Decentralized Composite Access Control

  • Petar Tsankov
  • Srdjan Marinovic
  • Mohammad Torabi Dashti
  • David Basin
Conference paper

DOI: 10.1007/978-3-642-54792-8_14

Part of the Lecture Notes in Computer Science book series (LNCS, volume 8414)
Cite this paper as:
Tsankov P., Marinovic S., Dashti M.T., Basin D. (2014) Decentralized Composite Access Control. In: Abadi M., Kremer S. (eds) Principles of Security and Trust. POST 2014. Lecture Notes in Computer Science, vol 8414. Springer, Berlin, Heidelberg

Abstract

Formal foundations for access control policies with both authority delegation and policy composition operators are partial and limited. Correctness guarantees cannot therefore be formally stated and verified for decentralized composite access control systems, such as those based on XACML 3. To address this problem we develop a formal policy language BelLog that can express both delegation and composition operators. We illustrate, through examples, how BelLog can be used to specify practical policies. Moreover, we present an analysis framework for reasoning about BelLog policies and we give decidability and complexity results for policy entailment and policy containment in BelLog.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer-Verlag Berlin Heidelberg 2014

Authors and Affiliations

  • Petar Tsankov
    • 1
  • Srdjan Marinovic
    • 1
  • Mohammad Torabi Dashti
    • 1
  • David Basin
    • 1
  1. 1.Institute of Information SecurityETH ZurichSwitzerland

Personalised recommendations