Stéphane Coulondre scite author profile

Access control is one of the most common and versatile mechanisms used for information systems security enforcement. An access control model formally describes how to decide whether an access request should be granted or denied. Since the rolebased access control initiative has been proposed in the 90s, several access control models have been studied in the literature. An access control policy is an instance of a model. It denes the set of basic facts used in the decision process. Policies must satisfy a set of constraints dened in the model, which reect some high level organization requirements. First-order logic has been advocated for some time as a suitable framework for access control models. Many frameworks have been proposed, focusing mainly on expressing complex access control models. However, though formally expressed, constraints are not dened in a unied language that could lead to some well-founded and generic enforcement procedures. Therefore, we make a clear distinction by proposing a logical framework focusing primarily on constraints, while keeping as much as possible a unied way of expressing constraints, policies, models, and reference monitors. This framework is closely tied to relational database integrity models. We then show how to use well-founded procedures in order to enforce and check constraints. Without requiring any rewriting previous to the inference process, these procedures provide clean and intuitive debugging traces for administrators. This approach is a step toward bridging the gap between general but hard to maintain formalisms and eective but insuciently general ones.

show abstract

Representation and Reasoning on Role-Based Access Control Policies with Conceptual Graphs

Thion

Coulondre

2006

View full text Add to dashboard Cite

Abstract. This paper focuses on two aspects of access control: graphical representation and reasoning. Access control policies describe which permissions are granted to users w.r.t. some resources. The Role-Based Access Control model introduces the concept of role to organize users' permissions. Currently, there is a need for tools allowing security officers to graphically describe and reason on role-based policies. Thanks to conceptual graphs we can provide a consistent graphical formalism for Role-Based Access Control policies, which is able to deal with specific features of this access control model such as role hierarchy and constraints. Moreover, once a policy is modeled by CGs, graph rules and inference procedures can be used to reason on it; This allows security officers to understand why some permissions are granted or not and to detect whether security constraints are violated.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Stéphane Coulondre

Piece resolution: Towards larger perspectives

A top-down proof procedure for generalized data dependencies

An integrated object-role oriented database model

A relational database integrity framework for access control policies

Representation and Reasoning on Role-Based Access Control Policies with Conceptual Graphs

Contact Info

Product

Resources

About