Comparison of policy specification languages for access control

Authors:
Sarnali Saha;Asmita Nag
Affiliations:
Jadavpur University, Jadavpur, Kolkata, India;Jadavpur University, Jadavpur, Kolkata, India
Venue:
Proceedings of the CUBE International Information Technology Conference
Year:
2012

Citing 6
Cited 0

Specification and Validation of a Security Policy Model

IEEE Transactions on Software Engineering
Tower: A Language for Role Based Access Control

POLICY '01 Proceedings of the International Workshop on Policies for Distributed Systems and Networks
The Ponder Policy Specification Language

POLICY '01 Proceedings of the International Workshop on Policies for Distributed Systems and Networks
A Logical Language for Expressing Authorizations

SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
The rcl 2000 language for specifying role-based authorization constraints

The rcl 2000 language for specifying role-based authorization constraints
Specifying and implementing security policies using lasco, the language for security constraints on objects

Specifying and implementing security policies using lasco, the language for security constraints on objects

Quantified Score

Hi-index	0.00

Visualization

Abstract

Access control is the process of mediating every request to data and services maintained by a system and determining whether the request should be granted or denied. Expressiveness and flexibility are top requirements for an access control system together with, and usually in conflict with, simplicity and efficiency. In this paper, we discuss the main characteristics for access control specification languages and make a comparison on the basis of those characteristics.