Article

A Logical Language for Expressing Authorizations

Authors:

Sushil Jajodia,

Pierangela Samarati,

V. S. SubrahmanianAuthors Info & Claims

SP '97: Proceedings of the 1997 IEEE Symposium on Security and Privacy

Page 31

Published: 04 May 1997 Publication History

Publisher Site

Abstract

A major drawback of existing access control systems is that they have all been developed with a specific access control policy in mind. This means that all protection requirements (i.e., accesses to be allowed or denied) must be specified in terms of the policy enforced by the system. While this may be trivial for some requirements, specification of other requirements may become quite complex or even impossible. The reason for this is that a single policy simply cannot capture different protection requirements users may need to enforce on different data.In this paper we take a first step towards a model able to support different access control policies.We propose a logical language for the specification of authorizations on which such a model can be based.The language allows users to specify, together with the authorizations, the policy according to which access control decisions are to be made.Policies are expressed by means of rules which enforce derivation of authorizations, conflict resolution, access control, and integrity constraint checking.

Cited By

View all

Margheri AMasi MPugliese RTiezzi F(2019)A Rigorous Framework for Specification, Analysis and Enforcement of Access Control PoliciesIEEE Transactions on Software Engineering10.1109/TSE.2017.276564045:1(2-33)Online publication date: 1-Jan-2019
https://dl.acm.org/doi/10.1109/TSE.2017.2765640
Armando ARanise STraverso RWrona KBertino ESandhu RKrishnan R(2016)SMT-based Enforcement and Analysis of NATO Content-based Protection and Release PoliciesProceedings of the 2016 ACM International Workshop on Attribute Based Access Control10.1145/2875491.2875493(35-46)Online publication date: 11-Mar-2016
https://dl.acm.org/doi/10.1145/2875491.2875493
Yang PGofman MStoller SYang Z(2015)Policy analysis for administrative role based access control without separate administrationJournal of Computer Security10.5555/2746188.274618923:1(1-29)Online publication date: 1-Jan-2015
https://dl.acm.org/doi/10.5555/2746188.2746189
Show More Cited By

A Logical Language for Expressing Authorizations
1. Security and privacy
  1. Security services
  2. Systems security
2. Social and professional topics
  1. Computing / technology policy

Recommendations

A role-based XACML administration and delegation profile and its enforcement architecture
SWS '09: Proceedings of the 2009 ACM workshop on Secure web services

The OASIS technical committee published the XACML v3.0 administration and delegation profile (XACML-Admin) working draft on 16 April 2009 [3] in order to provide policy administration and dynamic delegation services to the XACML runtime. We enhance this ...
Designing and evaluating weighted delegatable authorizations

This paper studies logic-based methods for representing and evaluating complex access control policies needed by modern applications. In our framework, authorization and delegation rules are specified in a weighted delegatable authorization program, ...
An authorization mechanism for a relational database system

A multiuser database system must selectively permit users to share data, while retaining the ability to restrict data access. There must be a mechanism to provide protection and security, permitting information to be accessed only by properly authorized ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

SP '97: Proceedings of the 1997 IEEE Symposium on Security and Privacy

May 1997

Publisher

IEEE Computer Society

United States

Publication History

Published: 04 May 1997

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

108
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 21 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Margheri AMasi MPugliese RTiezzi F(2019)A Rigorous Framework for Specification, Analysis and Enforcement of Access Control PoliciesIEEE Transactions on Software Engineering10.1109/TSE.2017.276564045:1(2-33)Online publication date: 1-Jan-2019
https://dl.acm.org/doi/10.1109/TSE.2017.2765640
Armando ARanise STraverso RWrona KBertino ESandhu RKrishnan R(2016)SMT-based Enforcement and Analysis of NATO Content-based Protection and Release PoliciesProceedings of the 2016 ACM International Workshop on Attribute Based Access Control10.1145/2875491.2875493(35-46)Online publication date: 11-Mar-2016
https://dl.acm.org/doi/10.1145/2875491.2875493
Yang PGofman MStoller SYang Z(2015)Policy analysis for administrative role based access control without separate administrationJournal of Computer Security10.5555/2746188.274618923:1(1-29)Online publication date: 1-Jan-2015
https://dl.acm.org/doi/10.5555/2746188.2746189
Ferrara PTripp OPistoia M(2015)MorphDroidProceedings of the 31st Annual Computer Security Applications Conference10.1145/2818000.2818037(371-380)Online publication date: 7-Dec-2015
https://dl.acm.org/doi/10.1145/2818000.2818037
Ruan C(2015)Designing and evaluating weighted delegatable authorizationsConcurrency and Computation: Practice & Experience10.1002/cpe.349327:15(3877-3891)Online publication date: 1-Oct-2015
https://dl.acm.org/doi/10.1002/cpe.3493
Varadharajan VTupakula U(2014)Counteracting security attacks in virtual machines in the cloud using property based attestationJournal of Network and Computer Applications10.5555/2773807.277405140:C(31-45)Online publication date: 1-Apr-2014
https://dl.acm.org/doi/10.5555/2773807.2774051
Ruan CVaradharajan V(2014)Dynamic delegation framework for role based access control in distributed data management systemsDistributed and Parallel Databases10.1007/s10619-012-7120-432:2(245-269)Online publication date: 1-Jun-2014
https://dl.acm.org/doi/10.1007/s10619-012-7120-4
Elrakaiby YAmrani MTraon Y(2014)Security@RuntimeProceedings of the 6th International Symposium on Engineering Secure Software and Systems - Volume 836410.1007/978-3-319-04897-0_2(19-34)Online publication date: 26-Feb-2014
https://dl.acm.org/doi/10.1007/978-3-319-04897-0_2
Yang PGofman MYang Z(2013)Policy Analysis for Administrative Role Based Access Control without Separate AdministrationProceedings of the 27th Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy XXVII - Volume 796410.5555/2940086.2940092(49-64)Online publication date: 15-Jul-2013
https://dl.acm.org/doi/10.5555/2940086.2940092
Jin XKrishnan RSandhu RGroß THansen M(2013)Reachability analysis for role-based administration of attributesProceedings of the 2013 ACM workshop on Digital identity management10.1145/2517881.2517891(73-84)Online publication date: 8-Nov-2013
https://dl.acm.org/doi/10.1145/2517881.2517891
Show More Cited By

Abstract

Cited By

Recommendations

A role-based XACML administration and delegation profile and its enforcement architecture

Designing and evaluating weighted delegatable authorizations

An authorization mechanism for a relational database system

Comments

Information

Published In

Publisher

Publication History

Author Tags

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations