Advertisement

Towards a Mechanism for Discretionary Overriding of Access Control

  • Erik Rissanen
  • Babak Sadighi Firozabadi
  • Marek Sergot
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3957)

Abstract

Because it is difficult to predict access needs in advance and the limitations of formal policy languages it is difficult to completely define an access control policy ahead of the actual use. We suggest the use of an policy language which allows for override of denied access in some cases for increased flexibility. The overrides should be audited and we suggest that the access control policy can be used for finding the people who should perform the audit.

Keywords

Access Control Policy Language Security Policy Access Control Policy Access Control Model 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Bandmann, O., Dam, M., Sadighi Firozabadi, B.: Constrained Delegations. In: Proceedings of 2002 IEEE Symposium on Security and Privacy (2002)Google Scholar
  2. 2.
    Blaze, M., Feigenbaum, J., Lacy, J.: Decentralised Trust Management. In: Proceedings of the 17th Symposium on Security and Privacy, pp. 164–173 (1996)Google Scholar
  3. 3.
    Firozabadi, B.S., Sergot, M.J., Bandmann, O.: Using authority certificates to create management structures. In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds.) Security Protocols 2001. LNCS, vol. 2467, pp. 134–145. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  4. 4.
    Sadighi Firozabadi, B., Sergot, M.: Power and Permission in Security Systems. In: Proceedings of Security Protocols 7th International Workshop, pp. 48–53 (1999)Google Scholar
  5. 5.
    Jaffee, D.: Organization Theory: Tension and Change 99 (2001)Google Scholar
  6. 6.
    Li, G., Feigenbaum: A Logic-based Knowledge Representation for Authorization with Delegation. In: Proceedings of The 12th Computer Security Foundations Workshop (1999)Google Scholar
  7. 7.
    Odlyzko, A.M.: Economics, psychology, and sociology of security. In: Wright, R.N. (ed.) FC 2003. LNCS, vol. 2742, pp. 182–189. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  8. 8.
    Povey, D.: Optimistic security: a new access control paradigm. In: Proceedings of the 1999 workshop on New security paradigms, pp. 40–45 (2000)Google Scholar
  9. 9.
    Povey, D.: Enforcing Well-Formed and Partially Formed Transactions for UNIX. In: Proceedings of the 8th USENIX Security Symposium, pp. 47–62 (1999)Google Scholar
  10. 10.
    Stevens, G., Wulf, V.: A new dimension in access control: studying maintenance engineering across organizational boundaries. In: Proceedings of the 2002 ACM conference on Computer supported cooperative work, pp. 196–205 (2002)Google Scholar
  11. 11.
    Jaeger, T., Edwards, A., Zhang, X.: Managing access control policies using access control spaces. In: Proceedings of the seventh ACM symposium on Access control models and technologies, pp. 3–12 (2002)Google Scholar
  12. 12.

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Erik Rissanen
    • 1
  • Babak Sadighi Firozabadi
    • 1
  • Marek Sergot
    • 2
  1. 1.Swedish Institute of Computer ScienceSweden
  2. 2.Department of Computing, Imperial College of Science, Technology and MedicineUniversity of LondonUK

Personalised recommendations