A high level language for conventional access control models

  • Yun Bai
  • Vijay Varadharajan
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1438)


A formal language to specify general access control policies and their sequences of transformations has been proposed in [1]. The access control policy was specified by a domain description which consisted of a finite set of initial policy propositions, policy transformation propositions and default propositions. Usually, access control models are falls into two conventional categories: discretionary access control(DAC) and mandatory access control(MAC). Traditional DAC models basically enumerate all the subjects and objects in a system and regulate the access to the object based on the identity of the subject. It can be best represented by the HRU's access control matrix [4]. While on the other hand, MAC models are lattice based models, in the sense that each subject and object is associated with a sensitivity level which forms a lattice

Key words

Authorization Policies Formal Language Access Control Model Policy Transformations 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Y. Bai and V. Varadharajan, A Language for Specifying Sequences of Authorization Transformations and Its Applications. Proceedings of the International Conference on Information and Communication Security, vol 1334, pp39–49, November 1997.MATHGoogle Scholar
  2. 2.
    E. Bertino, Sushil Jajodia and P. Samarati, A Non-timestamped Authorization Model for Data Management Systems. Proceedings of the 3rd ACM Conference on Computer and Communications Security, pp169–178, 1996.Google Scholar
  3. 3.
    D.E.Denning, A Lattice Model of Secure Information Flow. Communications of the ACM, Vol. 19, No. 5, pp236–243, 1976.MATHMathSciNetCrossRefGoogle Scholar
  4. 4.
    M.R.Harrison, W.L.Ruzzo and J.D.Ullman, Protection in Operating Systems. Communications of the ACM, Vol. 19, No. 8, pp461–671, 1976.MATHMathSciNetCrossRefGoogle Scholar
  5. 5.
    S.Jajodia, P.Samarati, and V.S.Subrahmanian, A Logical Language for Expressing Authorizations, Proceedings of IEEE Symposium on Security and Privacy, 1997.Google Scholar
  6. 6.
    M.J.Nash and K.R.Poland, Some Conundrums Concerning Separation of Duty. Proceedings of IEEE Symposium on Security and Privacy, pp201–207, 1990.Google Scholar
  7. 7.
    R. Reiter, A logic for default reasoning, Artificial Intelligence, 13(1–2): 81–132, 1980.MATHMathSciNetCrossRefGoogle Scholar
  8. 8.
    R.S. Sandhu and S. Ganta, On the Expressive Power of the Unary Transformation Model, Third European Symposium on Research in Computer Security, pp 301–318, 1994.Google Scholar
  9. 9.
    T.Y.C. Woo and S.S. Lam, Authorization in distributed systems: A formal approach, Proceedings of IEEE Symposium on Research in Security and Privacy, pp 33–50, 1992.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1998

Authors and Affiliations

  • Yun Bai
    • 1
  • Vijay Varadharajan
    • 1
  1. 1.School of Computing and Information TechnologgUniversity of Western SydneyAustralia

Personalised recommendations