Formal foundations for access control policies with both authority delegation and policy composition operators are partial and limited. Correctness guarantees cannot therefore be formally stated and verified for decentralized composite access control systems, such as those based on XACML 3. To address this problem we develop a formal policy language BelLog that can express both delegation and composition operators. We illustrate, through examples, how BelLog can be used to specify practical policies. Moreover, we present an analysis framework for reasoning about BelLog policies and we give decidability and complexity results for policy entailment and policy containment in BelLog
We present a formal (model-based) approach to de-scribing and analysing access control policies. Thi...
Despite considerable advancements in the area of access control and authorization languages, cur-ren...
Access control systems are widely used means for the protection of computing systems. They are defin...
In defining large, complex access control policies, one would like to compose sub-policies, perhaps ...
Despite considerable advancements in the area of access control and authorization languages, current...
It is difficult to develop and manage large, multi-author access control policies without a means to...
Abstract. Many languages and algebras have been proposed in recent years for the specification of au...
Many access control policy languages, e.g., XACML, allow a policy to contain multiple sub-policies, ...
We present the design and implementation of a Certified Core Policy Language (ACCPL) that can be use...
Many access control policy languages, e.g., XACML, allow a policy to contain multiple sub-policies, ...
Abstract. Many frameworks for defining authorization policies fail to make a clear distinction betwe...
Many languages and algebras have been proposed in recent years for the specification of authorizatio...
This chapter presents the results of the research on how the current standards for access control po...
With the advances in web service techniques, new collaborative applications have emerged like supply...
Access control is the traditional center of gravity of computer security [1]. People specify access ...
We present a formal (model-based) approach to de-scribing and analysing access control policies. Thi...
Despite considerable advancements in the area of access control and authorization languages, cur-ren...
Access control systems are widely used means for the protection of computing systems. They are defin...
In defining large, complex access control policies, one would like to compose sub-policies, perhaps ...
Despite considerable advancements in the area of access control and authorization languages, current...
It is difficult to develop and manage large, multi-author access control policies without a means to...
Abstract. Many languages and algebras have been proposed in recent years for the specification of au...
Many access control policy languages, e.g., XACML, allow a policy to contain multiple sub-policies, ...
We present the design and implementation of a Certified Core Policy Language (ACCPL) that can be use...
Many access control policy languages, e.g., XACML, allow a policy to contain multiple sub-policies, ...
Abstract. Many frameworks for defining authorization policies fail to make a clear distinction betwe...
Many languages and algebras have been proposed in recent years for the specification of authorizatio...
This chapter presents the results of the research on how the current standards for access control po...
With the advances in web service techniques, new collaborative applications have emerged like supply...
Access control is the traditional center of gravity of computer security [1]. People specify access ...
We present a formal (model-based) approach to de-scribing and analysing access control policies. Thi...
Despite considerable advancements in the area of access control and authorization languages, cur-ren...
Access control systems are widely used means for the protection of computing systems. They are defin...