Data dependencies for access control policies.

Romuald Thion 1 Stéphane Coulondre 2
2 BD - Base de Données
LIRIS - Laboratoire d'InfoRmatique en Image et Systèmes d'information
Abstract : Access control policies are set of facts and rules that determine whether an access request should be granted or denied. Policies must satisfy a set of constraints to reflect some high level organization requirements. First-order logic has been advocated for some time as a suitable formal framework for access control policies. However, though formally expressed, constraints are not defined in a unified language that could lead to some well-founded and generic enforcement procedures. Therefore, we directly start by proposing to express access control constraints in an unified and generic way by mean of data dependencies. We show how to use well-founded procedures dedicated to dependencies (\emph{chases}) to enforce and reason on constrainted policies. Without requiring any rewriting previous to the inference process, our approach provide clean and intuitive debugging traces for security officers and is generic enough to capture expressive access control policies.
Type de document :
Communication dans un congrès
Leopoldo Bertossi and Henning Christiansen. LID'09 - International Workshop on Logic in Databases, Oct 2009, Roskilde University, Denmark. 127, pp.71-84, 2009, Computer Science Research Report
Liste complète des métadonnées

https://hal.inria.fr/hal-00789909
Contributeur : Daniel Le Métayer <>
Soumis le : mardi 19 février 2013 - 09:18:25
Dernière modification le : vendredi 10 novembre 2017 - 01:19:38

Identifiants

  • HAL Id : hal-00789909, version 1

Citation

Romuald Thion, Stéphane Coulondre. Data dependencies for access control policies.. Leopoldo Bertossi and Henning Christiansen. LID'09 - International Workshop on Logic in Databases, Oct 2009, Roskilde University, Denmark. 127, pp.71-84, 2009, Computer Science Research Report. 〈hal-00789909〉

Partager

Métriques

Consultations de la notice

131