Graph-based specification formalisms for Access Control (AC) policies combine the advantages of an intuitive visual framework with a rigorous semantical foundation. A security policy framework specifies a set of (constructive) rules to build the system states and sets of positive and negative (declarative) constraints to specify wanted and unwanted substates. Models for AC (e.g. role-based, lattice-based or an access control list) have been specified in this framework elsewhere. Here we address the problem of inconsistent policies within this framework. Using formal properties of graph transformations, we can systematically detect inconsistencies between constraints, between rules and between a rule and a constraint and lay the foundation for their resolutions

Conflict Detection and Resolution in Access Control Policy Specifications / Koch, M.; Mancini, Luigi Vincenzo; PARISI PRESICCE, Francesco. - STAMPA. - 2303:(2002), pp. 223-237. (Intervento presentato al convegno 5th International Conference on Foundations of Software Science and Computation Structures tenutosi a Grenoble, France nel April 8-12, 2002) [10.1007/3-540-45931-6_16].

Conflict Detection and Resolution in Access Control Policy Specifications

MANCINI, Luigi Vincenzo;PARISI PRESICCE, Francesco
2002

Abstract

Graph-based specification formalisms for Access Control (AC) policies combine the advantages of an intuitive visual framework with a rigorous semantical foundation. A security policy framework specifies a set of (constructive) rules to build the system states and sets of positive and negative (declarative) constraints to specify wanted and unwanted substates. Models for AC (e.g. role-based, lattice-based or an access control list) have been specified in this framework elsewhere. Here we address the problem of inconsistent policies within this framework. Using formal properties of graph transformations, we can systematically detect inconsistencies between constraints, between rules and between a rule and a constraint and lay the foundation for their resolutions
2002
5th International Conference on Foundations of Software Science and Computation Structures
Access control; Security policy; Conflict detection and resolution; Formal properties; Graphic methods; Graph Transformation; Graph-based specification;
04 Pubblicazione in atti di convegno::04b Atto di convegno in volume
Conflict Detection and Resolution in Access Control Policy Specifications / Koch, M.; Mancini, Luigi Vincenzo; PARISI PRESICCE, Francesco. - STAMPA. - 2303:(2002), pp. 223-237. (Intervento presentato al convegno 5th International Conference on Foundations of Software Science and Computation Structures tenutosi a Grenoble, France nel April 8-12, 2002) [10.1007/3-540-45931-6_16].
File allegati a questo prodotto
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11573/194983
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 28
  • ???jsp.display-item.citation.isi??? 13
social impact