Skip to main content
SpringerLink
Log in

Towards a Mechanism for Discretionary Overriding of Access Control

  • Conference paper
Book cover Security Protocols (Security Protocols 2004)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 3957))

Included in the following conference series:

Abstract

Because it is difficult to predict access needs in advance and the limitations of formal policy languages it is difficult to completely define an access control policy ahead of the actual use. We suggest the use of an policy language which allows for override of denied access in some cases for increased flexibility. The overrides should be audited and we suggest that the access control policy can be used for finding the people who should perform the audit.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Bandmann, O., Dam, M., Sadighi Firozabadi, B.: Constrained Delegations. In: Proceedings of 2002 IEEE Symposium on Security and Privacy (2002)

    Google Scholar 

  2. Blaze, M., Feigenbaum, J., Lacy, J.: Decentralised Trust Management. In: Proceedings of the 17th Symposium on Security and Privacy, pp. 164–173 (1996)

    Google Scholar 

  3. Firozabadi, B.S., Sergot, M.J., Bandmann, O.: Using authority certificates to create management structures. In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds.) Security Protocols 2001. LNCS, vol. 2467, pp. 134–145. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  4. Sadighi Firozabadi, B., Sergot, M.: Power and Permission in Security Systems. In: Proceedings of Security Protocols 7th International Workshop, pp. 48–53 (1999)

    Google Scholar 

  5. Jaffee, D.: Organization Theory: Tension and Change 99 (2001)

    Google Scholar 

  6. Li, G., Feigenbaum: A Logic-based Knowledge Representation for Authorization with Delegation. In: Proceedings of The 12th Computer Security Foundations Workshop (1999)

    Google Scholar 

  7. Odlyzko, A.M.: Economics, psychology, and sociology of security. In: Wright, R.N. (ed.) FC 2003. LNCS, vol. 2742, pp. 182–189. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  8. Povey, D.: Optimistic security: a new access control paradigm. In: Proceedings of the 1999 workshop on New security paradigms, pp. 40–45 (2000)

    Google Scholar 

  9. Povey, D.: Enforcing Well-Formed and Partially Formed Transactions for UNIX. In: Proceedings of the 8th USENIX Security Symposium, pp. 47–62 (1999)

    Google Scholar 

  10. Stevens, G., Wulf, V.: A new dimension in access control: studying maintenance engineering across organizational boundaries. In: Proceedings of the 2002 ACM conference on Computer supported cooperative work, pp. 196–205 (2002)

    Google Scholar 

  11. Jaeger, T., Edwards, A., Zhang, X.: Managing access control policies using access control spaces. In: Proceedings of the seventh ACM symposium on Access control models and technologies, pp. 3–12 (2002)

    Google Scholar 

  12. http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml

Download references

Author information

Authors and Affiliations

  1. Swedish Institute of Computer Science, Sweden

    Erik Rissanen & Babak Sadighi Firozabadi

  2. Department of Computing, Imperial College of Science, Technology and Medicine, University of London, UK

    Marek Sergot

Authors
  1. Erik Rissanen
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Babak Sadighi Firozabadi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Marek Sergot
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Computer Science Department, University of Hertfordshire, UK

    Bruce Christianson

  2. Computer Systems Group, Vrije Universiteit, Amsterdam, The Netherlands

    Bruno Crispo

  3. Georgia Institute of Technology, Atlanta, GA, USA

    James A. Malcolm

  4. Microsoft Research, Cambridge, UK

    Michael Roe

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Rissanen, E., Firozabadi, B.S., Sergot, M. (2006). Towards a Mechanism for Discretionary Overriding of Access Control. In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds) Security Protocols. Security Protocols 2004. Lecture Notes in Computer Science, vol 3957. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11861386_38

Download citation

  • DOI: https://doi.org/10.1007/11861386_38

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-40925-0

  • Online ISBN: 978-3-540-40926-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation