2017
DOI: 10.1016/j.tcs.2016.10.018
|View full text |Cite
|
Sign up to set email alerts
|

A graph-based framework for the analysis of access control policies

Abstract: We design a graph-based framework for the analysis of access control policies that aims at easing the specification and verification tasks for security administrators. We consider policies in the category-based access control model, which has been shown to subsume many of the most well known access control models (e.g., MAC, DAC, RBAC). Using a graphical representation of category-based policies, we show how answers to usual administrator queries can be automatically computed, and properties of access control … Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
10
0

Year Published

2020
2020
2024
2024

Publication Types

Select...
4
2
1

Relationship

1
6

Authors

Journals

citations
Cited by 18 publications
(10 citation statements)
references
References 38 publications
0
10
0
Order By: Relevance
“…Assume that agent Alice is given a policy specifying that all actions are permitted along with the following pre-computed activity that is stored in her knowledge base as the set of facts: {activity(1), length (1,4) Before the control loop begins, Alice observes that she is in Room 1, Bob is in Room 4, the door d 34 is unlocked, and that she has not yet greeted Bob.…”
Section: Example A: Fortunate Casementioning
confidence: 99%
See 2 more Smart Citations
“…Assume that agent Alice is given a policy specifying that all actions are permitted along with the following pre-computed activity that is stored in her knowledge base as the set of facts: {activity(1), length (1,4) Before the control loop begins, Alice observes that she is in Room 1, Bob is in Room 4, the door d 34 is unlocked, and that she has not yet greeted Bob.…”
Section: Example A: Fortunate Casementioning
confidence: 99%
“…There have been several other attempts to enable agents to reason over various kinds of policies. However, these involve reasoning over access control policies only [7,17,1] and a few utilize ASP as a reasoning tool for this purpose [3,4]. Access control policies are more restrictive than the kinds of policies an agent using AOPL can reason over.…”
Section: Introductionmentioning
confidence: 99%
See 1 more Smart Citation
“…Policy graphs [3,11] are graphs where nodes represent policy entities and edges denote links between entities. Labels are attached to nodes and edges, and store data (in the form of pairs attribute-value) of relevance for the policy.…”
Section: Cbda Policy Graphmentioning
confidence: 99%
“…A role is a particular case of category, and categories can also be defined on the basis of user, object or environment attributes, hence CBDA subsumes the popular RBAC [21] and ABAC models [14,16]. The graph-based policy representations we define generalise previous approaches [3,11] by including data sharing categories as a mechanism to link data and services.…”
Section: Related Workmentioning
confidence: 99%