Interactive simulation of security policies
Proceedings of the 2002 ACM symposium on Applied computing
Providing Fine-grained Access Control for Java Programs
ECOOP '99 Proceedings of the 13th European Conference on Object-Oriented Programming
Specification and Verification of Security Policies in Firewalls
EurAsia-ICT '02 Proceedings of the First EurAsian Conference on Information and Communication Technology
IPSec/VPN Security Policy: Correctness, Conflict Detection, and Resolution
POLICY '01 Proceedings of the International Workshop on Policies for Distributed Systems and Networks
Combining logics for modelling security policies
ACSC '05 Proceedings of the Twenty-eighth Australasian conference on Computer Science - Volume 38
Methods and limitations of security policy reconciliation
ACM Transactions on Information and System Security (TISSEC)
Defeasible security policy composition for web services
Proceedings of the fourth ACM workshop on Formal methods in security
An extended RBAC profile of XACML
Proceedings of the 3rd ACM workshop on Secure web services
A review of information security issues and respective research contributions
ACM SIGMIS Database
An epistemic framework for privacy protection in database linking
Data & Knowledge Engineering
High Level Conflict Management Strategies in Advanced Access Control Models
Electronic Notes in Theoretical Computer Science (ENTCS)
Harnessing Models for Policy Conflict Analysis
AIMS '07 Proceedings of the 1st international conference on Autonomous Infrastructure, Management and Security: Inter-Domain Management
Path-Based Access Control for Enterprise Networks
ISC '08 Proceedings of the 11th international conference on Information Security
Reasoning with an Incomplete Information Exchange Policy
ECSQARU '07 Proceedings of the 9th European Conference on Symbolic and Quantitative Approaches to Reasoning with Uncertainty
Verifying compliance of trusted programs
SS'08 Proceedings of the 17th conference on Security symposium
A Formal Approach for the Evaluation of Network Security Mechanisms Based on RBAC Policies
Electronic Notes in Theoretical Computer Science (ENTCS)
Granulation as a privacy protection mechanism
Transactions on rough sets VII
A logical specification and analysis for SELinux MLS policy
ACM Transactions on Information and System Security (TISSEC)
Component-based security policy design with colored Petri nets
Semantics and algebraic specification
A dyadic operator for the gradation of desirability
DEON'10 Proceedings of the 10th international conference on Deontic logic in computer science
Policy analysis for Administrative Role-Based Access Control
Theoretical Computer Science
Information and Software Technology
Reducing normative conflicts in information security
Proceedings of the 2011 workshop on New security paradigms workshop
A generic policy-conflict handling model
ISCIS'05 Proceedings of the 20th international conference on Computer and Information Sciences
OWL-POLAR: A framework for semantic policy representation and reasoning
Web Semantics: Science, Services and Agents on the World Wide Web
Consistency policies for dynamic information systems with declassification flows
ICISS'11 Proceedings of the 7th international conference on Information Systems Security
TBA: a hybrid of logic and extensional access control systems
FAST'11 Proceedings of the 8th international conference on Formal Aspects of Security and Trust
Obligations to enforce prohibitions: on the adequacy of security policies
Proceedings of the 6th International Conference on Security of Information and Networks
Formal methods for exchange policy specification
CAiSE'13 Proceedings of the 25th international conference on Advanced Information Systems Engineering
Journal of Computer Security - CSF 2010
Hi-index | 0.00 |
Abstract: We discuss the development of a methodology for reasoning about properties of security policies. We view a security policy as a special case of regulation which specifies what actions some agents are permitted, obliged or forbidden to perform and we formalize a policy by a set of deontic formulae. We first address the problem of checking policy consistency and describe a method for solving it. The second point we are interested in is how to query a policy to know the actual norms which apply to a given situation. In order to provide the user with consistent answers, the normative conflicts which may appear in the policy must be solved. For doing so, we suggest using the notion of roles and define priorities between roles.