The semantic foundations of concurrent constraint programming
POPL '91 Proceedings of the 18th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
On the development of reactive systems
Logics and models of concurrent systems
Role-Based Access Control Models
Computer
Timed default concurrent constraint programming
Journal of Symbolic Computation - Special issue: executable temporal logics
Flexible support for multiple access control policies
ACM Transactions on Database Systems (TODS)
TRBAC: A temporal role-based access control model
ACM Transactions on Information and System Security (TISSEC)
Proposed NIST standard for role-based access control
ACM Transactions on Information and System Security (TISSEC)
An algebra for composing access control policies
ACM Transactions on Information and System Security (TISSEC)
An access control language for web services
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
Synchronous Programming of Reactive Systems
Synchronous Programming of Reactive Systems
Improving the granularity of access control for Windows 2000
ACM Transactions on Information and System Security (TISSEC)
Policy algebras for access control the predicate case
Proceedings of the 9th ACM conference on Computer and communications security
Delegation logic: A logic-based approach to distributed authorization
ACM Transactions on Information and System Security (TISSEC)
Temporal concurrent constraint programming: denotation, logic and applications
Nordic Journal of Computing
DATALOG with Constraints: A Foundation for Trust Management Languages
PADL '03 Proceedings of the 5th International Symposium on Practical Aspects of Declarative Languages
A propositional policy algebra for access control
ACM Transactions on Information and System Security (TISSEC)
Design of a Role-Based Trust-Management Framework
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Beyond Proof-of-Compliance: Safety and Availability Analysis in Trust Management
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
Empowering mobile code using expressive security policies
Proceedings of the 2002 workshop on New security paradigms
Practical Domain and Type Enforcement for UNIX
SP '95 Proceedings of the 1995 IEEE Symposium on Security and Privacy
Decentralized Trust Management
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
Flexible access control policy specification with constraint logic programming
ACM Transactions on Information and System Security (TISSEC)
Usage control: a unified framework for next generation access control
Usage control: a unified framework for next generation access control
The UCONABC usage control model
ACM Transactions on Information and System Security (TISSEC)
A logical specification for usage control
Proceedings of the ninth ACM symposium on Access control models and technologies
CSFW '04 Proceedings of the 17th IEEE workshop on Computer Security Foundations
Efficient and flexible access control via logic program specialisation
Proceedings of the 2004 ACM SIGPLAN symposium on Partial evaluation and semantics-based program manipulation
A model-based approach to integrating security policies for embedded devices
Proceedings of the 4th ACM international conference on Embedded software
A logic-based framework for attribute based access control
Proceedings of the 2004 ACM workshop on Formal methods in security engineering
Conflict and combination in privacy policy languages
Proceedings of the 2004 ACM workshop on Privacy in the electronic society
A compositional framework for access control policies enforcement
Proceedings of the 2003 ACM workshop on Formal methods in security engineering
Reconstructing trust management
Journal of Computer Security - Special issue on WITS'02
An algebra for fine-grained integration of XACML policies
Proceedings of the 14th ACM symposium on Access control models and technologies
A framework for abstract interpretation of timed concurrent constraint programs
PPDP '09 Proceedings of the 11th ACM SIGPLAN conference on Principles and practice of declarative programming
A logic for state-modifying authorization policies
ACM Transactions on Information and System Security (TISSEC)
Data protection models for service provisioning in the cloud
Proceedings of the 15th ACM symposium on Access control models and technologies
Rewrite specifications of access control policies in distributed environments
STM'10 Proceedings of the 6th international conference on Security and trust management
Matelas: a predicate calculus common formal definition for social networking
ABZ'10 Proceedings of the Second international conference on Abstract State Machines, Alloy, B and Z
Survey: Usage control in computer security: A survey
Computer Science Review
A framework for the modular specification and orchestration of authorization policies
NordSec'10 Proceedings of the 15th Nordic conference on Information Security Technology for Applications
A linear concurrent constraint approach for the automatic verification of access permissions
Proceedings of the 14th symposium on Principles and practice of declarative programming
A logic for state-modifying authorization policies
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
On the automated analysis of safety in usage control: a new decidability result
NSS'12 Proceedings of the 6th international conference on Network and System Security
| Hi-index | 0.00 |
This paper focuses on policy languages for (role-based) access control [14, 32], especially in their modern incarnations in the form of trust-management systems [9] and usage control [30, 31]. Any (declarative) approach to access control and trust management has to address the following issues: Explicit denial, inheritance, and overriding, and History-sensitive access control.Our main contribution is a policy algebra, in the timed concurrent constraint programming paradigm, that uses a form of default constraint programming to address the first issue, and reactive computing to address the second issue.The policy algebra is declarative --- programs can be viewed as imposing temporal constraints on the evolution of the system --- and supports equational reasoning. The validity of equations is established by coinductive proofs based on an operational semantics.The design of the policy algebra supports reasoning about policies by a systematic combination of constraint reasoning and model checking techniques based on linear time temporal-logic. Our framework permits us to perform security analysis with dynamic state-dependent restrictions.