The foundations of program verification (2nd ed.)
The foundations of program verification (2nd ed.)
Role-Based Access Control Models
Computer
A General Theory of Composition for a Class of "Possibilistic" Properties
IEEE Transactions on Software Engineering
The ARBAC97 model for role-based administration of roles
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
A flexible authorization mechanism for relational data management systems
ACM Transactions on Information Systems (TOIS)
A modular approach to composing access control policies
Proceedings of the 7th ACM conference on Computer and communications security
Role-based authorization constraints specification
ACM Transactions on Information and System Security (TISSEC)
Flexible support for multiple access control policies
ACM Transactions on Database Systems (TODS)
Policy algebras for access control: the propositional case
CCS '01 Proceedings of the 8th ACM conference on Computer and Communications Security
The Science of Programming
Dynamic Logic
A propositional policy algebra for access control
ACM Transactions on Information and System Security (TISSEC)
A Logic For State Transformations in Authorization Policies
CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
Enforceable Security Policies
A General Theory of Composition for Trace Sets Closed under Selective Interleaving Functions
SP '94 Proceedings of the 1994 IEEE Symposium on Security and Privacy
SP'88 Proceedings of the 1988 IEEE conference on Security and privacy
A Unified Scheme for Resource Protection in Automated Trust Negotiation
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
An access control framework for business processes for web services
Proceedings of the 2003 ACM workshop on XML security
Timed constraint programming: a declarative approach to usage control
PPDP '05 Proceedings of the 7th ACM SIGPLAN international conference on Principles and practice of declarative programming
ACM Transactions on Information and System Security (TISSEC)
Access control policy combining: theory meets practice
Proceedings of the 14th ACM symposium on Access control models and technologies
Distributed event-based access control
International Journal of Information and Computer Security
Dynamic event-based access control as term rewriting
Proceedings of the 21st annual IFIP WG 11.3 working conference on Data and applications security
Interactive credential negotiation for stateful business processes
iTrust'05 Proceedings of the Third international conference on Trust Management
TBA: a hybrid of logic and extensional access control systems
FAST'11 Proceedings of the 8th international conference on Formal Aspects of Security and Trust
Policy administration in tag-based authorization
FPS'12 Proceedings of the 5th international conference on Foundations and Practice of Security
| Hi-index | 0.00 |
This paper deals with the algebra used to compose access control policies of collaborating organizations. To maintain a conceptual coherence and to have a common basis for comparison, we seek a framework that can be viewed at different levels of abstraction. In [21, 22], we presented a propositional version of the algebra that can support algebraic manipulations of uninterpreted policies. This paper extends the algebra to many sorted first order predicate case. The predicate version can be used to reason about first order properties of security policies from their components. We show how to compose and reason about security properties such as those used in role based access control models usually specified using second order (set) quantifiers in languages (see RCL2000 [1]). We also show how different application specific notions of consistency and completeness can be formulated as sentences in our many sorted first order logic and propose a Hoare calculus to reason about them.