SPL: An access control language for security policies with complex constraints

Proceedings of the Symposium on Network and Distributed System Security, NDSS 2001

Volumn , Issue , 2001, Pages

  Ribeiro, Carlos ^a   Zúquete, André ^a   Ferreira, Paulo ^a   Guedes, Paulo ^a  

^a UL   (Portugal)

Author keywords

[No Author keywords available]

Indexed keywords

COMPLEX NETWORKS; NETWORK SECURITY; SECURITY SYSTEMS;

ACCESS CONTROL LANGUAGE; COMPLEX CONSTRAINTS; GLOBAL SECURITY; INFORMATION FLOW POLICIES; POLICY LANGUAGE; SECURITY DOMAINS; SECURITY MODELING; SECURITY POLICY; SINGLE DESCRIPTIONS; WORK-FLOWS;

ACCESS CONTROL;

EID: 84945150402     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (40)

1. D. Bell and L. LaPadula. Secure computer systems: Mathematical foundations. Technical Report MTR-2547, Vol 1, MITRE Corp., Bedford, MA, Nov. 1973.
2. E. Bertino, F. Buccafurri, E. Ferrari, and P. Rullo. A logical framework for reasoning on data access control policies. In Proceeding of the 12th IEEE Computer Security Workshop. IEEE Computer Society Press, July 1999.
3. E. Bertino, S. Jajodia, and P. Samarati. Supporting multiple access control policies in database systems. In IEEE Symposium on Security and Privacy, pages 94–109, Oakland, CA, 1996. IEEE Computer Society Press.
4. W. R. Bevier and W. D. Young. A constraint language for adage. Technical report, Computational Logic, Inc., Apr. 1997.
5. Blaze, Feigenbaum, and Strauss. Compliance checking in the policymaker trust management system. In FC: International Conference on Financial Cryptography. LNCS, Springer-Verlag, 1998.
6. M. Blaze, J. Feigenbaum, and J. Ionnidis. The KeyNote trust-management system version. Technical report, Internet RFC 2704, September 1999.
7. M. Blaze, J. Feigenbaum, and A. D. Keromytis. KeyNote: Trust management for public-key infrastructures. Lecture Notes in Computer Science, 1550:59–63, 1999.
8. M. Blaze, J. Feigenbaum, and J. Lacy. Decentralized trust management. In Proceedings of the IEEE Symposium on Research in Security and Privacy, Research in Security and Privacy, Oakland, CA, May 1996. IEEE Computer Society,Technical Committee on Security and Privacy, IEEE Computer Society Press.
9. M. Blaze, J. Pigenbaum, and A. D. Keromytis. Key note: Trust management for public-key infrastructures. Lecture Notes in Computer Science, 1550:59, 1999.
10. D. F. Brewer and M. J. Nash. The chinese wall security policy. In SympSecPr, Research in Security and Privacy, pages 206–214, Oakland, CA, May 1989. IEEE, IEEECSP.
11. M. Carney and B. Loe. A comparison of methods for implementing adaptive security policies. In Proceedings of the 7th USENIX Security Symposium (SECURITY-98), pages 1–14, Berkeley, Jan. 26–29, 1998. Usenix Association.
12. F. Cuppens and C. Saurel. Specifying a security policy: A case study. In IEEE Computer Society Computer Security Foundations Workshop (CSFW9), pages 123–135, 1996.
13. D. E. Denning. A lattice model of secure information flow. Communications of the ACM, 20, July 1977.
14. DoD. Dod trusted computer system evaluation criteria. Technical Report 5200.28-STD, DoD, Dec.26 1985.
15. G. Edjlali, A. Acharya, and V. Chaudhary. History-based access control for mobile code. In 5th ACM Conference on Computer and Communications Security, pages 38–48, San Francisco, California, Nov. 1998. ACM Press.
16. W. K. Edwards. Policies and roles in collaborative applications. In Proceedings of the ACM 1996 Conference on Computer Supported Work, pages 11–20, New York, Nov. 16–20, 1996. ACM Press.
17. C. M. Ellison, B. Frantz, B. Lampson, R. Rivest, B. M. Thomas, and T. Ylonen. SPKI certificate theory. Internet RFC 2693, Sept. 1999.
18. D. F. Ferraiolo, J. F. Barkley, and D. R. Kuhn. A role-based access control model and reference implementation within a corporate intranet. ACM Transactions on Information and System Security, 2(1):34–64, Feb. 1999.
19. T. Fraser and L. Badger. Ensuring continuity during dynamic security policy reconfiguration in dte. In Proceedings of the 1998 IEEE Conference on Security and Privacy (SSP’98), pages 15–26. IEEE, May 1998.
20. L. Giuri and P. Iglio. Role templates for content-based access control. In Proceedings of the 2nd ACM Workshop on Role-Based Access Control (RBAC-97), pages 153–159, New York, Nov. 6–7 1997. ACM Press.
21. J. Gray and A. Reuter. Transaction Processing: concepts and techniques. Data Management Systems. Morgan Kaufmann Publishers, Inc., San Mateo (CA), USA, 1993.
22. J. A. Hoagland, R. Pandley, and K. N. Levitt. Security policy specification using a graphical approach. Technical report, Department of Computer Science, University of California Davis, July 1998.
23. S. Jajodia, P. Samarati, and V. S. Subrahmanian. A logical language for expressing authorizations. In SympSecPr, Research in Security and Privacy, Oakland, CA, May 1997. IEEECSP.
24. S. Jajodia, P. Samarati, V. S. Subrahmanian, and E. Bertino. A unified framework for enforcing multiple access control policies. SIGMOD Record (ACM Special Interest Group on Management of Data), 26(2):474–485, June 1997.
25. N. Li, J. Feigenbaum, and B. N. Grosof. A logic-based knowledge representation for authorization with delegation. In Proceeding of the 12th IEEE Computer Security Workshop. IEEE Computer Society Press, July 1999.
26. E. C. Lupu and M. Sloman. Reconciling role-based management and role-based access control. In Proceedings of the 2nd ACM Workshop on Role-Based Access Control (RBAC-97), pages 135–142, New York, Nov. 6–7 1997. ACM Press.
27. N. H. Minsky and V. Ungureanu. Unified support for heterogeneous security policies in distributed systems. In Proceedings of the 7th USENIX Security Symposium (SECURITY-98), pages 131–142, Berkeley, Jan. 26–29, 1998. Usenix Association.
28. M. J. Nash and K. R. Poland. Some conundrums concerning separation of duty. In Proceedings of the 1990 IEEE Conference on Security and Privacy (SSP’90), pages 201–209. IEEE, May 1990.
29. H. packard Publication Services. HP praesidium / authorization server white paper. Published in Internet, 1998.
30. C. Ribeiro and P. Guedes. Verifying workflow processes against organization security policies. In Proceedings of the 8th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises, pages 190–191, Standford, California, June16-18 1999. IEEE Computer Society, IEEE Computer Society.
31. C. Ribeiro, A. Zúquete, P. Ferreira, and P. Guedes. Security policy consistency. Technical Report RT/03/00, INESC, 2000.
32. R. Sandhu. Separation of duties in computarized information systems. In Proceedings of the IFIP WG11.3 Workshop on Database Security, Halifax, UK, Sept.18–21 1990.
33. R. S. Sandhu. Lattice-based access control models. IEEE Computer, 26(11):9, Nov. 1993.
34. R. S. Sandhu, E. J. Coyne, H. L. Feinstein, and C. E. Youman. Role-based access control: A multi-dimensional view. In 10th Annual Computer Security Applications Conference, pages 54–62, 1994.
35. R. S. Sandhu, E. J. Coyne, H. L. Feinstein, and C. E. Youman. Role-based access control models. Computer, 29(2):38–47, Feb. 1996.
36. F. B. Schneider. Enforceable security policies. The ACM Transactions on Information and System Security, 3(1), February 2000.
37. Simon and Zurko. Separation of duty in role-based environments. In PCSFW: Proceedings of The 10th Computer Security Foundations Workshop. IEEE Computer Society Press, 1997.
38. Ã I-N-OVA Ä model. In B. Drabble, editor, Proceedings of the 3rd International Conference on Artificial Intelligence Planning Systems (AIPS-96), pages 221–228. AAAI Press, 1996.
39. T. Y. C. Woo and S. S. Lam. Authorization in distributed systems: A formal approach. In Proceedings of the 1992 IEEE Computer Society Symposium on Security and Privacy (SSP’92), pages 33–51. IEEE, May 1992.
40. M. E. Zurko, R. Simon, and T. Sanfilipo. A user-centered, modular authorization service built on an rbac foundation. In Proceeding of the 12th IEEE Computer Security Workshop. IEEE Computer Society Press, July 1999.