Abstract
A formal language to specify authorization policies and their transformations has been proposed in [1]. The authorization policy was specified using a policy base which consisted of a finite set of facts and a finite set of access constraints. In this paper, we modify the language to consider a sequence of authorization policy transformations. The syntax and semantics of the modified authorization policy language is presented. The central issue addressed in this paper is as follows: given a policy base and a sequence of transformations, what is the resulting policy base after performing the sequence of transformations? The language is able to represent incomplete information and allows denials to be expressed explicitly. We also use the proposed language to specify a variety of well known access control policies such as static separation of duty, dynamic separation of duty and Chinese wall security policy.
Preview
Unable to display preview. Download preview PDF.
References
Y. Bai and V. Varadharajan, A logic for state transformations in authorization policies. In the Proceedings of the 10th IEEE Computer Security Foundations Workshop, pp 173–182, Massachusetts, June, 1997.
Y. Bai and V. Varadharajan, An Authorization Policy Language: Syntax and Semantics, Department of Computing, University of Western Sydney, Nepean, May 1997.
D.F.C.Brewer and M.J.Nash, The Chinese wall security policy. In Proceedings of IEEE Symposium on Security and Privacy, pp 215–228, Oakland, May 1989.
T.S-C. Chou, M. Winslett, Immortal: a Model-based Belief Revision System, The 2nd International Conference on Principles of Knowledge Representation and Reasoning, Morgan Kaufman Publishers Inc. pp 99–110, 1991.
R.S. Sandhu and S. Ganta, On the Minimality of Testing for Rights in Transformation Models. In Proceedings of IEEE Symposium on Research in Security and Privacy, pp 230–241, 1994.
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 1997 Springer-Verlag
About this paper
Cite this paper
Bai, Y., Varadharajan, V. (1997). A language for specifying sequences of authorization transformations and its applications. In: Han, Y., Okamoto, T., Qing, S. (eds) Information and Communications Security. ICICS 1997. Lecture Notes in Computer Science, vol 1334. Springer, Berlin, Heidelberg. https://doi.org/10.1007/BFb0028460
Download citation
DOI: https://doi.org/10.1007/BFb0028460
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-63696-0
Online ISBN: 978-3-540-69628-5
eBook Packages: Springer Book Archive