A unified framework for enforcing multiple access control policies
SIGMOD '97 Proceedings of the 1997 ACM SIGMOD international conference on Management of data
Flexible meta access-control for collaborative applications
CSCW '98 Proceedings of the 1998 ACM conference on Computer supported cooperative work
Access control in federated systems
NSPW '96 Proceedings of the 1996 workshop on New security paradigms
A flexible authorization mechanism for relational data management systems
ACM Transactions on Information Systems (TOIS)
A secure execution framework for Java
Proceedings of the 7th ACM conference on Computer and communications security
A new approach to collaborative frameworks using shared objects
ACSC '01 Proceedings of the 24th Australasian conference on Computer science
An Authorization Model for a Distributed Hypertext System
IEEE Transactions on Knowledge and Data Engineering
Resolving Conflicts in Authorization Delegations
ACISP '02 Proceedings of the 7th Australian Conference on Information Security and Privacy
The Set and Function Approach to Modeling Authorization in Distributed Systems
MMM-ACNS '01 Proceedings of the International Workshop on Information Assurance in Computer Networks: Methods, Models, and Architectures for Network Security
A stratification-based approach for handling conflicts in access control
Proceedings of the eighth ACM symposium on Access control models and technologies
A Logical Framework for Reasoning on Data Access Control Policies
CSFW '99 Proceedings of the 12th IEEE workshop on Computer Security Foundations
An authorization model for geographical maps
Proceedings of the 12th annual ACM international workshop on Geographic information systems
Defeasible security policy composition for web services
Proceedings of the fourth ACM workshop on Formal methods in security
High Level Conflict Management Strategies in Advanced Access Control Models
Electronic Notes in Theoretical Computer Science (ENTCS)
Security policy compliance with violation management
Proceedings of the 2007 ACM workshop on Formal methods in security engineering
KES '07 Knowledge-Based Intelligent Information and Engineering Systems and the XVII Italian Workshop on Neural Networks on Proceedings of the 11th International Conference
An attribute-based authorization policy framework with dynamic conflict resolution
Proceedings of the 9th Symposium on Identity and Trust on the Internet
| Hi-index | 0.00 |
Elisa Bertino, Sushil Jajodia, and Pierangela Samarati Although there are several choices of policies for protection of information, access control models have been developed for a fixed set pre-defined access control policies that are then built into the corresponding access control mechanisms. This becomes a problem, however, if the access control requirements of an application are different from the policies built into a mechanism. In most cases, the only solution is to enforce the requirements as part of the application code, but this makes verification, modification, and adequate enforcement of these policies impossible. In this paper, we propose a flexible authorization mechanism that can support different security policies. The mechanism enforces a general authorization model onto which multiple access control policies can be mapped. The model permits negative and positive authorizations, authorizations that must be strongly obeyed and authorizations that allow for exceptions, and enforces ownership together with delegation of administrative privileges.