Foundations of logic programming
Foundations of logic programming
A model of authorization for next-generation database systems
ACM Transactions on Database Systems (TODS)
Elements of relational database theory
Handbook of theoretical computer science (vol. B)
Access control for collaborative environments
CSCW '92 Proceedings of the 1992 ACM conference on Computer-supported cooperative work
ACM Transactions on Programming Languages and Systems (TOPLAS)
Proceedings of the eleventh international conference on Logic programming
A flexible authorization mechanism for relational data management systems
ACM Transactions on Information Systems (TOIS)
Design and implementation of an access control processor for XML documents
Proceedings of the 9th international World Wide Web conference on Computer networks : the international journal of computer and telecommunications netowrking
A modular approach to composing access control policies
Proceedings of the 7th ACM conference on Computer and communications security
Formal Models for Computer Security
ACM Computing Surveys (CSUR)
Flexible support for multiple access control policies
ACM Transactions on Database Systems (TODS)
Lattice-Based Access Control Models
Computer
A Logic-based Knowledge Representation for Authorization with Delegation
CSFW '99 Proceedings of the 12th IEEE workshop on Computer Security Foundations
Reasoning with Open Logic Programs
LPNMR '01 Proceedings of the 6th International Conference on Logic Programming and Nonmonotonic Reasoning
Virtual enterprise access control requirements
SAICSIT '03 Proceedings of the 2003 annual research conference of the South African institute of computer scientists and information technologists on Enablement through technology
Towards a credential-based implementation of compound access control policies
Proceedings of the ninth ACM symposium on Access control models and technologies
A compositional framework for access control policies enforcement
Proceedings of the 2003 ACM workshop on Formal methods in security engineering
Timed constraint programming: a declarative approach to usage control
PPDP '05 Proceedings of the 7th ACM SIGPLAN international conference on Principles and practice of declarative programming
Secure Interoperation in a Multidomain Environment Employing RBAC Policies
IEEE Transactions on Knowledge and Data Engineering
X-gtrbac admin: A decentralized administration model for enterprise-wide access control
ACM Transactions on Information and System Security (TISSEC)
Presto Authorization: A Bitmap Indexing Scheme for High-Speed Access Control to XML Documents
IEEE Transactions on Knowledge and Data Engineering
A method for access authorisation through delegation networks
ACSW Frontiers '06 Proceedings of the 2006 Australasian workshops on Grid computing and e-research - Volume 54
Beyond separation of duty: an algebra for specifying high-level security policies
Proceedings of the 13th ACM conference on Computer and communications security
A simple and expressive semantic framework for policy composition in access control
Proceedings of the 2007 ACM workshop on Formal methods in security engineering
User centricity: A taxonomy and open issues
Journal of Computer Security - The Second ACM Workshop on Digital Identity Management - DIM 2006
Beyond separation of duty: An algebra for specifying high-level security policies
Journal of the ACM (JACM)
A rewriting framework for the composition of access control policies
Proceedings of the 10th international ACM SIGPLAN conference on Principles and practice of declarative programming
ACM Transactions on Information and System Security (TISSEC)
Regulating Exceptions in Healthcare Using Policy Spaces
Proceeedings of the 22nd annual IFIP WG 11.3 working conference on Data and Applications Security
Run-Time Enforcement of Nonsafety Policies
ACM Transactions on Information and System Security (TISSEC)
A security policy language for wireless sensor networks
Journal of Systems and Software
Security Violation Detection for RBAC Based Interoperation in Distributed Environment
IEICE - Transactions on Information and Systems
D-algebra for composing access control policy decisions
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
Dynamic mandatory access control for multiple stakeholders
Proceedings of the 14th ACM symposium on Access control models and technologies
An algebra for fine-grained integration of XACML policies
Proceedings of the 14th ACM symposium on Access control models and technologies
Access control policy combining: theory meets practice
Proceedings of the 14th ACM symposium on Access control models and technologies
Secure Interoperation in Multidomain Environments Employing UCON Policies
ISC '09 Proceedings of the 12th International Conference on Information Security
Handling inheritance violation for secure interoperation of heterogeneous systems
International Journal of Security and Networks
PolicyGlobe: a framework for integrating network and operating system security policies
Proceedings of the 2nd ACM workshop on Assurable and usable security configuration
Multi-layer audit of access rights
SDM'07 Proceedings of the 4th VLDB conference on Secure data management
ASIAN'07 Proceedings of the 12th Asian computing science conference on Advances in computer science: computer and network security
Algebra for capability based attack correlation
WISTP'08 Proceedings of the 2nd IFIP WG 11.2 international conference on Information security theory and practices: smart devices, convergence and next generation networks
Component-based security policy design with colored Petri nets
Semantics and algebraic specification
Data protection models for service provisioning in the cloud
Proceedings of the 15th ACM symposium on Access control models and technologies
Detecting conflicts in ABAC policies with rule-reduction and binary-search techniques
POLICY'09 Proceedings of the 10th IEEE international conference on Policies for distributed systems and networks
An authorization framework resilient to policy evaluation failures
ESORICS'10 Proceedings of the 15th European conference on Research in computer security
Security rules versus security properties
ICISS'10 Proceedings of the 6th international conference on Information systems security
A language for provenance access control
Proceedings of the first ACM conference on Data and application security and privacy
Dynamic adaptation of access control policies
MILCOM'03 Proceedings of the 2003 IEEE conference on Military communications - Volume II
Access control via belnap logic: Intuitive, expressive, and analyzable policy composition
ACM Transactions on Information and System Security (TISSEC)
A semantic privacy-preserving model for data sharing and integration
Proceedings of the International Conference on Web Intelligence, Mining and Semantics
Service Oriented Computing and Applications
An access control language based on term rewriting and description logic
WFLP'10 Proceedings of the 19th international conference on Functional and constraint logic programming
Towards coequal authorization for dynamic collaboration
AMT'11 Proceedings of the 7th international conference on Active media technology
Influence of attribute freshness on decision making in usage control
STM'10 Proceedings of the 6th international conference on Security and trust management
Consolidating the access control of composite applications and workflows
DBSEC'06 Proceedings of the 20th IFIP WG 11.3 working conference on Data and Applications Security
Optimized workflow authorization in service oriented architectures
ETRICS'06 Proceedings of the 2006 international conference on Emerging Trends in Information and Communication Security
An algebra for enterprise privacy policies closed under composition and conjunction
ETRICS'06 Proceedings of the 2006 international conference on Emerging Trends in Information and Communication Security
Survey Paper: A survey on policy languages in network and security management
Computer Networks: The International Journal of Computer and Telecommunications Networking
Specification of access control and certification policies for semantic web services
EC-Web'05 Proceedings of the 6th international conference on E-Commerce and Web Technologies
Specifying and reasoning about dynamic access-control policies
IJCAR'06 Proceedings of the Third international joint conference on Automated Reasoning
Policies, models, and languages for access control
DNIS'05 Proceedings of the 4th international conference on Databases in Networked Information Systems
Privacy in the electronic society
ICISS'06 Proceedings of the Second international conference on Information Systems Security
Validation of policy integration using alloy
ICDCIT'05 Proceedings of the Second international conference on Distributed Computing and Internet Technology
Information flow control to secure dynamic web service composition
SPC'06 Proceedings of the Third international conference on Security in Pervasive Computing
Datalog for security, privacy and trust
Datalog'10 Proceedings of the First international conference on Datalog Reloaded
Transversal policy conflict detection
ESSoS'12 Proceedings of the 4th international conference on Engineering Secure Software and Systems
PTaCL: a language for attribute-based access control in open systems
POST'12 Proceedings of the First international conference on Principles of Security and Trust
A framework for the modular specification and orchestration of authorization policies
NordSec'10 Proceedings of the 15th Nordic conference on Information Security Technology for Applications
HiPoLDS: a security policy language for distributed systems
WISTP'12 Proceedings of the 6th IFIP WG 11.2 international conference on Information Security Theory and Practice: security, privacy and trust in computing systems and ambient intelligent ecosystems
TrustBus'07 Proceedings of the 4th international conference on Trust, Privacy and Security in Digital Business
Modular access control via strategic rewriting
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
Secure interoperation design in multi-domains environments based on colored Petri nets
Information Sciences: an International Journal
A graph-based formalism for controlling access to a digital library ontology
CISIM'12 Proceedings of the 11th IFIP TC 8 international conference on Computer Information Systems and Industrial Management
FENCE: continuous access control enforcement in dynamic data stream environments
Proceedings of the third ACM conference on Data and application security and privacy
HiPoLDS: A Hierarchical Security Policy Language for Distributed Systems
Information Security Tech. Report
A white-box policy analysis and its efficient implementation
Proceedings of the 18th ACM symposium on Access control models and technologies
On the notion of redundancy in access control policies
Proceedings of the 18th ACM symposium on Access control models and technologies
| Hi-index | 0.00 |
Despite considerable advancements in the area of access control and authorization languages, current approaches to enforcing access control are all based on monolithic and complete specifications. This assumption is too restrictive when access control restrictions to be enforced come from the combination of different policy specifications, each possibly under the control of independent authorities, and where the specifics of some component policies may not even be known apriori. Turning individual specifications into a coherent policy to be fed into the access control system requires a nontrivial combination and translation process. This article addresses the problem of combining authorization specifications that may be independently stated, possibly in different languages and according to different policies. We propose an algebra of security policies together with its formal semantics and illustrate how to formulate complex policies in the algebra and reason about them. A translation of policy expressions into equivalent logic programs is illustrated, which provides the basis for the implementation of the algebra. The algebra's expressiveness is analyzed through a comparison with first-order logic.