Monotonicity and Completeness in Attribute-Based Access Control

  • Jason Crampton
  • Charles Morisset
Conference paper

DOI: 10.1007/978-3-319-11851-2_3

Part of the Lecture Notes in Computer Science book series (LNCS, volume 8743)
Cite this paper as:
Crampton J., Morisset C. (2014) Monotonicity and Completeness in Attribute-Based Access Control. In: Mauw S., Jensen C.D. (eds) Security and Trust Management. STM 2014. Lecture Notes in Computer Science, vol 8743. Springer, Cham

Abstract

There have been many proposals for access control models and authorization policy languages, which are used to inform the design of access control systems. Most, if not all, of these proposals impose restrictions on the implementation of access control systems, thereby limiting the type of authorization requests that can be processed or the structure of the authorization policies that can be specified. In this paper, we develop a formal characterization of the features of an access control model that imposes few restrictions of this nature. Our characterization is intended to be a generic framework for access control, from which we may derive access control models and reason about the properties of those models. In this paper, we consider the properties of monotonicity and completeness, the first being particularly important for attribute-based access control systems. XACML, an XML-based language and architecture for attribute-based access control, is neither monotonic nor complete. Using our framework, we define attribute-based access control models, in the style of XACML, that are, respectively, monotonic and complete.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Jason Crampton
    • 1
  • Charles Morisset
    • 2
  1. 1.Royal HollowayUniversity of LondonUK
  2. 2.Newcastle UniversityUK

Personalised recommendations