyses using first-order temporal logic. Our work illustrates the subtle interplay between logical and state-based methods, particularly in the presence of three-valued policies. We also define a notion of policy equivalence that is especially useful for modular reasoning.