2001
DOI: 10.1145/383891.383894
|View full text |Cite
|
Sign up to set email alerts
|

Flexible support for multiple access control policies

Abstract: Although several access control policies can be devised for controlling access to information, all existing authorization models, and the corresponding enforcement mechanisms, are based on a specific policy (usually the closed policy). As a consequence, although different policy choices are possible in theory, in practice only a specific policy can actually be applied within a given system. In this paper, we present a unified framework that can enforce multiple access control policies withinThe work of S.

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

3
400
0
2

Year Published

2003
2003
2017
2017

Publication Types

Select...
4
3
2

Relationship

2
7

Authors

Journals

citations
Cited by 495 publications
(405 citation statements)
references
References 28 publications
(41 reference statements)
3
400
0
2
Order By: Relevance
“…The global authorisations and prohibitions (axioms (f 1) and (g1)) are obtained by composing the local relations, using the operators OP par and OP bar , respectively, which are application-dependent. For example, in some applications a request should be denied if any of the component policies denies it (i.e., a "deny takes precedence principle" [34] applies), whereas in other cases, grant takes precedence. A "first-applicable" principle takes a list of policies and returns the answer corresponding to the first policy that produces grant or deny (it returns undetermined only if no policy in the list returns grant or deny).…”
Section: Preliminaries: Category-based Access Control Policiesmentioning
confidence: 99%
See 1 more Smart Citation
“…The global authorisations and prohibitions (axioms (f 1) and (g1)) are obtained by composing the local relations, using the operators OP par and OP bar , respectively, which are application-dependent. For example, in some applications a request should be denied if any of the component policies denies it (i.e., a "deny takes precedence principle" [34] applies), whereas in other cases, grant takes precedence. A "first-applicable" principle takes a list of policies and returns the answer corresponding to the first policy that produces grant or deny (it returns undetermined only if no policy in the list returns grant or deny).…”
Section: Preliminaries: Category-based Access Control Policiesmentioning
confidence: 99%
“…All of these extensions can be seen as instances of the more abstract CBAC model. The Generalised TRBAC model [36] and ASL [34] are related to CBAC in that they aim at providing a general framework for the definition of policies. However, they focus essentially on the notion of users, groups and roles (interpreted as being synonymous with the notion of job function).…”
Section: Related Workmentioning
confidence: 99%
“…This formal approach is much less pragmatic than that motivated in first by the use and administration of access control. A multiple logical frameworks are proposed to model access control [14], [15], [16], [17], [18], [19], [4]. …”
Section: Graphical Interface To Define the Role Of A Usermentioning
confidence: 99%
“…Again, these access control models target a centralized environment. Jajodia et al [14] present several possibilities for deriving access rights, but their model misses a temporal component and applies only to centralized environments.…”
Section: Related Workmentioning
confidence: 99%