Executing temporal logic programs
Executing temporal logic programs
A calculus for access control in distributed systems
ACM Transactions on Programming Languages and Systems (TOPLAS)
Role-Based Access Control Models
Computer
An access control model supporting periodicity constraints and temporal reasoning
ACM Transactions on Database Systems (TODS)
Software engineering for security: a roadmap
Proceedings of the Conference on The Future of Software Engineering
ACM Transactions on Information and System Security (TISSEC)
Protection in operating systems
Communications of the ACM
Flexible support for multiple access control policies
ACM Transactions on Database Systems (TODS)
An algebra for composing access control policies
ACM Transactions on Information and System Security (TISSEC)
A Temporal Access Control Mechanism for Database Systems
IEEE Transactions on Knowledge and Data Engineering
Access Control: Policies, Models, and Mechanisms
FOSAD '00 Revised versions of lectures given during the IFIP WG 1.7 International School on Foundations of Security Analysis and Design on Foundations of Security Analysis and Design: Tutorial Lectures
Refining Interval Temporal Logic Specifications
ARTS '97 Proceedings of the 4th International AMAST Workshop on Real-Time Systems and Concurrent and Distributed Software: Transformation-Based Reactive Systems Development
A logical specification for usage control
Proceedings of the ninth ACM symposium on Access control models and technologies
Towards a credential-based implementation of compound access control policies
Proceedings of the ninth ACM symposium on Access control models and technologies
Timed constraint programming: a declarative approach to usage control
PPDP '05 Proceedings of the 7th ACM SIGPLAN international conference on Principles and practice of declarative programming
Formal model and policy specification of usage control
ACM Transactions on Information and System Security (TISSEC)
Logic-based Conflict Detection for Distributed Policies
Fundamenta Informaticae - Fundamentals of Software Engineering 2007: Selected Contributions
StPowla: SOA, Policies and Workflows
Service-Oriented Computing - ICSOC 2007 Workshops
Towards a times-based usage control model
Proceedings of the 21st annual IFIP WG 11.3 working conference on Data and applications security
Logic-based detection of conflicts in APPEL policies
FSEN'07 Proceedings of the 2007 international conference on Fundamentals of software engineering
Monitoring security policies with metric first-order temporal logic
Proceedings of the 15th ACM symposium on Access control models and technologies
Temporal authorizations scheme for XML document
DNCOCO'06 Proceedings of the 5th WSEAS international conference on Data networks, communications and computers
Model-driven development of adaptable service-oriented business processes
Rigorous software engineering for service-oriented systems
Analysis and run-time verification of dynamic security policies
DAMAS'05 Proceedings of the 2005 international conference on Defence Applications of Multi-Agent Systems
λ-RBAC: programming with role-based access control
ICALP'06 Proceedings of the 33rd international conference on Automata, Languages and Programming - Volume Part II
SEM'04 Proceedings of the 4th international conference on Software Engineering and Middleware
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
Validation of policy integration using alloy
ICDCIT'05 Proceedings of the Second international conference on Distributed Computing and Internet Technology
Logic-based Conflict Detection for Distributed Policies
Fundamenta Informaticae - Fundamentals of Software Engineering 2007: Selected Contributions
Verification and enforcement of access control policies
Formal Methods in System Design
| Hi-index | 0.00 |
Despite considerable number of work on authorization models, enforcing multiple polices is still a challenge in order to achieve the level of security required in many real-world systems. Moreover current approaches address security settings independently, and their incorporation into systems development lifecycle is not well understood. This paper presents a formal model for the specification of access control policies. The approach can handle the enforcement of multiple policies through policies composition. Temporal dependencies among authorizations can be formulated. Interval Temporal Logic (ITL) is our underlying formal framework an policies are modeled as safety properties expressing how authorizations are granted over time. The approach is compositional, and can be used to specify other system's properties such as functional and temporal requirements. The use of a common formalism eases the integration of security requirements into system requirements so that they can be reasoned about uniformly throughout the development lifecycle. Furthermore specification of policies are executable in Tempura, a simulation tool for ITL.