Skip to main content
SpringerLink
Log in

A language for specifying sequences of authorization transformations and its applications

  • Session 1: Theoretical Foundations of Security
  • Conference paper
  • First Online:
Information and Communications Security (ICICS 1997)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 1334))

Included in the following conference series:

Abstract

A formal language to specify authorization policies and their transformations has been proposed in [1]. The authorization policy was specified using a policy base which consisted of a finite set of facts and a finite set of access constraints. In this paper, we modify the language to consider a sequence of authorization policy transformations. The syntax and semantics of the modified authorization policy language is presented. The central issue addressed in this paper is as follows: given a policy base and a sequence of transformations, what is the resulting policy base after performing the sequence of transformations? The language is able to represent incomplete information and allows denials to be expressed explicitly. We also use the proposed language to specify a variety of well known access control policies such as static separation of duty, dynamic separation of duty and Chinese wall security policy.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Y. Bai and V. Varadharajan, A logic for state transformations in authorization policies. In the Proceedings of the 10th IEEE Computer Security Foundations Workshop, pp 173–182, Massachusetts, June, 1997.

    Google Scholar 

  2. Y. Bai and V. Varadharajan, An Authorization Policy Language: Syntax and Semantics, Department of Computing, University of Western Sydney, Nepean, May 1997.

    Google Scholar 

  3. D.F.C.Brewer and M.J.Nash, The Chinese wall security policy. In Proceedings of IEEE Symposium on Security and Privacy, pp 215–228, Oakland, May 1989.

    Google Scholar 

  4. T.S-C. Chou, M. Winslett, Immortal: a Model-based Belief Revision System, The 2nd International Conference on Principles of Knowledge Representation and Reasoning, Morgan Kaufman Publishers Inc. pp 99–110, 1991.

    Google Scholar 

  5. R.S. Sandhu and S. Ganta, On the Minimality of Testing for Rights in Transformation Models. In Proceedings of IEEE Symposium on Research in Security and Privacy, pp 230–241, 1994.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Distributed System and Network Security Research Unit Department of Computing, University of Western Sydney, Nepean, P.O.Box 10, 2747, Kingswood, Australia

    Yun Bai & Vijay Varadharajan

Authors
  1. Yun Bai
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Vijay Varadharajan
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Yongfei Han Tatsuaki Okamoto Sihan Qing

Rights and permissions

Reprints and permissions

Copyright information

© 1997 Springer-Verlag

About this paper

Cite this paper

Bai, Y., Varadharajan, V. (1997). A language for specifying sequences of authorization transformations and its applications. In: Han, Y., Okamoto, T., Qing, S. (eds) Information and Communications Security. ICICS 1997. Lecture Notes in Computer Science, vol 1334. Springer, Berlin, Heidelberg. https://doi.org/10.1007/BFb0028460

Download citation

  • DOI: https://doi.org/10.1007/BFb0028460

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-63696-0

  • Online ISBN: 978-3-540-69628-5

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation