Abstract
In a multi-user information-sharing system, an authorization policy provides the ability to limit and control access to system, applications and information. In the real world, an authorization policy has temporal properties. That is, it needs to be updated to capture the changing requirements of applications, systems and users. These updates are implemented via transformations of the authorization policies. In this paper, we propose a logic-based approach to specify and to reason about state transformations in authorization policies. An authorization policy is specified using a policy base which comprises a finite set of facts and access constraints. We define the structure of the policy transformation and employ a model-based semantics to perform the transformation under the principle of minimal change. Furthermore, we extend the model-based semantics by introducing preference ordering to resolve possible conflicts during the transformation of policies. We also discuss the implementation of the model-based transformation approach and outline the relevant algorithms.
| Original language | English |
|---|---|
| Title of host publication | Proceedings - 10th Computer Security Foundations Workshop, CSFW 1997 |
| Publisher | IEEE Computer Society |
| Pages | 173-182 |
| Number of pages | 10 |
| ISBN (Electronic) | 0818679905 |
| DOIs | |
| Publication status | Published - 1997 |
| Event | 10th IEEE Computer Security Foundations Workshop, CSFW 1997 - Rockport, United States Duration: 10 Jun 1997 → 12 Jun 1997 |
Publication series
| Name | Proceedings - IEEE Computer Security Foundations Symposium |
|---|---|
| ISSN (Print) | 1940-1434 |
Conference
| Conference | 10th IEEE Computer Security Foundations Workshop, CSFW 1997 |
|---|---|
| Country/Territory | United States |
| City | Rockport |
| Period | 10/06/97 → 12/06/97 |
Bibliographical note
Publisher Copyright:© 1997 IEEE.