Sciweavers

CCS
2007
ACM

A simple and expressive semantic framework for policy composition in access control

14 years 6 months ago
A simple and expressive semantic framework for policy composition in access control
In defining large, complex access control policies, one would like to compose sub-policies, perhaps authored by different organizations, into a single global policy. Existing policy composition approaches tend to be ad-hoc, and do not explain whether too many or too few policy combinators have been defined. We define an access control policy as a fourvalued predicate that maps accesses to either grant, deny, conflict, or unspecified. These correspond to the four elements of the Belnap bilattice. Functions on this bilattice are then extended to policies to serve as policy combinators. We argue that this approach provides a simple and natural semantic framework for policy composition, with a minimal but functionally complete set of policy combinators. We define derived, higher-level operators that are convenient for the specification of access control policies, and enable the decoupling of conflict resolution from policy composition. Finally, we propose a basic query language a...
Glenn Bruns, Daniel S. Dantas, Michael Huth
Added 07 Jun 2010
Updated 07 Jun 2010
Type Conference
Year 2007
Where CCS
Authors Glenn Bruns, Daniel S. Dantas, Michael Huth
Comments (0)