Data dependencies for access control policies.

Romuald Thion 1 Stéphane Coulondre 2
2 BD - Base de Données
LIRIS - Laboratoire d'InfoRmatique en Image et Systèmes d'information
Abstract : Access control policies are set of facts and rules that determine whether an access request should be granted or denied. Policies must satisfy a set of constraints to reflect some high level organization requirements. First-order logic has been advocated for some time as a suitable formal framework for access control policies. However, though formally expressed, constraints are not defined in a unified language that could lead to some well-founded and generic enforcement procedures. Therefore, we directly start by proposing to express access control constraints in an unified and generic way by mean of data dependencies. We show how to use well-founded procedures dedicated to dependencies (\emph{chases}) to enforce and reason on constrainted policies. Without requiring any rewriting previous to the inference process, our approach provide clean and intuitive debugging traces for security officers and is generic enough to capture expressive access control policies.
Document type :
Conference papers
Complete list of metadatas

https://hal.inria.fr/hal-00789909
Contributor : Daniel Le Métayer <>
Submitted on : Tuesday, February 19, 2013 - 9:18:25 AM
Last modification on : Wednesday, November 20, 2019 - 3:05:59 AM

Identifiers

  • HAL Id : hal-00789909, version 1

Citation

Romuald Thion, Stéphane Coulondre. Data dependencies for access control policies.. LID'09 - International Workshop on Logic in Databases, Oct 2009, Roskilde University, Denmark. pp.71-84. ⟨hal-00789909⟩

Share

Metrics

Record views

265