Access Control Policies and Languages Access Control Policies and Languages
نویسندگان
چکیده
Access control is the process of mediating every request to data and services maintained by a system and determining whether the request should be granted or denied. Expressiveness and flexibility are top requirements for an access control system together with, and usually in conflict with, simplicity and efficiency. In this paper, we discuss the main desiderata for access control systems and illustrate the main characteristics of access control solutions.
منابع مشابه
Access Control Policies and Languages in Open Environments
One of the most challenging problems in managing large, distributed, and heterogeneous networked systems is specifying and enforcing access control security policies regulating interactions between parties and access to services and resources. Recent proposals for specifying and exchanging access control policies adopt different types of access control languages. In this chapter, we review thre...
متن کاملThe Clarity of Languages for Access-Control Policies
Languages for the specification of access-control policies should support language features that allow for policies to be written in a clear manner. This work presents a set of language features found in current access-control languages and formalizes a set of intuitive properties the author believes to be relevant to policy clarity. The author analyzes access-control languages with respect to ...
متن کاملAn automatic test case generator for evaluating implementation of access control policies
One of the main requirements for providing software security is the enforcement of access control policies which aim to protect resources of the system against unauthorized accesses. Any error in the implementation of such policies may lead to undesirable outcomes. For testing the implementation of access control policies, it is preferred to use automated methods which are faster and more relia...
متن کاملEnforcing RBAC Policies over Data Stored on Untrusted Server (Extended Version)
One of the security issues in data outsourcing is the enforcement of the data owner’s access control policies. This includes some challenges. The first challenge is preserving confidentiality of data and policies. One of the existing solutions is encrypting data before outsourcing which brings new challenges; namely, the number of keys required to access authorized resources, efficient policy u...
متن کاملA model for specification, composition and verification of access control policies and its application to web services
Despite significant advances in the access control domain, requirements of new computational environments like web services still raise new challenges. Lack of appropriate method for specification of access control policies (ACPs), composition, verification and analysis of them have all made the access control in the composition of web services a complicated problem. In this paper, a new indepe...
متن کامل