Access Control: Policies, Models, and Mechanisms
FOSAD '00 Revised versions of lectures given during the IFIP WG 1.7 International School on Foundations of Security Analysis and Design on Foundations of Security Analysis and Design: Tutorial Lectures
Organization based access control
POLICY '03 Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks
A logic-based framework for attribute based access control
Proceedings of the 2004 ACM workshop on Formal methods in security engineering
Model driven security: From UML models to access control infrastructures
ACM Transactions on Software Engineering and Methodology (TOSEM)
The next 700 access control models or a unifying meta-model?
Proceedings of the 14th ACM symposium on Access control models and technologies
Concrete- and abstract-based access control
International Journal of Information Security
Logical approaches to authorization policies
Logic Programs, Norms and Action
Designing flexible access control models for the cloud
Proceedings of the 6th International Conference on Security of Information and Networks
Hi-index | 0.00 |
Several formal access control models are known in the literature, such as DAC, MAC, RBAC, etc. However, these models cannot meet new security requirements required by flexible and dynamic environments which necessitate a combination of elements of these models, in order to properly express varied data protection needs. In this paper, we present a new method for the specification of access control systems. The method makes it possible to design an access control system specific to the high level policy of an organization. The method is based on a generic UML meta-model of access control called CatBAC (Category Based Access Control), together with a refinement process for the extraction of security requirements from high level policies. Based on the category concept, the CatBAC meta-model allows specifying hybrid policies of access control.