The Set and Function Approach to Modeling Authorization in Distributed Systems
We present a new model that provides clear and precise semantics for authorization. The semantics is independent from underling security mechanisms and is separate from implementation. The model is capable of representing existing access control mechanisms. Our approach is based on set and function formalism. We focus our attention on identifying issues and use our model as a general basis to investigate the issues.
KeywordsAccess Control Policy Statement Security Policy Access Control Policy Access Control Model
Unable to display preview. Download preview PDF.
- 2.Gail-Joon Ahn and Sandhu, R.: The RSL99 Language for Role-Based Separation of Duty Constraints. ACM Workshop on Role-Based Access Control (1999) 43–54Google Scholar
- 3.Bertino, E. and Jajodia, S.: Supporting Multiple Access Control Policies in Database Systems. Proceedings of the 1996 IEEE Symposium on Security and Privacy (1996)Google Scholar
- 4.Blaze, M., Feigenbaum, J. and Lacy, J.: Decentralized Trust Management. Proceedings IEEE Symposium on Security and Privacy, IEEE Computer Press, Los Angeles (1996) 164–173Google Scholar
- 6.Brewer, D.F.C. and Nash, M.J.: The Chinese Wall Security Policy. Proceedings of the 1989 IEEE Symposium on Security and Privacy, pages (1989) 206–214Google Scholar
- 7.Jajodia, S., Samarati, P. and Subrahmanian, V.S.: A logical Language for Expressing Authorizations. Proceedings of the 1997 IEEE Symposium on Security and Privacy (1997)Google Scholar
- 9.Lukasiewicz, J.: On Three-Valued Logic. 1920. RuchFilozoficzny 1920, 5, pp.170–1. Englishtr anslation in Borkowski, L. (ed.) Jan Lukasiewicz: Selected Works. Amsterdam: North Holland (1970)Google Scholar
- 10.Massimo, A., Cazzola, W., Fernandez, E.B.: A History-Dependent Access Control Mechanism Using Reflection Proceedings of 5thECOOP Workshop on Mobile Object Systems (EWMOS’99), (June 1999)Google Scholar
- 11.Moffet, J.D. and Sloman, M.S.: The representation of Policies as System objects. Proceedings of the ACM Conference on Organizational Computing Systems, Atlanta, GA (November 1991) 171–184Google Scholar