D-algebra for composing access control policy decisions

This paper proposes a D-algebra to compose decisions from multiple access control policies. Compared to other algebra-based approaches aimed at policy composition, D-algebra is the only one that satisfies both functional completeness (any possible decision matrix can be expressed by a D-algebra formula) and computational effectiveness (a formula can be computed efficiently given any decision matrix). The D-algebra has several relevant applications in the context of access control policies, namely the analysis of policy languages decision mechanisms, and the development of tools for policy authoring and enforcement.

[1]  Robert McNaughton,et al.  A Theorem About Infinite-Valued Sentential Logic , 1951, J. Symb. Log..

[2]  William H. Jobe Functional completeness and canonical forms in many-valued logics1 , 1962, Journal of Symbolic Logic.

[3]  A. R. Turquette,et al.  On the Many-Valued Logics , 1941 .

[4]  Sabrina De Capitani di Vimercati,et al.  An algebra for composing access control policies , 2002, TSEC.

[5]  Melvin Fitting,et al.  Kleene's Logic, Generalized , 1991, J. Log. Comput..

[6]  Ronald L. Graham,et al.  On η-valued functionally complete truth functions , 1967, Journal of Symbolic Logic.

[7]  Helen Nissenbaum,et al.  Privacy and contextual integrity: framework and applications , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[8]  Rainer Steinwandt,et al.  An Algebra for Enterprise Privacy Policies Closed Under Composition and Conjunction , 2006, ETRICS.

[9]  Norman M. Martin The Sheffer functions of 3-valued logic , 1954, Journal of Symbolic Logic.

[10]  Paul Ashley,et al.  E-P3P privacy policies and privacy authorization , 2002, WPES '02.

[11]  Sabrina De Capitani di Vimercati,et al.  A modular approach to composing access control policies , 2000, CCS.

[12]  Jan Łukasiewicz Aristotle's Syllogistic From the Standpoint of Modern Formal Logic , 1957 .

[13]  Birgit Pfitzmann,et al.  A Toolkit for Managing Enterprise Privacy Policies , 2003, ESORICS.

[14]  C. Chang,et al.  A new proof of the completeness of the Łukasiewicz axioms , 1959 .

[15]  C. Chang,et al.  Algebraic analysis of many valued logics , 1958 .

[16]  Michael Huth,et al.  Access-Control Policies via Belnap Logic: Effective and Efficient Composition and Analysis , 2008, 2008 21st IEEE Computer Security Foundations Symposium.

[17]  Michael Huth,et al.  A simple and expressive semantic framework for policy composition in access control , 2007, FMSE '07.

[18]  Sushil Jajodia,et al.  A propositional policy algebra for access control , 2003, TSEC.

[19]  J. Rosser,et al.  Fragments of many-valued statement calculi , 1958 .

[20]  Sushil Jajodia,et al.  Policy algebras for access control: the propositional case , 2001, CCS '01.

[21]  Michael Backes,et al.  An Algebra for Composing Enterprise Privacy Policies , 2004, ESORICS.

[22]  Atwell R. Turquette,et al.  On the Many-Valued Logics , 1941 .