Qun Ni
Elisa Bertino
Jorge Lobo
ABSTRACT
This paper proposes a D-algebra to compose decisions from multiple access control policies. Compared to other algebra-based approaches aimed at policy composition, D-algebra is the only one that satisfies both functional completeness (any possible decision matrix can be expressed by a D-algebra formula) and computational effectiveness (a formula can be computed efficiently given any decision matrix). The D-algebra has several relevant applications in the context of access control policies, namely the analysis of policy languages decision mechanisms, and the development of tools for policy authoring and enforcement.
- P. Ashley, S. Hada, G. Karjoth, and M. Schunter. E-p3p privacy policies and privacy authorization. In WPES, pages 103--109, 2002. Google Scholar
Digital Library
- M. Backes, M. Dürmuth, and R. Steinwandt. An algebra for composing enterprise privacy policies. In P. Samarati, P. Y. A. Ryan, D. Gollmann, and R. Molva, editors, ESORICS, volume 3193 of Lecture Notes in Computer Science, pages 33--52. Springer, 2004.Google Scholar
- M. Backes, B. Pfitzmann, and M. Schunter. A toolkit for managing enterprise privacy policies. In E. Snekkenes and D. Gollmann, editors, ESORICS, volume 2808 of Lecture Notes in Computer Science, pages 162--180. Springer, 2003.Google Scholar
- A. Barth, A. Datta, J. C. Mitchell, and H. Nissenbaum. Privacy and contextual integrity: Framework and applications. In SP '06: Proceedings of the 2006 IEEE Symposium on Security and Privacy (S&P'06), pages 184--198, Washington, DC, USA, 2006. IEEE Computer Society. Google ScholarDigital Library
- P. A. Bonatti, S. D. C. di Vimercati, and P. Samarati. A modular approach to composing access control policies. In ACM Conference on Computer and Communications Security, pages 164--173, 2000. Google ScholarDigital Library
- P. A. Bonatti, S. D. C. di Vimercati, and P. Samarati. An algebra for composing access control policies. ACM Trans. Inf. Syst. Secur., 5(1):1--35, 2002. Google ScholarDigital Library
- G. Bruns, D. S. Dantas, and M. Huth. A simple and expressive semantic framework for policy composition in access control. In P. Ning, V. Atluri, V. D. Gligor, and H. Mantel, editors, FMSE, pages 12--21. ACM, 2007. Google ScholarDigital Library
- G. Bruns and M. Huth. Access-control policies via belnap logic: Effective and efficient composition and analysis. In CSF, pages 163--176. IEEE Computer Society, 2008. Google ScholarDigital Library
- C. C. Chang. Algebraic analysis of many valued logics. Transactions of the American Mathematical Society, 88(2):467--490, jul 1958.Google ScholarCross Ref
- C. C. Chang. A new proof of the completeness of the lukasiewicz axioms. Transactions of the American Mathematical Society, 93(1):74--80, 1959.Google Scholar
- M. Fitting. Kleene's logic, generalized. J. Log. Comput., 1(6):797--810, 1991.Google ScholarCross Ref
- R. L. Graham. On n-valued functionally complete truth functions. The Journal of Symbolic Logic, 32(2):190--195, 1967.Google ScholarCross Ref
- W. H. Jobe. Functional completeness and canonical forms in many-valued logics. The Journal of Symbolic Logic, 27(4):409--422, 1962.Google ScholarCross Ref
- J. Lukasiewicz. O logice trojwartosciowej. Ruch filozoficzny, 5:170--171, 1920.Google Scholar
- J. Lukasiewicz. Aristotle's Syllogistic from the Standpoint of Modern Formal Logic. Garland Pub., New York, USA, first edition, 1987.Google Scholar
- N. M. Martin. The sheffer functions of 3-valued logic. The Journal of Symbolic Logic, 19(1):45--51, 1954.Google ScholarCross Ref
- R. McNaughton. A theorem about infinite-valued sentential logic. The Journal of Symbolic Logic, 16(1):1--13, 1951.Google ScholarCross Ref
- OASIS. eXtensible Access Control Markup Language (XACML) 2.0. Available at http://www.oasis-open.org/.Google Scholar
- D. Raub and R. Steinwandt. An algebra for enterprise privacy policies closed under composition and conjunction. In ETRICS, pages 130--144, 2006. Google ScholarDigital Library
- A. Rose and J. B. Rosser. Fragments of many-valued statement calculi. Transactions of the American Mathematical Society, 87(1):1--53, 1958.Google ScholarCross Ref
- J. B. Rosser and A. R. Turquette. Many-Valued Logics. North-Holland Publishing Co., Amsterdam, Netherland, first edition, 1952.Google Scholar
- D. Wijesekera and S. Jajodia. Policy algebras for access control: the propositional case. In ACM Conference on Computer and Communications Security, pages 38--47, 2001. Google ScholarDigital Library
- D. Wijesekera and S. Jajodia. A propositional policy algebra for access control. ACM Trans. Inf. Syst. Secur., 6(2):286--325, 2003. Google ScholarDigital Library
Index Terms
- D-algebra for composing access control policy decisions
Recommendations
An algebra for composing access control policies
Despite considerable advancements in the area of access control and authorization languages, current approaches to enforcing access control are all based on monolithic and complete specifications. This assumption is too restrictive when access control ...
A propositional policy algebra for access control
Security-sensitive environments protect their information resources against unauthorized use by enforcing access control mechanisms driven by access control policies. Due to the need to compare, contrast, and compose such protected information resources,...
Policy algebras for access control: the propositional case
CCS '01: Proceedings of the 8th ACM conference on Computer and Communications SecurityAlthough different organizations operate under different requirements for protection of their data, increasingly there is a need for organizations to connect their computing resources together to achieve common goals. The fundamental problem addressed ...
Comments