Statecharts: A visual formalism for complex systems
Science of Computer Programming
A General Theory of Composition for a Class of "Possibilistic" Properties
IEEE Transactions on Software Engineering
A unified framework for enforcing multiple access control policies
SIGMOD '97 Proceedings of the 1997 ACM SIGMOD international conference on Management of data
Journal of the ACM (JACM)
A modular approach to composing access control policies
Proceedings of the 7th ACM conference on Computer and communications security
Flexible support for multiple access control policies
ACM Transactions on Database Systems (TODS)
Separation of Duty in Role-based Environments
CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
A Logic For State Transformations in Authorization Policies
CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
Language-Based Security
A General Theory of Composition for Trace Sets Closed under Selective Interleaving Functions
SP '94 Proceedings of the 1994 IEEE Symposium on Security and Privacy
A Logical Language for Expressing Authorizations
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
SP'88 Proceedings of the 1988 IEEE conference on Security and privacy
Policy algebras for access control the predicate case
Proceedings of the 9th ACM conference on Computer and communications security
Describing Policies with Graph Constraints and Rules
ICGT '02 Proceedings of the First International Conference on Graph Transformation
A propositional policy algebra for access control
ACM Transactions on Information and System Security (TISSEC)
A Unified Scheme for Resource Protection in Automated Trust Negotiation
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
Recent advances in access control models
Das'01 Proceedings of the fifteenth annual working conference on Database and application security
ACM Transactions on Information and System Security (TISSEC)
D-algebra for composing access control policy decisions
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
Practical declarative network management
Proceedings of the 1st ACM workshop on Research on enterprise networking
An algebra for enterprise privacy policies closed under composition and conjunction
ETRICS'06 Proceedings of the 2006 international conference on Emerging Trends in Information and Communication Security
| Hi-index | 0.00 |
Although different organizations operate under different requirements for protection of their data, increasingly there is a need for organizations to connect their computing resources together to achieve common goals. The fundamental problem addressed in this paper is to capture the algebra used in composing access control policies of collaborating organizations. In doing so, we seek a framework that can be viewed at many levels of abstraction (such as abstract vs. explicit or propositional vs. predicate), independent of implementation mechanisms and environments, and is expressive enough to model existing practices of policy compositions.Propositional version consists of a syntax where policies are viewed as abstract symbols, and semantics consists of authorization state transformers, where an authorization state is a collection of (subject, object, access set) triples and a set of propositions satisfied by them. Syntactic rules are provided to simplify policy expressions without knowing their semantics, thereby supporting algebraic manipulations of uninterpreted policies. Because our algebra is at an abstract level, it can model any policy independent of the language that is used to implement it. We show how to reason about completeness, consistency, unambiguity and of abstractly specified policies and their semantic equivalence.