A Formal Authorization Policy Model
نویسندگان
چکیده
This paper presents a formal model that interprets authorization policy behaviors. The model establishes a connection of applying authorization policies on an administration domain with dissecting the domain into the authorized, denied, and undefined divisions. This connection enables us to analyze authorization policy development problems such as policy merge, inconsistency, ambiguity, and redundancy by examining the domain elements mapped into each of the divisions. In addition, three distinct authorization values are assigned to the divisions based on the permission of access control, and are used to calculate partition index of each rule or policy for measurement purpose. The entire measurable model provides a method to analyze and develop correct and conflict free authorization policies.
منابع مشابه
A Formal Approach to Modelling Delegation Policy Based On Subject Attributes And Role Hierarchy
There are considerable number of approaches to policy specification both for security and policy driven network management. This specification sort security policies into two basic types: authorization and obligation policies. Most of the researches in security policies specification over the years focus on authorization policy modelling. In this paper, we report our approach in developing an i...
متن کاملAn Effective Modality Conflict Model for Identifying Applicable Policies During Policy Evaluation
Policy evaluation is a process to determine whether a request submitted by a user satisfies the access control policies defined by an organization. Modality conflict is one of the main issues in policy evaluation. Existing modality conflict detection approaches do not consider complex condition attributes such as spatial and temporal constraints. An effective authorization propagation rule is n...
متن کاملAuthorization in distributed systems: a formal approach
In most systems, authorization is speciied using some low-level system-speciic mechanisms, e.g. protection bits, capabilities and access control lists. We argue that authorization is an independent semantic concept that must be separated from implementation mechanisms and given a precise semantics. We propose a logical approach to representing and evaluating authorization. Speciically, we intro...
متن کاملLogic Based Authorization Policy Engineering
This paper presents an engineering process for authorization policy development. This process includes formal specification, verification, testing and integration. A general architecture along with supporting toolset is described. In addition, a practical solution based on logic programming is further discussed. Finally, an example demonstrating the application of the methodology is provided.
متن کاملSpecification, analysis and transformation of security policies via rewriting techniques
Formal methods for the specification and analysis of security policies have drawn many attention recently. It is now well known that security policies can be represented using rewriting systems. These systems constitute an interesting formalism to prove properties while provides an operational way to evaluate authorization requests. In this paper, we propose to split the expression of security ...
متن کامل