Increasingly, access to resources needs to be regulated or informed by considerations such as risk, cost, and reputation. We therefore propose a framework for policy languages, based on semi-rings, that aggregate quantitative evidence to support decision-making in access control systems. As aggregation operators \addition", \worst case", and \best case" over non- negative reals are both relevant in practice and amenable to analysis, we study an instance, Peal, of our framework in that setting. Peal is a stand-alone policy language but can also be integrated with existing policy languages. Peal policies can be synthesized into logical formulae that no longer make reference to quantities but capture all policy behavior. Satis ability checking...
Many languages and algebras have been proposed in recent years for the specification of authorizatio...
International audienceAccess control policies are set of facts and rules that determine whether an a...
We propose a novel scheme for proving administrative role-based access control (ARBAC) policies corr...
It is difficult to develop and manage large, multi-author access control policies without a means to...
Access control is the traditional center of gravity of computer security [1]. People specify access ...
We describe a uniform logical framework, based on a bunched logic that combines classical additives ...
Access control to IT systems increasingly relies on the ability to compose policies. There is thus b...
AbstractGraph-based specification formalisms for access control (AC) policies combine the advantages...
Abstract. We argue that there will be an increasing future need for the design and implementation of...
Abstract. Many languages and algebras have been proposed in recent years for the specification of au...
Many access control policy languages, e.g., XACML, allow a policy to contain multiple sub-policies, ...
Many access control policy languages, e.g., XACML, allow a policy to contain multiple sub-policies, ...
Although policy compliance testing is generally treated as a binary decision problem, the evidence g...
Although policy compliance testing is generally treated as a binary decision problem, the evidence g...
Access control has been proposed as the solution to prevent unauthorized accesses to sensitive sys...
Many languages and algebras have been proposed in recent years for the specification of authorizatio...
International audienceAccess control policies are set of facts and rules that determine whether an a...
We propose a novel scheme for proving administrative role-based access control (ARBAC) policies corr...
It is difficult to develop and manage large, multi-author access control policies without a means to...
Access control is the traditional center of gravity of computer security [1]. People specify access ...
We describe a uniform logical framework, based on a bunched logic that combines classical additives ...
Access control to IT systems increasingly relies on the ability to compose policies. There is thus b...
AbstractGraph-based specification formalisms for access control (AC) policies combine the advantages...
Abstract. We argue that there will be an increasing future need for the design and implementation of...
Abstract. Many languages and algebras have been proposed in recent years for the specification of au...
Many access control policy languages, e.g., XACML, allow a policy to contain multiple sub-policies, ...
Many access control policy languages, e.g., XACML, allow a policy to contain multiple sub-policies, ...
Although policy compliance testing is generally treated as a binary decision problem, the evidence g...
Although policy compliance testing is generally treated as a binary decision problem, the evidence g...
Access control has been proposed as the solution to prevent unauthorized accesses to sensitive sys...
Many languages and algebras have been proposed in recent years for the specification of authorizatio...
International audienceAccess control policies are set of facts and rules that determine whether an a...
We propose a novel scheme for proving administrative role-based access control (ARBAC) policies corr...