Lookup NU author(s): Dr Charles Morisset
Full text for this publication is not currently held within this repository. Alternative links are provided below where available.
There have been many proposals for access control models and authorization policy languages, which are used to inform the design of access control systems. Most, if not all, of these proposals impose restrictions on the implementation of access control systems, thereby limiting the type of authorization requests that can be processed or the structure of the authorization policies that can be specified. In this paper, we develop a formal characterization of the features of an access control model that imposes few restrictions of this nature. Our characterization is intended to be a generic framework for access control, from which we may derive access control models and reason about the properties of those models. In this paper, we consider the properties of monotonicity and completeness, the first being particularly important for attribute-based access control systems. XACML, an XML-based language and architecture for attribute-based access control, is neither monotonic nor complete. Using our framework, we define attribute-based access control models, in the style of XACML, that are, respectively, monotonic and complete.
Author(s): Crampton J, Morisset C
Editor(s): Sjouke Mauw, Christian Damsgaard Jensen
Publication type: Conference Proceedings (inc. Abstract)
Publication status: Published
Conference Name: 10th International Workshop on Security and Trust Management (STM 2014)
Year of Conference: 2014
Online publication date: 10/09/2014
Acceptance date: 01/01/1900
Library holdings: Search Newcastle University Library for this item