One of the key requirements of an Adaptive Security Infrastructure (ASI) is the ability of formally reasoning about the specified security policies. In this paper, we contribute to this issue by focusing on one of the most relevant kind of security policies, i.e., access control policies. Several access control frameworks have been proposed so far in the literature, based on different formalisms. However, what has not yet so far extensively explored is the comparison of the expressive power of such frameworks. We believe that this is a key issue since such analysis can be the basis for choosing the framework that better fits the security needs of a given domain. This analysis is particular relevant for complex and distributed environments, like the ones in which the ASI paradigm may be usefully applied. The aim of this paper is thus to make a step in this direction by comparing the expressive power of three well known frameworks with respect to the set of access control models they are able to express.
On comparing the expressing power of access control model frameworks / E. Bertino, B. Catania, E. Ferrari, P. Perlasca - In: Foundations of Computer Security : Turku, Finland, July 12–13, 2004 : proceedings / [a cura di] A. Sabelfeld. - Turcu : Turcu Center for Computer Science, 2004. - ISBN 9521213728. - pp. 283-299 (( convegno Workshop on Foundations of Computer Security tenutosi a Turku, Finland nel 2004.
On comparing the expressing power of access control model frameworks
P. PerlascaUltimo
2004
Abstract
One of the key requirements of an Adaptive Security Infrastructure (ASI) is the ability of formally reasoning about the specified security policies. In this paper, we contribute to this issue by focusing on one of the most relevant kind of security policies, i.e., access control policies. Several access control frameworks have been proposed so far in the literature, based on different formalisms. However, what has not yet so far extensively explored is the comparison of the expressive power of such frameworks. We believe that this is a key issue since such analysis can be the basis for choosing the framework that better fits the security needs of a given domain. This analysis is particular relevant for complex and distributed environments, like the ones in which the ASI paradigm may be usefully applied. The aim of this paper is thus to make a step in this direction by comparing the expressive power of three well known frameworks with respect to the set of access control models they are able to express.
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
