Principles of database and knowledge-base systems, Vol. I
Principles of database and knowledge-base systems, Vol. I
Role-Based Access Control Models
Computer
A unified framework for enforcing multiple access control policies
SIGMOD '97 Proceedings of the 1997 ACM SIGMOD international conference on Management of data
Term rewriting and all that
A logical framework for reasoning about access control models
ACM Transactions on Information and System Security (TISSEC)
Access Control for Deductive Databases by Logic Programming
ICLP '02 Proceedings of the 18th International Conference on Logic Programming
LUPS - A Language for Updating Logic Programs
LPNMR '99 Proceedings of the 5th International Conference on Logic Programming and Nonmonotonic Reasoning
A State-Transition Model of Trust Management and Access Control
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
Flexible access control policy specification with constraint logic programming
ACM Transactions on Information and System Security (TISSEC)
Security analysis in role-based access control
ACM Transactions on Information and System Security (TISSEC)
A theory for comparing the expressive power of access control models
Journal of Computer Security
Analysis of Rewrite-Based Access Control Policies
Electronic Notes in Theoretical Computer Science (ENTCS)
Blare Tools: A Policy-Based Intrusion Detection System Automatically Set by the Security Policy
RAID '09 Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection
Tom: piggybacking rewriting on java
RTA'07 Proceedings of the 18th international conference on Term rewriting and applications
All about maude - a high-performance logical framework: how to specify, program and verify systems in rewriting logic
Security rules versus security properties
ICISS'10 Proceedings of the 6th international conference on Information systems security
Specifying and reasoning about dynamic access-control policies
IJCAR'06 Proceedings of the Third international joint conference on Automated Reasoning
A logic for state-modifying authorization policies
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
Proceedings of the 7th Workshop on Programming Languages and Analysis for Security
Automated analysis of rule-based access control policies
PLPV '13 Proceedings of the 7th workshop on Programming languages meets program verification
| Hi-index | 0.00 |
We propose a formal framework for the specification and validation of security policies. To model a secured system, the evolution of security information in the system is described by transitions triggered by authorization requests and the policy is given by a set of rules describing the way the corresponding decisions are taken. Policy rules are constrained rewrite rules whose constraints are first-order formulas on finite domains, which provides enhanced expressive power compared to classical security policy specification approaches like the ones using Datalog, for example. Our specifications have an operational semantics based on transition and rewriting systems and are thus executable. This framework also provides a common formalism to define, compare and compose security systems and policies. We define transformations over secured systems in order to perform validation of classical security properties.