Policy Administration in Tag-Based Authorization
نویسندگان
چکیده
Tag-Based Authorization (TBA) is a hybrid access control model that combines the ease of use of extensional access control models with the expressivity of logic-based formalisms. The main limitation of TBA is that it lacks support for policy administration. More precisely, it does not allow policy-writers to specify administrative policies that constrain the tags that users can assign, and to verify the compliance of assigned tags with these policies. In this paper we introduce TBA (Tag-Based Authorization & Administration), an extension of TBA that enables policy administration in distributed systems. We show that TBA is more expressive than TBA and than two reference administrative models proposed in the literature, namely HRU and ARBAC97.
منابع مشابه
A Formal Authorization Policy Model
This paper presents a formal model that interprets authorization policy behaviors. The model establishes a connection of applying authorization policies on an administration domain with dissecting the domain into the authorized, denied, and undefined divisions. This connection enables us to analyze authorization policy development problems such as policy merge, inconsistency, ambiguity, and red...
متن کاملImplementing Advanced RBAC Administration Functionality with USE1
Role-based access control (RBAC) is a powerful means for laying out and developing higher-level organizational policies such as separation of duty, and for simplifying the security management process. One of the important aspects of RBAC is authorization constraints that express such organizational policies. While RBAC has generated a great interest in the security community, organizations stil...
متن کاملDecentralized Temporal Authorization Administration
Access control is a significant issue in any secure database system. In this paper, we develop a logic programming based approach for temporal decentralized authorization administration in which users can be delegated, granted or forbidden some access rights for restricted periods of time. Three major aspects are taken into consideration for the semantics of the program, the temporal authorizat...
متن کاملTBA : A Hybrid of Logic and Extensional Access Control Systems
Logical policy-based access control models are greatly expressive and thus provide the flexibility for administrators to represent a wide variety of authorization policies. Extensional access control models, on the other hand, utilize simple data structures to better enable a less trained and non-administrative workforce to participate in the day-to-day operations of the system. In this paper, ...
متن کاملThe Role of Abduction in Declarative Authorization Policies
Declarative authorization languages promise to simplify the administration of access control systems by allowing the authorization policy to be factored out of the implementation of the resource guard. However, writing a correct policy is an error-prone task by itself, and little attention has been given to tools and techniques facilitating the analysis of complex policies, especially in the co...
متن کامل