Modelling Dynamic Access Control Policies for Web-Based Collaborative Systems

Abstract : We present a modelling language, called X-Policy, for web-based collaborative systems with dynamic access control policies. The access to resources in these systems depends on the state of the system and its configuration. The X-Policy language models systems as a set of actions. These actions can model system operations which are executed by users. The X-Policy language allows us to specify execution permissions on each action using complex access conditions which can depend on data values, other permissions, and agent roles. We demonstrate that X-Policy is expressive enough to model collaborative conference management systems. We model the EasyChair conference management system and we reason about three security attacks on EasyChair.
Document type :
Conference papers
Complete list of metadatas

Cited literature [11 references]  Display  Hide  Download

https://hal.inria.fr/hal-01056680
Contributor : Hal Ifip <>
Submitted on : Wednesday, August 20, 2014 - 1:31:58 PM
Last modification on : Friday, August 11, 2017 - 5:32:48 PM
Long-term archiving on : Thursday, November 27, 2014 - 11:46:41 AM

File

_49.pdf
Files produced by the author(s)

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Citation

Hasan Qunoo, Mark Ryan. Modelling Dynamic Access Control Policies for Web-Based Collaborative Systems. 24th Annual IFIP WG 11.3 Working Conference on Data and Applications Security and Privacy (DBSEC), Jun 2010, Rome, Italy. pp.295-302, ⟨10.1007/978-3-642-13739-6_20⟩. ⟨hal-01056680⟩

Share

Metrics

Record views

103

Files downloads

106