A survey of verification techniques for parallel programs
A survey of verification techniques for parallel programs
Journal of the ACM (JACM)
Proofs and types
A General Theory of Composition for a Class of "Possibilistic" Properties
IEEE Transactions on Software Engineering
A unified framework for enforcing multiple access control policies
SIGMOD '97 Proceedings of the 1997 ACM SIGMOD international conference on Management of data
Verification of sequential and concurrent programs (2nd ed.)
Verification of sequential and concurrent programs (2nd ed.)
A flexible authorization mechanism for relational data management systems
ACM Transactions on Information Systems (TOIS)
Journal of the ACM (JACM)
XML document security based on provisional authorization
Proceedings of the 7th ACM conference on Computer and communications security
A modular approach to composing access control policies
Proceedings of the 7th ACM conference on Computer and communications security
Flexible support for multiple access control policies
ACM Transactions on Database Systems (TODS)
Policy algebras for access control: the propositional case
CCS '01 Proceedings of the 8th ACM conference on Computer and Communications Security
First-Order Dynamic Logic
Separation of Duty in Role-based Environments
CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
A Logic For State Transformations in Authorization Policies
CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
Enforceable Security Policies
Language-Based Security
A General Theory of Composition for Trace Sets Closed under Selective Interleaving Functions
SP '94 Proceedings of the 1994 IEEE Symposium on Security and Privacy
A Logical Language for Expressing Authorizations
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Policy algebras for access control the predicate case
Proceedings of the 9th ACM conference on Computer and communications security
Using certified policies to regulate E-commerce transactions
ACM Transactions on Internet Technology (TOIT)
Timed constraint programming: a declarative approach to usage control
PPDP '05 Proceedings of the 7th ACM SIGPLAN international conference on Principles and practice of declarative programming
Presto Authorization: A Bitmap Indexing Scheme for High-Speed Access Control to XML Documents
IEEE Transactions on Knowledge and Data Engineering
Beyond separation of duty: an algebra for specifying high-level security policies
Proceedings of the 13th ACM conference on Computer and communications security
Access control policies and languages
International Journal of Computational Science and Engineering
Beyond separation of duty: An algebra for specifying high-level security policies
Journal of the ACM (JACM)
A rewriting framework for the composition of access control policies
Proceedings of the 10th international ACM SIGPLAN conference on Principles and practice of declarative programming
D-algebra for composing access control policy decisions
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
An algebra for fine-grained integration of XACML policies
Proceedings of the 14th ACM symposium on Access control models and technologies
Access control policy combining: theory meets practice
Proceedings of the 14th ACM symposium on Access control models and technologies
Towards a dynamic and composable model of trust
Proceedings of the 14th ACM symposium on Access control models and technologies
Handling inheritance violation for secure interoperation of heterogeneous systems
International Journal of Security and Networks
A Formal Approach for the Evaluation of Network Security Mechanisms Based on RBAC Policies
Electronic Notes in Theoretical Computer Science (ENTCS)
Algebra for capability based attack correlation
WISTP'08 Proceedings of the 2nd IFIP WG 11.2 international conference on Information security theory and practices: smart devices, convergence and next generation networks
Component-based security policy design with colored Petri nets
Semantics and algebraic specification
An authorization framework resilient to policy evaluation failures
ESORICS'10 Proceedings of the 15th European conference on Research in computer security
Towards coequal authorization for dynamic collaboration
AMT'11 Proceedings of the 7th international conference on Active media technology
Consolidating the access control of composite applications and workflows
DBSEC'06 Proceedings of the 20th IFIP WG 11.3 working conference on Data and Applications Security
An algebra for enterprise privacy policies closed under composition and conjunction
ETRICS'06 Proceedings of the 2006 international conference on Emerging Trends in Information and Communication Security
An approach for trusted interoperation in a multidomain environment
ATC'06 Proceedings of the Third international conference on Autonomic and Trusted Computing
Policies, models, and languages for access control
DNIS'05 Proceedings of the 4th international conference on Databases in Networked Information Systems
Privacy in the electronic society
ICISS'06 Proceedings of the Second international conference on Information Systems Security
PTaCL: a language for attribute-based access control in open systems
POST'12 Proceedings of the First international conference on Principles of Security and Trust
A framework for the modular specification and orchestration of authorization policies
NordSec'10 Proceedings of the 15th Nordic conference on Information Security Technology for Applications
Modular access control via strategic rewriting
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
FENCE: continuous access control enforcement in dynamic data stream environments
Proceedings of the third ACM conference on Data and application security and privacy
| Hi-index | 0.01 |
Security-sensitive environments protect their information resources against unauthorized use by enforcing access control mechanisms driven by access control policies. Due to the need to compare, contrast, and compose such protected information resources, access control policies regulating their manipulation need to be compared, contrasted, and composed. An algebra for manipulating such access control policies at a higher (propositional) level, where the operations of the algebra are abstracted from their specification details, is the subject of this paper. This algebra is applicable to policies that have controlled nondeterminism and all or nothing assignments of access privileges in their specification. These requirements reflect current practices in discretionary and role-based access control models. Therefore, the proposed algebra can be used to reason about role-based access control policies combined with other forms of discretionary policies. We show how to use algebraic identities to reason about consistency, completeness, and determinacy of composed policies using similar properties of their constituents.