Article

Free access

A modular approach to composing access control policies

Authors:

Piero Bonatti,

Sabrina de Capitani di Vimercati,

Pierangela SamaratiAuthors Info & Claims

CCS '00: Proceedings of the 7th ACM conference on Computer and Communications Security

Pages 164 - 173

https://doi.org/10.1145/352600.352623

Published: 01 November 2000 Publication History

PDF eReader

References

[1]

M. Abadi and L. Lamport. Composing speci~cations. ACM Transactions on Programming Languages, 14(4):1{60, October 1992.]]

Google Scholar

[2]

D. Banisar and S. Davies. Privacy & Human Rights - An International Survey of Privacy Laws and Developments. EPIC, 1999.]]

Google Scholar

[3]

E. Bertino, S. Jajodia, and P. Samarati. A exible authorization mechanism for relational data management systems. ACM Transactions on Information Systems, 17(2):101{140, April 1999.]]

Digital Library

Google Scholar

[4]

E. Damiani, S. De Capitani di Vimercati, S. Paraboschi, and P. Samarati. Design and implementation of an access control processor for XML documents. In Proc. of the WWW9 Conference, Amsterdam, May 2000.]]

Digital Library

Google Scholar

[5]

H.H. Hosmer. The multipolicy paradigm. In Proc. of the 15th National Computer Security Conference, pages 409{422, Baltimore, MD, October 1992.]]

Google Scholar

[6]

T. Jaeger. Access control in con~gurable systems. In Jan Vitek and Christian Jensen, editors, Secure Internet Programming, volume 1603, pages 289{310. Springer-Verlag, 1999.]]

Digital Library

Google Scholar

[7]

S. Jajodia, P. Samarati, and V.S. Subrahmanian. A logical language for expressing authorizations. In Proc. of the 1997 IEEE Symposium on Security and Privacy, pages 94{107, Oakland, CA, May 1997.]]

Digital Library

Google Scholar

[8]

S. Jajodia, P. Samarati, V.S. Subrahmanian, and E. Bertino. A uni~ed framework for enforcing multiple access control policies. In Proc. of the 1997 ACM SIGMOD, pages 474{485, Tucson, AZ, May 1997.]]

Digital Library

Google Scholar

[9]

C. Landwehr. Formal models for computer security. Computing Surveys, 13(3):247{278, September 1981.]]

Digital Library

Google Scholar

[10]

N. Li, J. Feigenbaum, and B. Grosof. A logic-based knowledge representation for authorization with delegation. In Proc. of the 12th IEEE Computer Security Foundations Workshop, pages 162{174, Mordano, Italy, June 1999.]]

Digital Library

Google Scholar

[11]

J.W. Lloyd. Foundations of logic programming. Springer-Verlag, 1984.]]

Digital Library

Google Scholar

[12]

T.F. Lunt. Access control policies for database systems. In C.E. Landwehr, editor, Database Security II: Status and Prospects, pages 41{52. North-Holland, 1989.]]

Google Scholar

[13]

F. Rabitti, E. Bertino, W. Kim, and D. Woelk. A model of authorization for next-generation database systems. ACM TODS, 16(1):89{131, March 1991.]]

Digital Library

Google Scholar

[14]

K. Sagonas, T. Swift, D.S. Warren, J. Freire, and P. Rao. The XSB programmer's manual, version 2.2. http://xsb.sourceforge.net, April 2000.]]

Google Scholar

[15]

H. Shen and P. Dewan. Access control for collaborative environments. In Proc. Int. Conf. on Computer Supported Cooperative Work, pages 51{58, Toronto, Canada, November 1992.]]

Digital Library

Google Scholar

[16]

L. Sterling and E. Shapiro. The art of Prolog. MIT Press, Cambridge, MA, 1997.]]

Google Scholar

[17]

V.S. Subrahmanian, S. Adali, A. Brink, R. Emery, J.J. Lu, A. Rajput, T.J. Rogers, R. Ross, and C. Ward. Hermes: Heterogeneous reasoning and mediator system. http://www.cs.umd.edu/projects/publications/ abstracts/hermes.html.]]

Google Scholar

[18]

T.Y.C. Woo and S.S. Lam. Authorizations in distributed systems: A new approach. Journal of Computer Security, 2(2,3):107{136, 1993.]]

Crossref

Google Scholar

Cited By

View all

McClurg J(2021)Correct-by-Construction Network Programming for Stateful Data-PlanesProceedings of the ACM SIGCOMM Symposium on SDN Research (SOSR)10.1145/3482898.3483362(66-79)Online publication date: 11-Oct-2021
https://dl.acm.org/doi/10.1145/3482898.3483362
Belim SBelim S(2020)The Security Policies Optimization Problem for Composite Information Systems2020 International Multi-Conference on Industrial Engineering and Modern Technologies (FarEastCon)10.1109/FarEastCon50210.2020.9271465(1-4)Online publication date: 6-Oct-2020
https://doi.org/10.1109/FarEastCon50210.2020.9271465
Zou DHuang ZYuan BChen HJin H(2018)Solving Anomalies in NFV-SDN Based Service Function Chaining Composition for IoT NetworkIEEE Access10.1109/ACCESS.2018.28763146(62286-62295)Online publication date: 2018
https://doi.org/10.1109/ACCESS.2018.2876314
Show More Cited By

Index Terms

Recommendations

An algebra for composing access control policies

Despite considerable advancements in the area of access control and authorization languages, current approaches to enforcing access control are all based on monolithic and complete specifications. This assumption is too restrictive when access control ...
A propositional policy algebra for access control

Security-sensitive environments protect their information resources against unauthorized use by enforcing access control mechanisms driven by access control policies. Due to the need to compare, contrast, and compose such protected information resources,...
Modular Composition of Access Control Policies: A Framework to Build Multi-Site Multi-Level Combinations
SACMAT '22: Proceedings of the 27th ACM on Symposium on Access Control Models and Technologies

We present general notions of access control policy composition using the CBAC model. We show that CBAC provides a uniform framework to define compositions of heterogeneous policies (e.g., RBAC and ABAC policies) as required in many practical ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

CCS '00: Proceedings of the 7th ACM conference on Computer and Communications Security

November 2000

255 pages

ISBN:1581132034

DOI:10.1145/352600

Chairmen:
Dimitris Gritzalis
Athens Univ., of Economics & Business, Athens, Greece
,
Sushil Jajodia
George Mason Univ., Fairfax, VA
,
Editor:
Pierangela Samarati
Univ. of Milan, Milan, Italy

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 November 2000

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

CCS00

Sponsor:

SIGSAC
Greek Com Soc
Athens U of Econ & Business

CCS00: 7th ACM Conference on Computer and Communication Security 2000

November 1 - 4, 2000

Athens, Greece

Acceptance Rates

CCS '00 Paper Acceptance Rate 28 of 132 submissions, 21%;

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

59
Total Citations
View Citations
1,181
Total Downloads

Downloads (Last 12 months)64
Downloads (Last 6 weeks)12

Reflects downloads up to 22 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

McClurg J(2021)Correct-by-Construction Network Programming for Stateful Data-PlanesProceedings of the ACM SIGCOMM Symposium on SDN Research (SOSR)10.1145/3482898.3483362(66-79)Online publication date: 11-Oct-2021
https://dl.acm.org/doi/10.1145/3482898.3483362
Belim SBelim S(2020)The Security Policies Optimization Problem for Composite Information Systems2020 International Multi-Conference on Industrial Engineering and Modern Technologies (FarEastCon)10.1109/FarEastCon50210.2020.9271465(1-4)Online publication date: 6-Oct-2020
https://doi.org/10.1109/FarEastCon50210.2020.9271465
Zou DHuang ZYuan BChen HJin H(2018)Solving Anomalies in NFV-SDN Based Service Function Chaining Composition for IoT NetworkIEEE Access10.1109/ACCESS.2018.28763146(62286-62295)Online publication date: 2018
https://doi.org/10.1109/ACCESS.2018.2876314
Prakash CLee JTurner YKang JAkella ABanerjee SClark CMa YSharma PZhang Y(2015)PGAACM SIGCOMM Computer Communication Review10.1145/2829988.278750645:4(29-42)Online publication date: 17-Aug-2015
https://dl.acm.org/doi/10.1145/2829988.2787506
Prakash CLee JTurner YKang JAkella ABanerjee SClark CMa YSharma PZhang YUhlig SMaennel OKarp BPadhye J(2015)PGAProceedings of the 2015 ACM Conference on Special Interest Group on Data Communication10.1145/2785956.2787506(29-42)Online publication date: 17-Aug-2015
https://dl.acm.org/doi/10.1145/2785956.2787506
Tarkhanov I(2015)Policy algebra for access control in enterprise document management systems2015 9th International Conference on Application of Information and Communication Technologies (AICT)10.1109/ICAICT.2015.7338551(225-228)Online publication date: Oct-2015
https://doi.org/10.1109/ICAICT.2015.7338551
Bertolissi CFernández M(2014)A metamodel of access control for distributed environmentsInformation and Computation10.1016/j.ic.2014.07.009238:C(187-207)Online publication date: 1-Nov-2014
https://dl.acm.org/doi/10.1016/j.ic.2014.07.009
Bertolissi CUttha WMight MVan Horn DGiacobazzi RAbel ASheard T(2013)Automated analysis of rule-based access control policiesProceedings of the 7th workshop on Programming languages meets program verification10.1145/2428116.2428125(47-56)Online publication date: 22-Jan-2013
https://dl.acm.org/doi/10.1145/2428116.2428125
Dia OFarkas C(2012)A Practical Framework for Policy Composition and Conflict ResolutionInternational Journal of Secure Software Engineering10.4018/jsse.20121001013:4(1-26)Online publication date: Oct-2012
https://doi.org/10.4018/jsse.2012100101
Amini MJalili REhsan MFaghih F(2012)Cooperative security administration in multi-security-domain environments using a variant of deontic logicScientia Iranica10.1016/j.scient.2011.10.00419:3(635-653)Online publication date: Jun-2012
https://doi.org/10.1016/j.scient.2011.10.004
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

An algebra for composing access control policies

A propositional policy algebra for access control

Modular Composition of Access Control Policies: A Framework to Build Multi-Site Multi-Level Combinations