This paper describes the architecture and the core specification language of an extensible access control system, called MACS-Multipolicy Access Control System. Several access control models are supported. by the proposed system, including the mandatory model, a flexible discretionary model, and RBAC. In addition, by using the core specification language, users can define their own access control models. The language is complemented by a number of tools supporting users in the tasks of model specification and analysis, and authorization management. The proposed system is a multipolicy system in that it allows one to apply different policies to different partitions of the set of objects to be protected. Therefore, different access control policies can co-exist, thus enhancing the flexibility of the system.
A system to specify and manage multipolicy access control models / E. Bertino, B. Catania, E. Ferrari, P. Perlasca - In: Proceedings of the sixth ACM symposium on Access control models and technologies : 2001, Chantilly, Virginia, United StatesNew York : ACM, 2002. - ISBN 1581133502. - pp. 41-52 (( Intervento presentato al 6th. convegno ACM symposium on Access control models and technologies tenutosi a Chantilly, Virginia, United States nel 2001.
A system to specify and manage multipolicy access control models
P. PerlascaUltimo
2002
Abstract
This paper describes the architecture and the core specification language of an extensible access control system, called MACS-Multipolicy Access Control System. Several access control models are supported. by the proposed system, including the mandatory model, a flexible discretionary model, and RBAC. In addition, by using the core specification language, users can define their own access control models. The language is complemented by a number of tools supporting users in the tasks of model specification and analysis, and authorization management. The proposed system is a multipolicy system in that it allows one to apply different policies to different partitions of the set of objects to be protected. Therefore, different access control policies can co-exist, thus enhancing the flexibility of the system.
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
