Access control policies and languages

Access control is the process of mediating every request to data and services maintained by a system and determining whether the request should be granted or denied. Expressiveness and flexibility are top requirements for an access control system together with, and usually in conflict with, simplicity and efficiency. In this paper, we discuss the main desiderata for access control systems and illustrate the main characteristics of access control solutions.

[1]  Russ Housley,et al.  An Internet Attribute Certificate Profile for Authorization , 2002, RFC.

[2]  Stéphane Bressan,et al.  Introduction to Database Systems , 2005 .

[3]  Ninghui Li,et al.  DATALOG with Constraints: A Foundation for Trust Management Languages , 2003, PADL.

[4]  Sabrina De Capitani di Vimercati,et al.  Access Control: Policies, Models, and Mechanisms , 2000, FOSAD.

[5]  Sushil Jajodia,et al.  Provisional Authorizations , 2001, E-Commerce Security and Privacy.

[6]  Agostino Dovier,et al.  Sets and constraint logic programming , 2000, TOPL.

[7]  Prasun Dewan,et al.  Access control for collaborative environments , 1992, CSCW '92.

[8]  Ehud Gudes,et al.  A Model for Evaluation and Administration of Security in Object-Oriented Databases , 1994, IEEE Trans. Knowl. Data Eng..

[9]  John DeTreville,et al.  Binder, a logic-based security language , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[10]  Joan Feigenbaum,et al.  Decentralized trust management , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[11]  Sushil Jajodia,et al.  Flexible support for multiple access control policies , 2001, TODS.

[12]  Sushil Jajodia,et al.  Provisions and Obligations in Policy Rule Management , 2003, Journal of Network and Systems Management.

[13]  C. J. Date An Introduction to Database Systems, 6th Edition , 1995 .

[14]  Sushil Jajodia,et al.  A logic-based framework for attribute based access control , 2004, FMSE '04.

[15]  C. J. Date An introduction to database systems (7. ed.) , 1999 .

[16]  Pierangela Samarati,et al.  A Uniform Framework for Regulating Service Access and Information Release on the Web , 2002, J. Comput. Secur..

[17]  Ninghui Li,et al.  Design of a role-based trust-management framework , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[18]  Sushil Jajodia,et al.  A propositional policy algebra for access control , 2003, TSEC.

[19]  Carl E. Landwehr,et al.  Formal Models for Computer Security , 1981, CSUR.

[20]  Elisa Bertino,et al.  A model of authorization for next-generation database systems , 1991, TODS.

[21]  Joan Feigenbaum,et al.  The Role of Trust Management in Distributed Systems Security , 2001, Secure Internet Programming.

[22]  Joan Feigenbaum,et al.  REFEREE: Trust Management for Web Applications , 1997, Comput. Networks.

[23]  Teresa F. Lunt Access control policies: Some unanswered questions , 1989, Comput. Secur..

[24]  Simon S. Lam,et al.  Authorizations in Distributed Systems: A New Approach , 1993, J. Comput. Secur..

[25]  Trevor Jim,et al.  SD3: a trust management system with certified evaluation , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[26]  Ernesto Damiani,et al.  Extending Policy Languages to the Semantic Web , 2004, ICWE.

[27]  Joan Feigenbaum,et al.  Delegation logic: A logic-based approach to distributed authorization , 2003, TSEC.