Modelling Dynamic Access Control Policies for Web-Based Collaborative Systems

Abstract : We present a modelling language, called X-Policy, for web-based collaborative systems with dynamic access control policies. The access to resources in these systems depends on the state of the system and its configuration. The X-Policy language models systems as a set of actions. These actions can model system operations which are executed by users. The X-Policy language allows us to specify execution permissions on each action using complex access conditions which can depend on data values, other permissions, and agent roles. We demonstrate that X-Policy is expressive enough to model collaborative conference management systems. We model the EasyChair conference management system and we reason about three security attacks on EasyChair.
Type de document :
Communication dans un congrès
Sara Foresti; Sushil Jajodia. 24th Annual IFIP WG 11.3 Working Conference on Data and Applications Security and Privacy (DBSEC), Jun 2010, Rome, Italy. Springer, Lecture Notes in Computer Science, LNCS-6166, pp.295-302, 2010, Data and Applications Security and Privacy XXIV. 〈10.1007/978-3-642-13739-6_20〉
Liste complète des métadonnées

Littérature citée [11 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01056680
Contributeur : Hal Ifip <>
Soumis le : mercredi 20 août 2014 - 13:31:58
Dernière modification le : vendredi 11 août 2017 - 17:32:48
Document(s) archivé(s) le : jeudi 27 novembre 2014 - 11:46:41

Fichier

_49.pdf
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Hasan Qunoo, Mark Ryan. Modelling Dynamic Access Control Policies for Web-Based Collaborative Systems. Sara Foresti; Sushil Jajodia. 24th Annual IFIP WG 11.3 Working Conference on Data and Applications Security and Privacy (DBSEC), Jun 2010, Rome, Italy. Springer, Lecture Notes in Computer Science, LNCS-6166, pp.295-302, 2010, Data and Applications Security and Privacy XXIV. 〈10.1007/978-3-642-13739-6_20〉. 〈hal-01056680〉

Partager

Métriques

Consultations de la notice

76

Téléchargements de fichiers

46