ABSTRACT
Access control is the process of mediating every request to data and services maintained by a system and determining whether the request should be granted or denied. Expressiveness and flexibility are top requirements for an access control system together with, and usually in conflict with, simplicity and efficiency. In this paper, we discuss the main characteristics for access control specification languages and make a comparison on the basis of those characteristics.
- Nicodemos Damianou, Naranker Dulay, Emil Lupu, and Morris Sloman. The Ponder Policy Specification Language. LNCS, 1995:18--39, 2001. Google ScholarDigital Library
- Michael Hitchens and Vijay Varadharajan. Tower: A Language for Role Based Access Control. In POLICY '01: Proceedings of the International Workshop on Policies for Distributed Systems and Networks, pages 88--106. Springer-Verlag, 2001. Google ScholarDigital Library
- James A. Hoagland. Specifying and Implementing Security Policies Using LaSCO, the Language for Security Constraints on Objects. PhD thesis, University of California, Davis, CA, USA, 2000. Google ScholarDigital Library
- S. Jajodia, P. Samarati, and V. S. Subrahmanian. A logical language for expressing authorizations. In Proceedings of the 1997 Conference on Security and Privacy (S&P-97), pages 31--43, Los Alamitos, May 4--7 1997. IEEE Press. Google ScholarDigital Library
- G.-J. Ahn. The RCL 2000 language for specifying role-based authorization constraints. PhD thesis, George Mason University, Fairfax, Virginia, 1999. Google ScholarDigital Library
- Johnson M., Chang P., Jeffers R., Bradshaw J., et al., KAoS Semantic Policy and Domain Services: An Application of DAML to Web Services-Based Grid Architectures, Proceedings of the AAMAS 03 workshop on Web Services and Agent-Based Engineering, Melbourne, Australia, July 2003.Google Scholar
- Mary Ellen Zurko, Rich Simon, Tom Sanfilippo, Mary Ellen. A User-Centered, Modular Authorization Service Built on an RBAC Foundation, 1999Google Scholar
- Christopher Alm, Michael Drouineaud. ORKA, Analysis of Existing Policy Languages.University of Hamburg, University of Bremen, 2007.Google Scholar
- Anthony Boswell. Specification and validation of a security policy model. IEEE Transactions on Software Engineering, 21(2):63--68, 1995. Google ScholarDigital Library
- Paul Ashley, Satoshi Hada, Guenter Karjoth, Calvin Powers, and Matthias Schunter. Enterprise privacy authorization language (epal 1.2), 2003.Google Scholar
- http://www.rbjones.com/rbjpub/cs/csfm03.htmGoogle Scholar
- OASIS (Organization for the Advancement of Structured Information Standards).XACML Language Proposal.Google Scholar
- The Alloy Analyzer. Project homepage http://alloy.mit.edu/Google Scholar
- Tonti G., Bradshaw J., Jeffers R., Montanari R., Suri N., and Uszok A., Semantic web languages for policy epresentation and reasoning: A comparison of KAoS, Rei and Ponder, Proceedings of the 2nd International Semantic Web Conference, Sanibel Island, Florida, USA, Oct.2003.Google ScholarDigital Library
- Lalana Kagal. A Policy Language for the Me-Centric Project, 2002.Google Scholar
- Carlos Ribeiro, Andre Zuquete, Paulo Ferreira and Paulo Guedes.SPL: An access control language for security policies with complex constraints.Google Scholar
Index Terms
- Comparison of policy specification languages for access control
Recommendations
An Evaluation of Role Based Access Control Towards Easier Management Compared to Tight Security
ICFNDS '17: Proceedings of the International Conference on Future Networks and Distributed SystemsRole-based access control (RBAC) is a widely-used protocol to design and build an access control for providing the system security regarding authorization. Even though in the context of internet resources access, the authentication and access control ...
Constraints-based access control
Das'01: Proceedings of the fifteenth annual working conference on Database and application securityThe most important aspect of security in a database after establishing the authenticity of the user is its access control mechanism. The ability of this access control mechanism to express the security policy can make or break the system.This paper ...
Towards more pro-active access control in computer systems and networks
Access control is a core security technology which has been widely used in computer systems and networks to protect sensitive information and critical resources and to counter malicious attacks. Although many access control models have been developed in ...
Comments