Principles of database and knowledge-base systems, Vol. I
Principles of database and knowledge-base systems, Vol. I
Protection in operating systems
Communications of the ACM
Flexible support for multiple access control policies
ACM Transactions on Database Systems (TODS)
A logical framework for reasoning about access control models
ACM Transactions on Information and System Security (TISSEC)
A stratification-based approach for handling conflicts in access control
Proceedings of the eighth ACM symposium on Access control models and technologies
A Logic For State Transformations in Authorization Policies
CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
Organization based access control
POLICY '03 Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks
Obligation Monitoring in Policy Management
POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
Supporting Multiple Access Control Policies in Database Systems
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
Analyzing consistency of security policies
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
A Logical Language for Expressing Authorizations
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Modelling Contexts in the Or-BAC Model
ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
Comparing the expressive power of access control models
Proceedings of the 11th ACM conference on Computer and communications security
Specifying Intrusion Detection and Reaction Policies: An Application of Deontic Logic
DEON '08 Proceedings of the 9th international conference on Deontic Logic in Computer Science
Modeling System Security Rules with Time Constraints Using Timed Extended Finite State Machines
DS-RT '08 Proceedings of the 2008 12th IEEE/ACM International Symposium on Distributed Simulation and Real-Time Applications
Reaction Policy Model Based on Dynamic Organizations and Threat Context
Proceedings of the 23rd Annual IFIP WG 11.3 Working Conference on Data and Applications Security XXIII
An Extended Role-Based Access Control Model for Delegating Obligations
TrustBus '09 Proceedings of the 6th International Conference on Trust, Privacy and Security in Digital Business
An ontology-based approach to react to network attacks
International Journal of Information and Computer Security
An intelligent information sharing control system for dynamic collaborations
Proceedings of the 8th International Conference on Frontiers of Information Technology
Dynamic deployment of context-aware access control policies for constrained security devices
Journal of Systems and Software
Dynamic security rules for geo data
DPM'09/SETOP'09 Proceedings of the 4th international workshop, and Second international conference on Data Privacy Management and Autonomous Spontaneous Security
Model-Driven security policy deployment: property oriented approach
ESSoS'10 Proceedings of the Second international conference on Engineering Secure Software and Systems
Proceedings of the 17th ACM symposium on Access Control Models and Technologies
Challenges in ehealth: from enabling to enforcing privacy
FHIES'11 Proceedings of the First international conference on Foundations of Health Informatics Engineering and Systems
Hi-index | 0.01 |
Specifying a security policy that includes both permissions and prohibitions, may lead to conflicts. This corresponds to a situation where a subject is both permitted and prohibited to perform a given action on a given object. We adopt a comparative approach to investigate this problem. We first investigate access control models based on rules, called Rule-BAC, and present weaknesses that arise when we try to manage conflicts in this model. In particular, Rule-BAC models fail to provide decidable solution to redundant rules and potential conflicts problems. Then, we show how a more structured model, say OR-BAC (Organization Based Access Control), gifted with inheritance mechanism make redundant rules and potential conflict problems tractable in polynomial time.