A Notation for Policies Using Feature Structures

  • Kunihiko Fujita
  • Yasuyuki Tsukada
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6514)


New security and privacy enhancing technologies are demanded in the new information and communication environments where a huge number of computers interact with each other in a distributed and ad hoc manner to access various resources. In this paper, we focus on access control because this is the underlying core technology to enforce security and privacy. Access control decides permit or deny according to access control policies. Since notations of policies are specialized in each system, it is difficult to ensure consistency of policies that are stated in different notations. In this paper, we propose a readable notation for policies by adopting the concept of feature structures, which has mainly been used for parsing in natural language processing. Our proposed notation is also logically well-founded, which guarantees strict access control decisions, and expressive in that it returns not only a binary value of permit or deny but also various result values through the application of partial order relations of the security risk level. We illustrate the effectiveness of our proposed method using examples from P3P.


Access Control Privacy Policy Logical Formula Access Control Policy Access Control Model 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Capretta, V., Stepien, B., Felty, A., Matwin, S.: Formal correctness of conflict detection for firewalls. In: Proceedings of the 2007 ACM Workshop on Formal Methods in Security Engineering, FMSE 2007, pp. 22–30. ACM, New York (2007)CrossRefGoogle Scholar
  2. 2.
    Cranor, L.: P3P: Making privacy policies more useful. IEEE Security & Privacy 1(6), 50–55 (2003)CrossRefGoogle Scholar
  3. 3.
    Denning, D.E.: A lattice model of secure information flow. ACM Commun. 19(5), 236–243 (1976)MathSciNetCrossRefzbMATHGoogle Scholar
  4. 4.
    Halpern, J.Y., Weissman, V.: Using first-order logic to reason about policies. ACM Trans. Inf. Syst. Secur. 11(4), 1–41 (2008)CrossRefGoogle Scholar
  5. 5.
    Karjoth, G., Schunter, M., Herreweghen, E.V., Waidner, M.: Amending P3P for clearer privacy promises. In: Proceedings of the 14th International Workshop on Database and Expert Systems Applications, DEXA 2003, pp. 445–449. IEEE Computer Society, Washington, DC (2003)Google Scholar
  6. 6.
    Kasper, R.T., Rounds, W.C.: A logical semantics for feature structures. In: Proceedings of the 24th Annual Meeting on Association for Computational Linguistics, pp. 257–266. Association for Computational Linguistics, Morristown (1986)CrossRefGoogle Scholar
  7. 7.
    May, M.J., Gunter, C.A., Lee, I., Zdancewic, S.: Strong and weak policy relations. In: Proceedings of the 2009 IEEE International Symposium on Policies for Distributed Systems and Networks, POLICY 2009, pp. 33–36. IEEE Computer Society, Washington, DC (2009)CrossRefGoogle Scholar
  8. 8.
    Ni, Q., Trombetta, A., Bertino, E., Lobo, J.: Privacy-aware role based access control. In: Proceedings of the 12th ACM Symposium on Access Control Models and Technologies, SACMAT 2007, pp. 41–50. ACM, New York (2007)Google Scholar
  9. 9.
    Organization for the Advancement of Structured Information Standards (OASIS): Extensible Access Control Markup Language (XACML),
  10. 10.
    Sandhu, R.S.: Lattice-based access control models. Computer 26(11), 9–19 (1993)CrossRefGoogle Scholar
  11. 11.
    Walker, D.D., Mercer, E.G., Seamons, K.E.: Or best offer: A privacy policy negotiation protocol. In: Proceedings of the 2008 IEEE International Symposium on Policies for Distributed Systems and Networks, POLICY 2008, pp. 173–180. IEEE Computer Society, Washington, DC (2008)Google Scholar
  12. 12.
    World Wide Web Consortium (W3C): P3P: The Platform for Privacy Preferences,

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Kunihiko Fujita
    • 1
  • Yasuyuki Tsukada
    • 1
  1. 1.NTT Communication Science LaboratoriesNTT CorporationAtsugi-shiJapan

Personalised recommendations