Layered graph logic as an assertion language for access control policy models
نویسندگان
چکیده
We describe a uniform logical framework, based on a bunched logic that combines classical additives and very weak multiplicatives, for reasoning compositionally about access control policy models. We show how our approach takes account of the underlying system architecture, and so provides a way to identify and reason about how vulnerabilities may arise (and be removed) as a result of the architecture of the system. We consider, using frame rules, how local properties of access control policies are maintained as the system architecture evolves.
منابع مشابه
A model for specification, composition and verification of access control policies and its application to web services
Despite significant advances in the access control domain, requirements of new computational environments like web services still raise new challenges. Lack of appropriate method for specification of access control policies (ACPs), composition, verification and analysis of them have all made the access control in the composition of web services a complicated problem. In this paper, a new indepe...
متن کاملHow DoesStrawson Unify Epistemology, Ontology and Logic
Strawson’s conception of analysis as a ‘connective linguistic analysis’ makes it possible for him to achieve an indefinitely large range of ideas or concepts among them are certain numbers of fundamental, general and pervasive concepts or concept-types which not only are pre-theoretical or ahistorical, but also together constitute a structural framework only within whichlogic, ontology and epis...
متن کاملModel-Driven Trust Negotiation for Web Services
The Trust-Serv trust negotiation framework supports policy lifecycle management for Web services. T rust negotiation is an approach to access control whereby access is granted based on trust established in a negotiation between the service requester and the service provider. 1 In this negotiation, credentials — signed assertions that describe the owner's attributes — are exchanged iteratively t...
متن کاملAccess and Mobility Policy Control at the Network Edge
The fifth generation (5G) system architecture is defined as service-based and the core network functions are described as sets of services accessible through application programming interfaces (API). One of the components of 5G is Multi-access Edge Computing (MEC) which provides the open access to radio network functions through API. Using the mobile edge API third party analytics applications ...
متن کاملA Policy-Based Authorization System for Web Services: Integrating X-GTRBAC and WS-Policy
Authorization and access control in Web services is complicated by the unique requirements of the dynamic Web services paradigm. Amongst them is the requirement for a context-aware access control specification and a processing model to apply fine-grained access control on various components of a Web service. In this paper, we address these two requirements and present a policy-based authorizati...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- J. Log. Comput.
دوره 27 شماره
صفحات -
تاریخ انتشار 2017