Organization based access control
POLICY '03 Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks
Role-Based Access Control
An obligation model bridging access control policies and privacy policies
Proceedings of the 13th ACM symposium on Access control models and technologies
A Lightweight Container Architecture for Runtime Verification
Runtime Verification
Comparison of model checking tools for information systems
ICFEM'10 Proceedings of the 12th international conference on Formal engineering methods and software engineering
Hi-index | 0.00 |
Information systems are widely used and help in the management of huge quantities of data. Generally, these data are valuable or sensitive, their access must be restricted to granted users. Security is a mandatory requirement for information systems. Several methods already exist to express access control policies, but few of them, like eb3sec, support all kinds of constraints that can be defined in access control policies. In this paper, we present how to use eb3sec to express two kinds of access control constraints : permissions and prohibitions. Once, constraints are expressed, we provide algorithms to verify that the model of the policy do not lead to deadlock.