Although different organizations operate under different requirements for protection of their data, increasingly there is a need for organizations to connect their computing resources together to achieve common goals. The fundamental problem addressed in this paper is to capture the algebra used in composing access control policies of collaborating organizations. In doing so, we seek a framework that can be viewed at many levels of abstraction (such as abstract vs. explicit or propositional vs. predicate), independent of implementation mechanisms and environments, and is expressive enough to model existing practices of policy compositions.Propositional version consists of a syntax where policies are viewed as abstract symbols, and semantics consists of authorization state transformers, where an authorization state is a collection of (subject, object, access set) triples and a set of propositions satisfied by them. Syntactic rules are provided to simplify policy expressions without knowing their semantics, thereby supporting algebraic manipulations of uninterpreted policies. Because our algebra is at an abstract level, it can model any policy independent of the language that is used to implement it. We show how to reason about completeness, consistency, unambiguity and of abstractly specified policies and their semantic equivalence.

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	B.Alper and F.B.Schneider.De .ning live ess. Information Processing Letters ,21(4):181 -185, October 1985.
	2	B.Alpern a d F.B.Sch eider.Recognizing safety a d liveness.Distribute Computing ,2:117 -126,1987.
	3	Yun Bai , Vijay Varadharajan, A Logic For State Transformations in Authorization Policies, Proceedings of the 10th Computer Security Foundations Workshop (CSFW '97), p.173, June 10-12, 1997
	4	B.T.Blaustein et al.A model of secure federated data manageme t.Technical report,The MITRE Corporation,1991.
	5	Piero Bonatti , Sabrina de Capitani di Vimercati , Pierangela Samarati, A modular approach to composing access control policies, Proceedings of the 7th ACM conference on Computer and communications security, p.164-173, November 01-04, 2000, Athens, Greece  [doi>10.1145/352600.352623]
	6	Ashok K. Chandra , Dexter C. Kozen , Larry J. Stockmeyer, Alternation, Journal of the ACM (JACM), v.28 n.1, p.114-133, Jan. 1981  [doi>10.1145/322234.322243]
	7	V.D.Gilgor,S.I.Gavrila,a d D.Ferraiolo.O the formal de .nitio of separatio -of-duty policies and their compositio s.In IEEE Computer Society Symposium on Research in Security an Privacy , pages 173 -181,1998.
	8	David Harel, Statecharts: A visual formalism for complex systems, Science of Computer Programming, v.8 n.3, p.231-274, June 1, 1987  [doi>10.1016/0167-6423(87)90035-9]
	9	S.Jajodia,M.Kudo,and V.S.Subrahmania . Provisional authorizatio s.In A.Ghosh,editor, Recent A vances in Secure and Private E-Commerce . Kluwer Academic Publishers,Bosto ,2001.
	10	Sushil Jajodia , Pierangela Samarati , Maria Luisa Sapino , V. S. Subrahmanian, Flexible support for multiple access control policies, ACM Transactions on Database Systems (TODS), v.26 n.2, p.214-260, June 2001  [doi>10.1145/383891.383894]
	11	Sushil Jajodia , Pierangela Samarati , V. S. Subrahmanian, A Logical Language for Expressing Authorizations, Proceedings of the 1997 IEEE Symposium on Security and Privacy, p.31, May 04-07, 1997
	12	Sushil Jajodia , Pierangela Samarati , V. S. Subrahmanian , Eliza Bertino, A unified framework for enforcing multiple access control policies, Proceedings of the 1997 ACM SIGMOD international conference on Management of data, p.474-485, May 11-15, 1997, Tucson, Arizona, United States
	13	Dexter Kozen, Language-Based Security, Cornell University, Ithaca, NY, 1999
	14	John McLean, A General Theory of Composition for Trace Sets Closed under Selective Interleaving Functions, Proceedings of the 1994 IEEE Symposium on Security and Privacy, p.79, May 16-18, 1994
	15	John McLean, A General Theory of Composition for a Class of "Possibilistic" Properties, IEEE Transactions on Software Engineering, v.22 n.1, p.53-67, January 1996  [doi>10.1109/32.481534]
	16	J.McLean.Algebra of security.I Proc.IEEE Symp. on Security and Privacy ,pages 2 -7,Oakland,CA, May 1998.
	17	F.B.Sch eider.E forceable security policies. Tech ical Report TR 98-1664,Departme t of Computer Science,Cornell U iversity,1998.
	18	Richard Simon , Mary Ellen Zurko, Separation of Duty in Role-based Environments, Proceedings of the 10th Computer Security Foundations Workshop (CSFW '97), p.183, June 10-12, 1997