By Topic

A research challenge in modeling access control policies: Modeling recommendations

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

1 Author(s)
Anas Abou El Kalam ; Université de Toulouse - IRIT - INPT / ENSEEIHT, 2 rue Camichel, F-31071 Cedex 7, France

Security Policies should be well-defined in any serious security study and should capture all the requirements of the targeted system. However, while current and emergent applications become more and more complex, most of the existing security policies and models only consider a yes/no response to the access requests. Consequently, modeling, formalizing and implementing permissions, obligations and prohibitions do not cover the richness of all the possible scenarios. In fact, many applications have access rules with the recommendation access modality. In this paper we focus on the problem of security policies formalization. The aim is to provide a generic domain- independent approach. In order to achieve these goals, we have chosen a logic-based approach that enhances the Deontic logic (the logic of permissions, obligations and prohibitions) with the recommendation and inadvisable access modalities. We thus present a new logical framework including a Recommendation Specification Language (RSL) as well as the necessary axiomatic to derive rules and to reason (e.g., query, verify) on the security policy. Our logical framework can thus be used by security administrators to automatically derive consequences of their policies.

Published in:

2008 Second International Conference on Research Challenges in Information Science

Date of Conference:

3-6 June 2008