Foundations of logic programming; (2nd extended ed.)
Foundations of logic programming; (2nd extended ed.)
Towards a theory of declarative knowledge
Foundations of deductive databases and logic programming
On the declarative semantics of deductive databases and logic programs
Foundations of deductive databases and logic programming
The alternating fixpoint of logic programs with negation
PODS '89 Proceedings of the eighth ACM SIGACT-SIGMOD-SIGART symposium on Principles of database systems
A model of authorization for next-generation database systems
ACM Transactions on Database Systems (TODS)
Theoretical Computer Science
Access control for collaborative environments
CSCW '92 Proceedings of the 1992 ACM conference on Computer-supported cooperative work
Authorizations in relational database management systems
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
Stable and extension class theory for logic programs and default logics
Journal of Automated Reasoning
Database security
A unified framework for enforcing multiple access control policies
SIGMOD '97 Proceedings of the 1997 ACM SIGMOD international conference on Management of data
Argos—a configurable access control system for interoperable environments
Proceedings of the ninth annual IFIP TC11 WG11.3 working conference on Database security IX : status and prospects: status and prospects
A flexible authorization mechanism for relational data management systems
ACM Transactions on Information Systems (TOIS)
An Efficient Unification Algorithm
ACM Transactions on Programming Languages and Systems (TOPLAS)
A Temporal Access Control Mechanism for Database Systems
IEEE Transactions on Knowledge and Data Engineering
Rights in an Object-Oriented Environment
Results of the IFIP WG 11.3 Workshop on Database Security V: Status and Prospects
Computing Well-founded Semantics Faster
LPNMR '95 Proceedings of the Third International Conference on Logic Programming and Nonmonotonic Reasoning
An Authorization Model and Its Formal Semantics
ESORICS '98 Proceedings of the 5th European Symposium on Research in Computer Security
Assuring Distributed Trusted Mach
SP '93 Proceedings of the 1993 IEEE Symposium on Security and Privacy
A Logical Language for Expressing Authorizations
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Policy algebras for access control: the propositional case
CCS '01 Proceedings of the 8th ACM conference on Computer and Communications Security
An authorization model for a public key management service
ACM Transactions on Information and System Security (TISSEC)
An algebra for composing access control policies
ACM Transactions on Information and System Security (TISSEC)
A fine-grained access control system for XML documents
ACM Transactions on Information and System Security (TISSEC)
An access control model for data archives
Sec '01 Proceedings of the 16th international conference on Information security: Trusted information: the new decade challenge
Policy algebras for access control the predicate case
Proceedings of the 9th ACM conference on Computer and communications security
A logical framework for reasoning about access control models
ACM Transactions on Information and System Security (TISSEC)
Controlling Access to XML Documents
IEEE Internet Computing
E-P3P privacy policies and privacy authorization
Proceedings of the 2002 ACM workshop on Privacy in the Electronic Society
A Uniform Model for Authorization and Access Control in Enterprise Information Platform
EDCIS '02 Proceedings of the First International Conference on Engineering and Deployment of Cooperative Information Systems
XML-Based Distributed Access Control System
EC-WEB '02 Proceedings of the Third International Conference on E-Commerce and Web Technologies
Access Control: Policies, Models, and Mechanisms
FOSAD '00 Revised versions of lectures given during the IFIP WG 1.7 International School on Foundations of Security Analysis and Design on Foundations of Security Analysis and Design: Tutorial Lectures
Well-Founded Optimism: Inheritance in Frame-Based Knowledge Bases
On the Move to Meaningful Internet Systems, 2002 - DOA/CoopIS/ODBASE 2002 Confederated International Conferences DOA, CoopIS and ODBASE 2002
A propositional policy algebra for access control
ACM Transactions on Information and System Security (TISSEC)
An approach to engineer and enforce context constraints in an RBAC environment
Proceedings of the eighth ACM symposium on Access control models and technologies
Access control: principles and solutions
Software—Practice & Experience - Special issue: Security software
A Privacy Policy Model for Enterprises
CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
CRPIT '14 Proceedings of the IEEE international conference on Privacy, security and data mining - Volume 14
Recent advances in access control models
Das'01 Proceedings of the fifteenth annual working conference on Database and application security
Subject switching algorithms for access control in federated databases
Das'01 Proceedings of the fifteenth annual working conference on Database and application security
Das'01 Proceedings of the fifteenth annual working conference on Database and application security
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
Obligation Monitoring in Policy Management
POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
A System to Specify and Manage Multipolicy Access Control Models
POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
Removing permissions in the flexible authorization framework
ACM Transactions on Database Systems (TODS)
Provisions and Obligations in Policy Rule Management
Journal of Network and Systems Management
Flexible access control policy specification with constraint logic programming
ACM Transactions on Information and System Security (TISSEC)
Virtual enterprise access control requirements
SAICSIT '03 Proceedings of the 2003 annual research conference of the South African institute of computer scientists and information technologists on Enablement through technology
A logical specification for usage control
Proceedings of the ninth ACM symposium on Access control models and technologies
On the role of roles: from role-based to role-sensitive access control
Proceedings of the ninth ACM symposium on Access control models and technologies
Extending query rewriting techniques for fine-grained access control
SIGMOD '04 Proceedings of the 2004 ACM SIGMOD international conference on Management of data
Efficient and flexible access control via logic program specialisation
Proceedings of the 2004 ACM SIGPLAN symposium on Partial evaluation and semantics-based program manipulation
An integrated approach to engineer and enforce context constraints in RBAC environments
ACM Transactions on Information and System Security (TISSEC)
A logic-based framework for attribute based access control
Proceedings of the 2004 ACM workshop on Formal methods in security engineering
A compositional framework for access control policies enforcement
Proceedings of the 2003 ACM workshop on Formal methods in security engineering
authUML: a three-phased framework to analyze access control specifications in use cases
Proceedings of the 2003 ACM workshop on Formal methods in security engineering
Enterprise privacy promises and enforcement
WITS '05 Proceedings of the 2005 workshop on Issues in the theory of security
An Authorization Model for Geospatial Data
IEEE Transactions on Dependable and Secure Computing
Composing and combining policies under the policy machine
Proceedings of the tenth ACM symposium on Access control models and technologies
Timed constraint programming: a declarative approach to usage control
PPDP '05 Proceedings of the 7th ACM SIGPLAN international conference on Principles and practice of declarative programming
Requirements traceability to support evolution of access control
SESS '05 Proceedings of the 2005 workshop on Software engineering for secure systems—building trustworthy applications
Maintaining privacy on derived objects
Proceedings of the 2005 ACM workshop on Privacy in the electronic society
Formal model and policy specification of usage control
ACM Transactions on Information and System Security (TISSEC)
Supporting location-based conditions in access control policies
ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
Secure resource description framework: an access control model
Proceedings of the eleventh ACM symposium on Access control models and technologies
Redirection policies for mission-based information sharing
Proceedings of the eleventh ACM symposium on Access control models and technologies
Presto Authorization: A Bitmap Indexing Scheme for High-Speed Access Control to XML Documents
IEEE Transactions on Knowledge and Data Engineering
Modality conflicts in semantics aware access control
ICWE '06 Proceedings of the 6th international conference on Web engineering
IPAC: an interactive approach to access control for semi-structured data
VLDB '06 Proceedings of the 32nd international conference on Very large data bases
An extended RBAC profile of XACML
Proceedings of the 3rd ACM workshop on Secure web services
Information and Software Technology
Compact access control labeling for efficient secure XML query evaluation
Data & Knowledge Engineering
Access control in collaborative commerce
Decision Support Systems
A framework for decentralized access control
ASIACCS '07 Proceedings of the 2nd ACM symposium on Information, computer and communications security
Managing RBAC states with transitive relations
ASIACCS '07 Proceedings of the 2nd ACM symposium on Information, computer and communications security
Access control and audit model for the multidimensional modeling of data warehouses
Decision Support Systems
A framework for enforcing application policies in database systems
Proceedings of the 2007 ACM SIGMOD international conference on Management of data
A note on the formalisation of UCON
Proceedings of the 12th ACM symposium on Access control models and technologies
Proceedings of the 12th ACM symposium on Access control models and technologies
Rewriting-Based Access Control Policies
Electronic Notes in Theoretical Computer Science (ENTCS)
High Level Conflict Management Strategies in Advanced Access Control Models
Electronic Notes in Theoretical Computer Science (ENTCS)
VLDB '02 Proceedings of the 28th international conference on Very Large Data Bases
Provisions and obligations in policy management and security applications
VLDB '02 Proceedings of the 28th international conference on Very Large Data Bases
Improving the Usability of E-Commerce Applications using Business Processes
IEEE Transactions on Software Engineering
A simple and expressive semantic framework for policy composition in access control
Proceedings of the 2007 ACM workshop on Formal methods in security engineering
Weaving rewrite-based access control policies
Proceedings of the 2007 ACM workshop on Formal methods in security engineering
Secure XML publishing without information leakage in the presence of data inference
VLDB '04 Proceedings of the Thirtieth international conference on Very large data bases - Volume 30
Over-encryption: management of access control evolution on outsourced data
VLDB '07 Proceedings of the 33rd international conference on Very large data bases
A Trust- and Property-based Access Control Model
Electronic Notes in Theoretical Computer Science (ENTCS)
Information and Computation
Access control policies and languages
International Journal of Computational Science and Engineering
Knowledge sharing in virtual enterprises via an ontology-based access control approach
Computers in Industry
Access control by action control
Proceedings of the 13th ACM symposium on Access control models and technologies
Using First-Order Logic to Reason about Policies
ACM Transactions on Information and System Security (TISSEC)
Authorization in trust management: Features and foundations
ACM Computing Surveys (CSUR)
Efficient and flexible access control via Jones-optimal logic program specialisation
Higher-Order and Symbolic Computation
Applying component-based design to self-protection of ubiquitous systems
Proceedings of the 3rd ACM workshop on Software engineering for pervasive services
A rewriting framework for the composition of access control policies
Proceedings of the 10th international ACM SIGPLAN conference on Principles and practice of declarative programming
ACM Transactions on Information and System Security (TISSEC)
Towards Modal Logic Formalization of Role-Based Access Control with Object Classes
FORTE '07 Proceedings of the 27th IFIP WG 6.1 international conference on Formal Techniques for Networked and Distributed Systems
Access Control for XML Document
IEA/AIE '08 Proceedings of the 21st international conference on Industrial, Engineering and Other Applications of Applied Intelligent Systems: New Frontiers in Applied Artificial Intelligence
Regulating Exceptions in Healthcare Using Policy Spaces
Proceeedings of the 22nd annual IFIP WG 11.3 working conference on Data and Applications Security
Securing Workflows with XACML, RDF and BPEL
Proceeedings of the 22nd annual IFIP WG 11.3 working conference on Data and Applications Security
Query Rewriting for Access Control on Semantic Web
SDM '08 Proceedings of the 5th VLDB workshop on Secure Data Management
A Robust Sampling-Based Framework for Privacy Preserving OLAP
DaWaK '08 Proceedings of the 10th international conference on Data Warehousing and Knowledge Discovery
Flexible Resolution of Authorisation Conflicts in Distributed Systems
DSOM '08 Proceedings of the 19th IFIP/IEEE international workshop on Distributed Systems: Operations and Management: Managing Large-Scale Service Deployment
Towards the development of privacy-aware systems
Information and Software Technology
A Model-Driven Approach for the Specification and Analysis of Access Control Policies
OTM '08 Proceedings of the OTM 2008 Confederated International Conferences, CoopIS, DOA, GADA, IS, and ODBASE 2008. Part II on On the Move to Meaningful Internet Systems
PuRBAC: Purpose-Aware Role-Based Access Control
OTM '08 Proceedings of the OTM 2008 Confederated International Conferences, CoopIS, DOA, GADA, IS, and ODBASE 2008. Part II on On the Move to Meaningful Internet Systems
Security and privacy for geospatial data: concepts and research directions
SPRINGL '08 Proceedings of the SIGSPATIAL ACM GIS 2008 International Workshop on Security and Privacy in GIS and LBS
DRM policies for web map service
SPRINGL '08 Proceedings of the SIGSPATIAL ACM GIS 2008 International Workshop on Security and Privacy in GIS and LBS
Consistency checking of role assignments in inter-organizational collaboration
SPRINGL '08 Proceedings of the SIGSPATIAL ACM GIS 2008 International Workshop on Security and Privacy in GIS and LBS
Authorization and Obligation Policies in Dynamic Systems
ICLP '08 Proceedings of the 24th International Conference on Logic Programming
Editorial: Model-Driven Development for secure information systems
Information and Software Technology
Requirements-based Access Control Analysis and Policy Specification (ReCAPS)
Information and Software Technology
Action Control by Term Rewriting
Electronic Notes in Theoretical Computer Science (ENTCS)
Analysis of Rewrite-Based Access Control Policies
Electronic Notes in Theoretical Computer Science (ENTCS)
Expressive policy analysis with enhanced system dynamicity
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
The next 700 access control models or a unifying meta-model?
Proceedings of the 14th ACM symposium on Access control models and technologies
Privacy preservation of aggregates in hidden databases: why and how?
Proceedings of the 2009 ACM SIGMOD International Conference on Management of data
A Formalization of HIPAA for a Medical Messaging System
TrustBus '09 Proceedings of the 6th International Conference on Trust, Privacy and Security in Digital Business
An XACML-based privacy-centered access control system
Proceedings of the first ACM workshop on Information security governance
Privacy-preserving similarity-based text retrieval
ACM Transactions on Internet Technology (TOIT)
Towards an Approach of Semantic Access Control for Cloud Computing
CloudCom '09 Proceedings of the 1st International Conference on Cloud Computing
Nonmonotonic Trust Management for P2P Applications
Electronic Notes in Theoretical Computer Science (ENTCS)
Distributed event-based access control
International Journal of Information and Computer Security
XML-based access control languages
Information Security Tech. Report
WiCOM'09 Proceedings of the 5th International Conference on Wireless communications, networking and mobile computing
A logic for authorization provenance
ASIACCS '10 Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security
Formalization of RBAC policy with object class hierarchy
ISPEC'07 Proceedings of the 3rd international conference on Information security practice and experience
Dynamic event-based access control as term rewriting
Proceedings of the 21st annual IFIP WG 11.3 working conference on Data and applications security
Data privacy - problems and solutions
ICISS'07 Proceedings of the 3rd international conference on Information systems security
A unified conflict resolution algorithm
SDM'07 Proceedings of the 4th VLDB conference on Secure data management
Answering queries based on imprecision and uncertainty trade-offs in numeric databases
SDM'07 Proceedings of the 4th VLDB conference on Secure data management
Modeling of the role-based access control policy with constraints using description logic
ICCSA'07 Proceedings of the 2007 international conference on Computational science and its applications - Volume Part I
Component-based security policy design with colored Petri nets
Semantics and algebraic specification
A framework towards enhancing trust and authorisation for e-commerce service
International Journal of Internet Technology and Secured Transactions
Access control policies for semantic networks
POLICY'09 Proceedings of the 10th IEEE international conference on Policies for distributed systems and networks
SecPAL: Design and semantics of a decentralized authorization language
Journal of Computer Security - Digital Identity Management (DIM 2007)
Security-driven model-based dynamic adaptation
Proceedings of the IEEE/ACM international conference on Automated software engineering
Experiences in the logical specification of the HIPAA and GLBA privacy laws
Proceedings of the 9th annual ACM workshop on Privacy in the electronic society
DBSec'10 Proceedings of the 24th annual IFIP WG 11.3 working conference on Data and applications security and privacy
Model checking of location and mobility related security policy specifications in ambient calculus
MMM-ACNS'10 Proceedings of the 5th international conference on Mathematical methods, models and architectures for computer network security
Access control via belnap logic: Intuitive, expressive, and analyzable policy composition
ACM Transactions on Information and System Security (TISSEC)
Protecting critical infrastructures while preserving each organization's autonomy
ICDCIT'11 Proceedings of the 7th international conference on Distributed computing and internet technology
Journal of Systems Architecture: the EUROMICRO Journal
A logic program solution for conflict authorizations
ACOS'06 Proceedings of the 5th WSEAS international conference on Applied computer science
A semantic privacy-preserving model for data sharing and integration
Proceedings of the International Conference on Web Intelligence, Mining and Semantics
Rumpole: a flexible break-glass access control model
Proceedings of the 16th ACM symposium on Access control models and technologies
Refinement of history-based policies
Logic programming, knowledge representation, and nonmonotonic reasoning
Journal of Computer and System Sciences
History-dependent inference control of queries by dynamic policy adaption
DBSec'11 Proceedings of the 25th annual IFIP WG 11.3 conference on Data and applications security and privacy
Socially constructed trust for distributed authorization
ESORICS'11 Proceedings of the 16th European conference on Research in computer security
Modularisation in maude of parametrized RBAC for row level access control
ADBIS'11 Proceedings of the 15th international conference on Advances in databases and information systems
From ASTD access control policies to WS-BPEL processes deployed in a SOA environment
WISS'10 Proceedings of the 2010 international conference on Web information systems engineering
Privacy of data outsourced to a cloud for selected readers through client-side encryption
Proceedings of the 10th annual ACM workshop on Privacy in the electronic society
Rewrite specifications of access control policies in distributed environments
STM'10 Proceedings of the 6th international conference on Security and trust management
Towards flexible credential negotiation protocols
Proceedings of the 11th international conference on Security Protocols
Creating objects in the flexible authorization framework
DBSEC'06 Proceedings of the 20th IFIP WG 11.3 working conference on Data and Applications Security
Consolidating the access control of composite applications and workflows
DBSEC'06 Proceedings of the 20th IFIP WG 11.3 working conference on Data and Applications Security
Term rewriting for access control
DBSEC'06 Proceedings of the 20th IFIP WG 11.3 working conference on Data and Applications Security
An algebra for enterprise privacy policies closed under composition and conjunction
ETRICS'06 Proceedings of the 2006 international conference on Emerging Trends in Information and Communication Security
Analysis and run-time verification of dynamic security policies
DAMAS'05 Proceedings of the 2005 international conference on Defence Applications of Multi-Agent Systems
λ-RBAC: programming with role-based access control
ICALP'06 Proceedings of the 33rd international conference on Automata, Languages and Programming - Volume Part II
The architecture of a privacy-aware access control decision component
CASSIS'05 Proceedings of the Second international conference on Construction and Analysis of Safe, Secure, and Interoperable Smart Devices
An authorization framework for sharing data in web service federations
SDM'05 Proceedings of the Second VDLB international conference on Secure Data Management
A formalization of distributed authorization with delegation
ACISP'05 Proceedings of the 10th Australasian conference on Information Security and Privacy
Survey Paper: A survey on policy languages in network and security management
Computer Networks: The International Journal of Computer and Telecommunications Networking
Development and runtime support for situation-aware security in autonomic computing
ATC'06 Proceedings of the Third international conference on Autonomic and Trusted Computing
An OWL-Based approach for RBAC with negative authorization
KSEM'06 Proceedings of the First international conference on Knowledge Science, Engineering and Management
A relational database integrity framework for access control policies
Journal of Intelligent Information Systems
Policies, models, and languages for access control
DNIS'05 Proceedings of the 4th international conference on Databases in Networked Information Systems
SEM'04 Proceedings of the 4th international conference on Software Engineering and Middleware
Information release control: a learning-based architecture
Journal on Data Semantics II
Enforcing semantics-aware security in multimedia surveillance
Journal on Data Semantics II
Secure model management operations for the web
DBSec'05 Proceedings of the 19th annual IFIP WG 11.3 working conference on Data and Applications Security
Specifying distributed authorization with delegation using logic programming
KES'05 Proceedings of the 9th international conference on Knowledge-Based Intelligent Information and Engineering Systems - Volume Part II
A logic based approach for dynamic access control
AI'04 Proceedings of the 17th Australian joint conference on Advances in Artificial Intelligence
A flexible authorization framework for e-commerce
ICDCIT'04 Proceedings of the First international conference on Distributed Computing and Internet Technology
Automatic enforcement of access control policies among dynamic coalitions
ICDCIT'04 Proceedings of the First international conference on Distributed Computing and Internet Technology
A new approach for conflict resolution of authorization
KES'05 Proceedings of the 9th international conference on Knowledge-Based Intelligent Information and Engineering Systems - Volume Part I
Modeling social and individual trust in requirements engineering methodologies
iTrust'05 Proceedings of the Third international conference on Trust Management
Security checker architecture for policy-based security management
MMM-ACNS'05 Proceedings of the Third international conference on Mathematical Methods, Models, and Architectures for Computer Network Security
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
A cryptographic solution for general access control
ISC'05 Proceedings of the 8th international conference on Information Security
Representation and reasoning on RBAC: a description logic approach
ICTAC'05 Proceedings of the Second international conference on Theoretical Aspects of Computing
Hybrid authorizations and conflict resolution
SDM'06 Proceedings of the Third VLDB international conference on Secure Data Management
Modeling and inferring on role-based access control policies using data dependencies
DEXA'06 Proceedings of the 17th international conference on Database and Expert Systems Applications
Inheritance in rule-based frame systems: semantics and inference
Journal on Data Semantics VII
Unauthorized inferences in semistructured databases
Information Sciences: an International Journal
Privacy in the electronic society
ICISS'06 Proceedings of the Second international conference on Information Systems Security
Category-Based authorisation models: operational semantics and expressive power
ESSoS'10 Proceedings of the Second international conference on Engineering Secure Software and Systems
ICISS'05 Proceedings of the First international conference on Information Systems Security
Validation of policy integration using alloy
ICDCIT'05 Proceedings of the Second international conference on Distributed Computing and Internet Technology
Securing information gateways with derivation-constrained access control
SPC'06 Proceedings of the Third international conference on Security in Pervasive Computing
Datalog for security, privacy and trust
Datalog'10 Proceedings of the First international conference on Datalog Reloaded
Towards law-aware semantic cloud policies with exceptions for data integration and protection
Proceedings of the 2nd International Conference on Web Intelligence, Mining and Semantics
Logical approaches to authorization policies
Logic Programs, Norms and Action
Decentralized governance of distributed systems via interaction control
Logic Programs, Norms and Action
Automated and efficient analysis of role-based access control with attributes
DBSec'12 Proceedings of the 26th Annual IFIP WG 11.3 conference on Data and Applications Security and Privacy
A unified attribute-based access control model covering DAC, MAC and RBAC
DBSec'12 Proceedings of the 26th Annual IFIP WG 11.3 conference on Data and Applications Security and Privacy
Pragmatic XML access control using off-the-shelf RDBMS
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
Modular access control via strategic rewriting
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
A role-based administration model for attributes
Proceedings of the First International Workshop on Secure and Resilient Architectures and Systems
Automated analysis of rule-based access control policies
PLPV '13 Proceedings of the 7th workshop on Programming languages meets program verification
DEAL: A Distributed Authorization Language for Ambient Intelligence
International Journal of Ambient Computing and Intelligence
A formal role-based access control model for security policies in multi-domain mobile networks
Computer Networks: The International Journal of Computer and Telecommunications Networking
Access Control on Semantic Web Data Using Query Rewriting
International Journal of Organizational and Collective Intelligence
Enforcing ASTD Access-Control Policies with WS-BPEL Processes in SOA Environments
International Journal of Systems and Service-Oriented Engineering
Model-driven adaptive delegation
Proceedings of the 12th annual international conference on Aspect-oriented software development
A modal logic for information system security
AISC '11 Proceedings of the Ninth Australasian Information Security Conference - Volume 116
Verification and enforcement of access control policies
Formal Methods in System Design
Dynamic policy adaptation for inference control of queries to a propositional information system
Journal of Computer Security - DBSec 2011
Formal specification and management of security policies with collective group obligations
Journal of Computer Security
| Hi-index | 0.00 |
Although several access control policies can be devised for controlling access to information, all existing authorization models, and the corresponding enforcement mechanisms, are based on a specific policy (usually the closed policy). As a consequence, although different policy choices are possible in theory, in practice only a specific policy can actually be applied within a given system. In this paper, we present a unified framework that can enforce multiple access control policies within a single system. The framework is based on a language through which users can specify security policies to be enforced on specific accesses. The language allows the specification of both positive and negative authorizations and incorporates notions of authorization derivation, conflict resolution, and decision strategies. Different strategies may be applied to different users, groups, objects, or roles, based on the needs of the security policy. The overall result is a flexible and powerful, yet simple, framework that can easily capture many of the traditional access control policies as well as protection requirements that exist in real-world applications, but are seldom supported by existing systems. The major advantage of our approach is that it can be used to specify different access control policies that can all coexist in the same system and be enforced by the same security server.