D-algebra for composing access control policy decisions

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

D-algebra for composing access control policy decisions

Full text

Pdf (1.22 MB)

Source

ASIAN ACM Symposium on Information, Computer and Communications Security archive
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security table of contents

Sydney, Australia

SESSION: Security policies and verification table of contents

Pages 298-309

Year of Publication: 2009

ISBN:978-1-60558-394-5

Authors

Qun Ni	Purdue University
Elisa Bertino	Purdue University
Jorge Lobo	IBM T.J. Watson

Sponsor

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 16, Downloads (12 Months): 65, Citation Count: 0

Additional Information:

abstract references index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1533057.1533097 What is a DOI?

ABSTRACT

This paper proposes a D-algebra to compose decisions from multiple access control policies. Compared to other algebra-based approaches aimed at policy composition, D-algebra is the only one that satisfies both functional completeness (any possible decision matrix can be expressed by a D-algebra formula) and computational effectiveness (a formula can be computed efficiently given any decision matrix). The D-algebra has several relevant applications in the context of access control policies, namely the analysis of policy languages decision mechanisms, and the development of tools for policy authoring and enforcement.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Paul Ashley , Satoshi Hada , Günter Karjoth , Matthias Schunter, E-P3P privacy policies and privacy authorization, Proceedings of the 2002 ACM workshop on Privacy in the Electronic Society, p.103-109, November 21-21, 2002, Washington, DC [doi>10.1145/644527.644538]
	2	M. Backes, M. Dürmuth, and R. Steinwandt. An algebra for composing enterprise privacy policies. In P. Samarati, P. Y. A. Ryan, D. Gollmann, and R. Molva, editors, ESORICS, volume 3193 of Lecture Notes in Computer Science, pages 33--52. Springer, 2004.
	3	M. Backes, B. Pfitzmann, and M. Schunter. A toolkit for managing enterprise privacy policies. In E. Snekkenes and D. Gollmann, editors, ESORICS, volume 2808 of Lecture Notes in Computer Science, pages 162--180. Springer, 2003.
	4	Adam Barth , Anupam Datta , John C. Mitchell , Helen Nissenbaum, Privacy and Contextual Integrity: Framework and Applications, Proceedings of the 2006 IEEE Symposium on Security and Privacy, p.184-198, May 21-24, 2006 [doi>10.1109/SP.2006.32]
	5	Piero Bonatti , Sabrina de Capitani di Vimercati , Pierangela Samarati, A modular approach to composing access control policies, Proceedings of the 7th ACM conference on Computer and communications security, p.164-173, November 01-04, 2000, Athens, Greece [doi>10.1145/352600.352623]
	6	Piero Bonatti , Sabrina De Capitani di Vimercati , Pierangela Samarati, An algebra for composing access control policies, ACM Transactions on Information and System Security (TISSEC), v.5 n.1, p.1-35, February 2002 [doi>10.1145/504909.504910]
	7	Glenn Bruns , Daniel S Dantas , Michael Huth, A simple and expressive semantic framework for policy composition in access control, Proceedings of the 2007 ACM workshop on Formal methods in security engineering, p.12-21, November 02-02, 2007, Fairfax, Virginia, USA [doi>10.1145/1314436.1314439]
	8	Glenn Bruns , Michael Huth, Access-Control Policies via Belnap Logic: Effective and Efficient Composition and Analysis, Proceedings of the 2008 21st IEEE Computer Security Foundations Symposium, p.163-176, June 23-25, 2008 [doi>10.1109/CSF.2008.10]
	9	C. C. Chang. Algebraic analysis of many valued logics. Transactions of the American Mathematical Society, 88(2):467--490, jul 1958.
	10	C. C. Chang. A new proof of the completeness of the lukasiewicz axioms. Transactions of the American Mathematical Society, 93(1):74--80, 1959.
	11	M. Fitting. Kleene's logic, generalized. J. Log. Comput., 1(6):797--810, 1991.
	12	R. L. Graham. On n-valued functionally complete truth functions. The Journal of Symbolic Logic, 32(2):190--195, 1967.
	13	W. H. Jobe. Functional completeness and canonical forms in many-valued logics. The Journal of Symbolic Logic, 27(4):409--422, 1962.
	14	J. Lukasiewicz. O logice trojwartosciowej. Ruch filozoficzny, 5:170--171, 1920.
	15	J. Lukasiewicz. Aristotle's Syllogistic from the Standpoint of Modern Formal Logic. Garland Pub., New York, USA, first edition, 1987.
	16	N. M. Martin. The sheffer functions of 3-valued logic. The Journal of Symbolic Logic, 19(1):45--51, 1954.
	17	R. McNaughton. A theorem about infinite-valued sentential logic. The Journal of Symbolic Logic, 16(1):1--13, 1951.
	18	OASIS. eXtensible Access Control Markup Language (XACML) 2.0. Available at http://www.oasis-open.org/.
	19	D. Raub and R. Steinwandt. An algebra for enterprise privacy policies closed under composition and conjunction. In ETRICS, pages 130--144, 2006.
	20	A. Rose and J. B. Rosser. Fragments of many-valued statement calculi. Transactions of the American Mathematical Society, 87(1):1--53, 1958.
	21	J. B. Rosser and A. R. Turquette. Many-Valued Logics. North-Holland Publishing Co., Amsterdam, Netherland, first edition, 1952.
	22	Duminda Wijesekera , Sushil Jajodia, Policy algebras for access control: the propositional case, Proceedings of the 8th ACM conference on Computer and Communications Security, November 05-08, 2001, Philadelphia, PA, USA [doi>10.1145/501983.501990]
	23	Duminda Wijesekera , Sushil Jajodia, A propositional policy algebra for access control, ACM Transactions on Information and System Security (TISSEC), v.6 n.2, p.286-325, May 2003 [doi>10.1145/762476.762481]