Policies, models, and languages for access control

Authors:
Sabrina De Capitani di Vimercati;Pierangela Samarati;Sushil Jajodia
Affiliations:
DTI, Università di Milano, Crema, Italy;DTI, Università di Milano, Crema, Italy;George Mason University, Fairfax, VA
Venue:
DNIS'05 Proceedings of the 4th international conference on Databases in Networked Information Systems
Year:
2005

Citing 23
Cited 10

A model of authorization for next-generation database systems

ACM Transactions on Database Systems (TODS)
Access control for collaborative environments

CSCW '92 Proceedings of the 1992 ACM conference on Computer-supported cooperative work
Referee: trust management for Web applications

World Wide Web Journal - Special issue: Web security: a matter of trust
Formal Models for Computer Security

ACM Computing Surveys (CSUR)
Sets and constraint logic programming

ACM Transactions on Programming Languages and Systems (TOPLAS)
Flexible support for multiple access control policies

ACM Transactions on Database Systems (TODS)
An algebra for composing access control policies

ACM Transactions on Information and System Security (TISSEC)
A fine-grained access control system for XML documents

ACM Transactions on Information and System Security (TISSEC)
Introduction to Database Systems

Introduction to Database Systems
A uniform framework for regulating service access and information release on the web

Journal of Computer Security
Supporting structured credentials and sensitive policies through interoperable strategies for automated trust negotiation

ACM Transactions on Information and System Security (TISSEC)
Delegation logic: A logic-based approach to distributed authorization

ACM Transactions on Information and System Security (TISSEC)
A Model for Evaluation and Administration of Security in Object-Oriented Databases

IEEE Transactions on Knowledge and Data Engineering
DATALOG with Constraints: A Foundation for Trust Management Languages

PADL '03 Proceedings of the 5th International Symposium on Practical Aspects of Declarative Languages
Access Control: Policies, Models, and Mechanisms

FOSAD '00 Revised versions of lectures given during the IFIP WG 1.7 International School on Foundations of Security Analysis and Design on Foundations of Security Analysis and Design: Tutorial Lectures
A propositional policy algebra for access control

ACM Transactions on Information and System Security (TISSEC)
Design of a Role-Based Trust-Management Framework

SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Binder, a Logic-Based Security Language

SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Requirements for Policy Languages for Trust Negotiation

POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
SD3: A Trust Management System with Certified Evaluation

SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
A logic-based framework for attribute based access control

Proceedings of the 2004 ACM workshop on Formal methods in security engineering
Provisions and obligations in policy management and security applications

VLDB '02 Proceedings of the 28th international conference on Very Large Data Bases
Decentralized trust management

SP'96 Proceedings of the 1996 IEEE conference on Security and privacy

Towards reasonability properties for access-control policy languages

Proceedings of the eleventh ACM symposium on Access control models and technologies
Rewriting-Based Access Control Policies

Electronic Notes in Theoretical Computer Science (ENTCS)
Weaving rewrite-based access control policies

Proceedings of the 2007 ACM workshop on Formal methods in security engineering
Patterns and Pattern Diagrams for Access Control

TrustBus '08 Proceedings of the 5th international conference on Trust, Privacy and Security in Digital Business
SecPAL: Design and semantics of a decentralized authorization language

Journal of Computer Security - Digital Identity Management (DIM 2007)
A generic XACML based declarative authorization scheme for java

ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
Usability confinement of server reactions: maintaining inference-proof client views by controlled interaction execution

DNIS'10 Proceedings of the 6th international conference on Databases in Networked Information Systems
Inference-usability confinement by maintaining inference-proof views of an information system

International Journal of Computational Science and Engineering
SecTTS: A secure track & trace system for RFID-enabled supply chains

Computers in Industry
Towards model-driven development of access control policies for web applications

Proceedings of the Workshop on Model-Driven Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

Access control is the process of mediating every request to data and services maintained by a system and determining whether the request should be granted or denied. Expressiveness and flexibility are top requirements for an access control system together with, and usually in conflict with, simplicity and efficiency. In this paper, we discuss the main desiderata for access control systems and illustrate the main characteristics of access control solutions.