A Framework for the Modular Specification and Orchestration of Authorization Policies

  • Jason Crampton
  • Michael Huth
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7127)


Many frameworks for defining authorization policies fail to make a clear distinction between policy and state. We believe this distinction to be a fundamental requirement for the construction of scalable, distributed authorization services. In this paper, we introduce a formal framework for the definition of authorization policies, which we use to construct the policy authoring language APOL. This framework makes the required distinction between policy and state, and APOL permits the specification of complex policy orchestration patterns even in the presence of policy gaps and conflicts. A novel aspect of the language is the use of a switch operator for policy orchestration, which can encode the commonly used rule- and policy-combining algorithms of existing authorization languages. We define denotational and operational semantics for APOL and then extend our framework with statically typed methods for policy orchestration, develop tools for policy analysis, and show how that analysis can improve the precision of static typing rules.


Policy Language Operational Semantic Switch Statement Authorization State Base Policy 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Arieli, O., Avron, A.: The value of the four values. Artificial Intelligence 102(1), 97–141 (1998)CrossRefzbMATHMathSciNetGoogle Scholar
  2. 2.
    Backes, M., Dürmuth, M., Steinwandt, R.: An Algebra for Composing Enterprise Privacy Policies. In: Samarati, P., Ryan, P.Y.A., Gollmann, D., Molva, R. (eds.) ESORICS 2004. LNCS, vol. 3193, pp. 33–52. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  3. 3.
    Becker, M.Y., Sewell, P.: Cassandra: Distributed access control policies with tunable expressiveness. In: Proc. of 5th IEEE International Workshop on Policies for Distributed Systems and Networks, pp. 159–168 (2004)Google Scholar
  4. 4.
    Bell, D.E., La Padula, L.: Secure computer systems: Unified exposition and Multics interpretation. Technical Report MTR-2997, Mitre Corporation, Bedford, Massachusetts (1976)Google Scholar
  5. 5.
    Bertino, E., Castano, S., Ferrari, E.: Author-\(\mathcal{X}\): A comprehensive system for securing XML documents. IEEE Internet Computing 5(3), 21–31 (2001)CrossRefGoogle Scholar
  6. 6.
    Bonatti, P., de Capitani di Vimercati, S., Samarati, P.: An algebra for composing access control policies. ACM Transactions on Information and System Security 5(1), 1–35 (2002)CrossRefGoogle Scholar
  7. 7.
    Brewer, D., Nash, M.: The Chinese Wall security policy. In: Proc. of the 1989 IEEE Symp. on Security and Privacy, pp. 206–214 (1989)Google Scholar
  8. 8.
    Bruns, G., Dantas, D.S., Huth, M.: A simple and expressive semantic framework for policy composition in access control. In: Gligor, V.D., Mantel, H. (eds.) Proc. of the Fifth Workshop on Formal Methods in Security Engineering: From Specifications to Code, pp. 12–21 (2007)Google Scholar
  9. 9.
    Bruns, G., Huth, M.: Access control via Belnap logic: Effective and efficient composition and analysis. In: Sabelfeld, A. (ed.) Proc. of the 21st IEEE Computer Security Foundations Symp., pp. 163–176 (2008)Google Scholar
  10. 10.
    Damiani, E., di Vimercati, S.D.C., Paraboschi, S., Samarati, P.: A fine-grained access control system for XML documents. ACM Transactions on Information and System Security 5(2), 169–202 (2002)CrossRefGoogle Scholar
  11. 11.
    DeTreville, J.: Binder, a logic-based security language. In: Proc. of the 2002 IEEE Symp. on Security and Privacy, pp. 105–113 (2002)Google Scholar
  12. 12.
    Dougherty, D.J., Fisler, K., Adsul, B.: Specifying and Reasoning about Dynamic Access-Control Policies. In: Furbach, U., Shankar, N. (eds.) IJCAR 2006. LNCS (LNAI), vol. 4130, pp. 632–646. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  13. 13.
    Gong, L.: Inside Java 2 Platform Security. Addison-Wesley (1999)Google Scholar
  14. 14.
    Harrison, M.A., Ruzzo, W.L., Ullman, J.D.: Protection in operating systems. Communications of the ACM 19(8), 461–471 (1976)CrossRefzbMATHMathSciNetGoogle Scholar
  15. 15.
    Jagadeesan, R., Marrero, W., Pitcher, C., Saraswat, V.: Timed constraint programming: A declarative approach to usage control. In: Proc. of the 7th International ACM SIGPLAN Conference on Principles and Practice of Declarative Programming, pp. 164–175 (2005)Google Scholar
  16. 16.
    Meyer, B.: Applying “Design by Contract”. IEEE Computer 25(10), 40–51 (1992)CrossRefGoogle Scholar
  17. 17.
    Ni, Q., Bertino, E., Lobo, J.: D-Algebra for composing access control policy decisions. In: Proc. of 4th ACM Symp. on Information, Computer and Communications Security, pp. 298–309 (2009)Google Scholar
  18. 18.
    OASIS. Xtensible Access Control Markup Language (XACML) Version 2.0, OASIS Committee Specification (T. Moses, editor) (2005)Google Scholar
  19. 19.
    Ribeiro, C., Zuquete, A., Ferreira, P., Guedes, P.: SPL: An access control language for security policies and complex constraints. In: Proc. of the Network and Distributed System Security Symp. (NDSS), pp. 89–107 (February 2001)Google Scholar
  20. 20.
    Sasao, T.: Ternary decision diagrams: Survey. In: Proc. of the 27th International Symp. on Multiple-Valued Logic (ISMVL 1997), pp. 241–250 (1997)Google Scholar
  21. 21.
    Wijesekera, D., Jajodia, S.: A propositional policy algebra for access control. ACM Transactions on Information and System Security 6(2), 286–325 (2003)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Jason Crampton
    • 1
  • Michael Huth
    • 2
  1. 1.Information Security GroupRoyal Holloway, University of LondonUnited Kingdom
  2. 2.Department of ComputingImperial College LondonUnited Kingdom

Personalised recommendations