The Set and Function Approach to Modeling Authorization in Distributed Systems

  • Tatyana Ryutov
  • Clifford Neuman
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2052)


We present a new model that provides clear and precise semantics for authorization. The semantics is independent from underling security mechanisms and is separate from implementation. The model is capable of representing existing access control mechanisms. Our approach is based on set and function formalism. We focus our attention on identifying issues and use our model as a general basis to investigate the issues.


Access Control Policy Statement Security Policy Access Control Policy Access Control Model 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Abadi, M., Burrows, M., Lampson, B. and Plotkin, G.: A calculus for Access Control in Distributed Systems. ACM Transactions on Programming Languages and Systems, Vol. 15,No 4 (September 1993) 706–734CrossRefGoogle Scholar
  2. 2.
    Gail-Joon Ahn and Sandhu, R.: The RSL99 Language for Role-Based Separation of Duty Constraints. ACM Workshop on Role-Based Access Control (1999) 43–54Google Scholar
  3. 3.
    Bertino, E. and Jajodia, S.: Supporting Multiple Access Control Policies in Database Systems. Proceedings of the 1996 IEEE Symposium on Security and Privacy (1996)Google Scholar
  4. 4.
    Blaze, M., Feigenbaum, J. and Lacy, J.: Decentralized Trust Management. Proceedings IEEE Symposium on Security and Privacy, IEEE Computer Press, Los Angeles (1996) 164–173Google Scholar
  5. 5.
    Blaze, M., Feigenbaum, J., Strauss, M.: Compliance Checking in the Policy Maker Trust Management System. In Proceedings of the Financial Cryptography’ 98, Lecture Notes in Computer Science, Vol. 1465 254–274CrossRefGoogle Scholar
  6. 6.
    Brewer, D.F.C. and Nash, M.J.: The Chinese Wall Security Policy. Proceedings of the 1989 IEEE Symposium on Security and Privacy, pages (1989) 206–214Google Scholar
  7. 7.
    Jajodia, S., Samarati, P. and Subrahmanian, V.S.: A logical Language for Expressing Authorizations. Proceedings of the 1997 IEEE Symposium on Security and Privacy (1997)Google Scholar
  8. 8.
    Lampson, B.: Protection. ACM Operation System review 8(1) (January 1974) 18–24CrossRefGoogle Scholar
  9. 9.
    Lukasiewicz, J.: On Three-Valued Logic. 1920. RuchFilozoficzny 1920, 5, pp.170–1. Englishtr anslation in Borkowski, L. (ed.) Jan Lukasiewicz: Selected Works. Amsterdam: North Holland (1970)Google Scholar
  10. 10.
    Massimo, A., Cazzola, W., Fernandez, E.B.: A History-Dependent Access Control Mechanism Using Reflection Proceedings of 5thECOOP Workshop on Mobile Object Systems (EWMOS’99), (June 1999)Google Scholar
  11. 11.
    Moffet, J.D. and Sloman, M.S.: The representation of Policies as System objects. Proceedings of the ACM Conference on Organizational Computing Systems, Atlanta, GA (November 1991) 171–184Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2001

Authors and Affiliations

  • Tatyana Ryutov
    • 1
  • Clifford Neuman
    • 1
  1. 1.Information Sciences Institute University of Southern CaliforniaMarina del ReyUSA

Personalised recommendations