In defining large, complex access control policies, one would like to compose sub-policies, perhaps authored by different organizations, into a single global policy. Existing policy composition approaches tend to be ad-hoc, and do not ex-plain whether too many or too few policy combinators have been defined. We define an access control policy as a four-valued predicate that maps accesses to either grant, deny, conflict, or unspecified. These correspond to the four ele-ments of the Belnap bilattice. Functions on this bilattice are then extended to policies to serve as policy combinators. We argue that this approach provides a simple and natural semantic framework for policy composition, with a minimal but functionally complete set of policy ...
A major drawback of existing access control systems is that they have all been developed with a spec...
Abstract. Many languages and algebras have been proposed in recent years for the specification of au...
International audienceAbstract. In the context of cooperative information systems, research focused ...
It is difficult to develop and manage large, multi-author access control policies without a means to...
Access control to IT systems increasingly relies on the ability to compose policies. There is thus b...
Despite considerable advancements in the area of access control and authorization languages, current...
Despite considerable advancements in the area of access control and authorization languages, cur-ren...
Graph-based specification formalisms for Access Control (AC) policies combine the advantages of an i...
Access control is the traditional center of gravity of computer security [1]. People specify access ...
AbstractGraph-based specification formalisms for access control (AC) policies combine the advantages...
Security-sensitive environments protect their information resources against unauthorized use by enfo...
Formal foundations for access control policies with both authority delegation and policy composition...
Graph-based specification formalisms for access control (AC) policies combine the advantages of an i...
Designing security, from the hardware level, is essential to ensure the integrity of the intelligent...
Although several access control policies can be devised for controlling access to information, all e...
A major drawback of existing access control systems is that they have all been developed with a spec...
Abstract. Many languages and algebras have been proposed in recent years for the specification of au...
International audienceAbstract. In the context of cooperative information systems, research focused ...
It is difficult to develop and manage large, multi-author access control policies without a means to...
Access control to IT systems increasingly relies on the ability to compose policies. There is thus b...
Despite considerable advancements in the area of access control and authorization languages, current...
Despite considerable advancements in the area of access control and authorization languages, cur-ren...
Graph-based specification formalisms for Access Control (AC) policies combine the advantages of an i...
Access control is the traditional center of gravity of computer security [1]. People specify access ...
AbstractGraph-based specification formalisms for access control (AC) policies combine the advantages...
Security-sensitive environments protect their information resources against unauthorized use by enfo...
Formal foundations for access control policies with both authority delegation and policy composition...
Graph-based specification formalisms for access control (AC) policies combine the advantages of an i...
Designing security, from the hardware level, is essential to ensure the integrity of the intelligent...
Although several access control policies can be devised for controlling access to information, all e...
A major drawback of existing access control systems is that they have all been developed with a spec...
Abstract. Many languages and algebras have been proposed in recent years for the specification of au...
International audienceAbstract. In the context of cooperative information systems, research focused ...