Abstract
Because it is difficult to predict access needs in advance and the limitations of formal policy languages it is difficult to completely define an access control policy ahead of the actual use. We suggest the use of an policy language which allows for override of denied access in some cases for increased flexibility. The overrides should be audited and we suggest that the access control policy can be used for finding the people who should perform the audit.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Bandmann, O., Dam, M., Sadighi Firozabadi, B.: Constrained Delegations. In: Proceedings of 2002 IEEE Symposium on Security and Privacy (2002)
Blaze, M., Feigenbaum, J., Lacy, J.: Decentralised Trust Management. In: Proceedings of the 17th Symposium on Security and Privacy, pp. 164–173 (1996)
Firozabadi, B.S., Sergot, M.J., Bandmann, O.: Using authority certificates to create management structures. In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds.) Security Protocols 2001. LNCS, vol. 2467, pp. 134–145. Springer, Heidelberg (2002)
Sadighi Firozabadi, B., Sergot, M.: Power and Permission in Security Systems. In: Proceedings of Security Protocols 7th International Workshop, pp. 48–53 (1999)
Jaffee, D.: Organization Theory: Tension and Change 99 (2001)
Li, G., Feigenbaum: A Logic-based Knowledge Representation for Authorization with Delegation. In: Proceedings of The 12th Computer Security Foundations Workshop (1999)
Odlyzko, A.M.: Economics, psychology, and sociology of security. In: Wright, R.N. (ed.) FC 2003. LNCS, vol. 2742, pp. 182–189. Springer, Heidelberg (2003)
Povey, D.: Optimistic security: a new access control paradigm. In: Proceedings of the 1999 workshop on New security paradigms, pp. 40–45 (2000)
Povey, D.: Enforcing Well-Formed and Partially Formed Transactions for UNIX. In: Proceedings of the 8th USENIX Security Symposium, pp. 47–62 (1999)
Stevens, G., Wulf, V.: A new dimension in access control: studying maintenance engineering across organizational boundaries. In: Proceedings of the 2002 ACM conference on Computer supported cooperative work, pp. 196–205 (2002)
Jaeger, T., Edwards, A., Zhang, X.: Managing access control policies using access control spaces. In: Proceedings of the seventh ACM symposium on Access control models and technologies, pp. 3–12 (2002)
http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Rissanen, E., Firozabadi, B.S., Sergot, M. (2006). Towards a Mechanism for Discretionary Overriding of Access Control. In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds) Security Protocols. Security Protocols 2004. Lecture Notes in Computer Science, vol 3957. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11861386_38
Download citation
DOI: https://doi.org/10.1007/11861386_38
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-40925-0
Online ISBN: 978-3-540-40926-7
eBook Packages: Computer ScienceComputer Science (R0)