Graph-based specification formalisms for access control (AC) policies combine the advantages of an intuitive visual framework with a rigorous semantical foundation that allows the detailed comparison of different policy models. A security policy framework specifies a set of (constructive) rules to build the system states and sets of positive and negative (declarative) constraints to specify wanted and unwanted substates. Several models for AC (e.g. role-based, lattice-based or an access control list) can be specified in this framework. The framework is used for an accurate analysis of the interaction between policies and of the behavior of their integration with respect to the problem of inconsistent policies. Using formal properties of graph transformations, it is possible to systematically detect inconsistencies between constraints, between rules and between a rule and a constraint and lay the foundation for their resolutions. (C) 2004 Elsevier Inc. All rights reserved.
Graph-based specification of access control policies / Manuel, Koch; Mancini, Luigi Vincenzo; PARISI PRESICCE, Francesco. - In: JOURNAL OF COMPUTER AND SYSTEM SCIENCES. - ISSN 0022-0000. - STAMPA. - 71:1(2005), pp. 1-33. [10.1016/j.jcss.2004.11.002]
Graph-based specification of access control policies
MANCINI, Luigi Vincenzo;PARISI PRESICCE, Francesco
2005
Abstract
Graph-based specification formalisms for access control (AC) policies combine the advantages of an intuitive visual framework with a rigorous semantical foundation that allows the detailed comparison of different policy models. A security policy framework specifies a set of (constructive) rules to build the system states and sets of positive and negative (declarative) constraints to specify wanted and unwanted substates. Several models for AC (e.g. role-based, lattice-based or an access control list) can be specified in this framework. The framework is used for an accurate analysis of the interaction between policies and of the behavior of their integration with respect to the problem of inconsistent policies. Using formal properties of graph transformations, it is possible to systematically detect inconsistencies between constraints, between rules and between a rule and a constraint and lay the foundation for their resolutions. (C) 2004 Elsevier Inc. All rights reserved.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
