Data dependencies for access control policies. - Archive ouverte HAL Access content directly
Conference Papers Year : 2009

Data dependencies for access control policies.

(1) , (2)
1
2
Stéphane Coulondre

Abstract

Access control policies are set of facts and rules that determine whether an access request should be granted or denied. Policies must satisfy a set of constraints to reflect some high level organization requirements. First-order logic has been advocated for some time as a suitable formal framework for access control policies. However, though formally expressed, constraints are not defined in a unified language that could lead to some well-founded and generic enforcement procedures. Therefore, we directly start by proposing to express access control constraints in an unified and generic way by mean of data dependencies. We show how to use well-founded procedures dedicated to dependencies (\emph{chases}) to enforce and reason on constrainted policies. Without requiring any rewriting previous to the inference process, our approach provide clean and intuitive debugging traces for security officers and is generic enough to capture expressive access control policies.
Not file

Dates and versions

hal-00789909 , version 1 (19-02-2013)

Identifiers

  • HAL Id : hal-00789909 , version 1

Cite

Romuald Thion, Stéphane Coulondre. Data dependencies for access control policies.. LID'09 - International Workshop on Logic in Databases, Oct 2009, Roskilde University, Denmark. pp.71-84. ⟨hal-00789909⟩
156 View
0 Download

Share

Gmail Facebook Twitter LinkedIn More