Affiliation:
1. George Mason University, Fairfax, VA
Abstract
Security-sensitive environments protect their information resources against unauthorized use by enforcing access control mechanisms driven by access control policies. Due to the need to compare, contrast, and compose such protected information resources, access control policies regulating their manipulation need to be compared, contrasted, and composed. An algebra for manipulating such access control policies at a higher (propositional) level, where the operations of the algebra are abstracted from their specification details, is the subject of this paper. This algebra is applicable to policies that have controlled nondeterminism and
all or nothing
assignments of access privileges in their specification. These requirements reflect current practices in discretionary and role-based access control models. Therefore, the proposed algebra can be used to reason about role-based access control policies combined with other forms of discretionary policies. We show how to use algebraic identities to reason about consistency, completeness, and determinacy of composed policies using similar properties of their constituents.
Publisher
Association for Computing Machinery (ACM)
Subject
Safety, Risk, Reliability and Quality,General Computer Science
Reference25 articles.
1. Defining liveness;Alpern B.;Inf. Process. Lett.,1985
2. Recognizing safety and liveness;Alpern B.;Distributed Comput.,1987
3. Lecture Notes in Computer Science;Barringer H.
Cited by
54 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献