It is difficult to develop and manage large, multi-author access control policies without a means to compose larger policies from smaller ones. Ideally, an access-control policy language will have a small set of simple policy combinators that allow for all desired policy compositions. In [5], a policy language was presented having policy combinators based on Belnap logic, a four-valued logic in which truth values correspond to policy results of grant , deny , conflict , and undefined . We show here how policies in this language can be analyzed, and study the expressiveness of the language. To support policy analysis, we define a query language in which policy analysis questions can be phrased. Queries can be translated into a fragment o...
International audienceThe rewrite-based approach provides executable specifications for security pol...
Formal languages for policy have been developed for access control and confor-mance checking. In thi...
Abstract. Many languages and algebras have been proposed in recent years for the specification of au...
Access control to IT systems increasingly relies on the ability to compose policies. There is thus b...
In defining large, complex access control policies, one would like to compose sub-policies, perhaps ...
Designing security, from the hardware level, is essential to ensure the integrity of the intelligent...
Access control is the traditional center of gravity of computer security [1]. People specify access ...
Formal foundations for access control policies with both authority delegation and policy composition...
Increasingly, access to resources needs to be regulated or informed by considerations such as risk, ...
Despite considerable advancements in the area of access control and authorization languages, cur-ren...
Access control represents an important part of security in software systems, since access control p...
AbstractThe rewrite-based approach provides executable specifications for security policies, which c...
Despite considerable advancements in the area of access control and authorization languages, current...
We present the design and implementation of a Certified Core Policy Language (ACCPL) that can be use...
Abstract. Access-control policies have grown from simple matrices to non-trivial specifications writ...
International audienceThe rewrite-based approach provides executable specifications for security pol...
Formal languages for policy have been developed for access control and confor-mance checking. In thi...
Abstract. Many languages and algebras have been proposed in recent years for the specification of au...
Access control to IT systems increasingly relies on the ability to compose policies. There is thus b...
In defining large, complex access control policies, one would like to compose sub-policies, perhaps ...
Designing security, from the hardware level, is essential to ensure the integrity of the intelligent...
Access control is the traditional center of gravity of computer security [1]. People specify access ...
Formal foundations for access control policies with both authority delegation and policy composition...
Increasingly, access to resources needs to be regulated or informed by considerations such as risk, ...
Despite considerable advancements in the area of access control and authorization languages, cur-ren...
Access control represents an important part of security in software systems, since access control p...
AbstractThe rewrite-based approach provides executable specifications for security policies, which c...
Despite considerable advancements in the area of access control and authorization languages, current...
We present the design and implementation of a Certified Core Policy Language (ACCPL) that can be use...
Abstract. Access-control policies have grown from simple matrices to non-trivial specifications writ...
International audienceThe rewrite-based approach provides executable specifications for security pol...
Formal languages for policy have been developed for access control and confor-mance checking. In thi...
Abstract. Many languages and algebras have been proposed in recent years for the specification of au...