A calculus for access control in distributed systems
ACM Transactions on Programming Languages and Systems (TOPLAS)
Combinatory reduction systems: introduction and survey
Theoretical Computer Science - A collection of contributions in honour of Corrado Bo¨hm on the occasion of his 70th birthday
Term rewriting and all that
A modular approach to composing access control policies
Proceedings of the 7th ACM conference on Computer and communications security
Authorization specification and enforcement in federated database systems
Journal of Computer Security
Flexible support for multiple access control policies
ACM Transactions on Database Systems (TODS)
A model of OASIS role-based access control and its support for active security
ACM Transactions on Information and System Security (TISSEC)
A logical framework for reasoning about access control models
ACM Transactions on Information and System Security (TISSEC)
Decidability of Safety in Graph-Based Models for Access Control
ESORICS '02 Proceedings of the 7th European Symposium on Research in Computer Security
Foundations for a Graph-Based Approach to the Specification of Access Control Policies
FoSSaCS '01 Proceedings of the 4th International Conference on Foundations of Software Science and Computation Structures
Binder, a Logic-Based Security Language
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
SD3: A Trust Management System with Certified Evaluation
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Flexible access control policy specification with constraint logic programming
ACM Transactions on Information and System Security (TISSEC)
Cassandra: Distributed Access Control Policies with Tunable Expressiveness
POLICY '04 Proceedings of the Fifth IEEE International Workshop on Policies for Distributed Systems and Networks
Security policy in a declarative style
PPDP '05 Proceedings of the 7th ACM SIGPLAN international conference on Principles and practice of declarative programming
An effective role administration model using organization structure
ACM Transactions on Information and System Security (TISSEC)
Proceedings of the 12th ACM symposium on Access control models and technologies
Weaving rewrite-based access control policies
Proceedings of the 2007 ACM workshop on Formal methods in security engineering
Using First-Order Logic to Reason about Policies
ACM Transactions on Information and System Security (TISSEC)
Analysis of Rewrite-Based Access Control Policies
Electronic Notes in Theoretical Computer Science (ENTCS)
Expressive policy analysis with enhanced system dynamicity
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
The next 700 access control models or a unifying meta-model?
Proceedings of the 14th ACM symposium on Access control models and technologies
A3PAT, an approach for certified automated termination proofs
Proceedings of the 2010 ACM SIGPLAN workshop on Partial evaluation and program manipulation
Distributed event-based access control
International Journal of Information and Computer Security
RTA'03 Proceedings of the 14th international conference on Rewriting techniques and applications
Dynamic event-based access control as term rewriting
Proceedings of the 21st annual IFIP WG 11.3 working conference on Data and applications security
Tom: piggybacking rewriting on java
RTA'07 Proceedings of the 18th international conference on Term rewriting and applications
A logic for state-modifying authorization policies
ACM Transactions on Information and System Security (TISSEC)
Access control via belnap logic: Intuitive, expressive, and analyzable policy composition
ACM Transactions on Information and System Security (TISSEC)
Symbolic analysis of network security policies using rewrite systems
Proceedings of the 13th international ACM SIGPLAN symposium on Principles and practices of declarative programming
Rewrite specifications of access control policies in distributed environments
STM'10 Proceedings of the 6th international conference on Security and trust management
Term rewriting for access control
DBSEC'06 Proceedings of the 20th IFIP WG 11.3 working conference on Data and Applications Security
A theorem proving approach to analysis of secure information flow
SPC'05 Proceedings of the Second international conference on Security in Pervasive Computing
A sufficient completeness reasoning tool for partial specifications
RTA'05 Proceedings of the 16th international conference on Term Rewriting and Applications
Category-Based authorisation models: operational semantics and expressive power
ESSoS'10 Proceedings of the Second international conference on Engineering Secure Software and Systems
Formal specification and validation of security policies
FPS'11 Proceedings of the 4th Canada-France MITACS conference on Foundations and Practice of Security
Logical approaches to authorization policies
Logic Programs, Norms and Action
Automated and efficient analysis of role-based access control with attributes
DBSec'12 Proceedings of the 26th Annual IFIP WG 11.3 conference on Data and Applications Security and Privacy
A unified attribute-based access control model covering DAC, MAC and RBAC
DBSec'12 Proceedings of the 26th Annual IFIP WG 11.3 conference on Data and Applications Security and Privacy
Modular access control via strategic rewriting
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
Hi-index | 0.00 |
In this paper we show how access control policies can be specified using a general metamodel whose operational semantics is based on term rewriting systems. The choice of the specification language aims at easing the verification task, since essential properties of access control (e.g. every request by an individual of accessing a resource always receives an answer, and this answer is unique) can be formalized and proved using rewriting techniques. We show that automated analysis of rewrite-based security policies can be done using the CiME rewriting tool which is able to produce mechanically checkable traces of security policy properties, for instance through the Coq proof assistant.