A system to specify and manage multipolicy access control models

Author

Bertino, Elisa ; Catania, Barbara ; Ferrari, Elena ; Perlasca, Paolo

Author_Institution

Dipt. di Sci. dell´´Informazione, Milan Univ., Italy

fYear

2002

fDate

2002

Firstpage

116

Lastpage

127

Abstract

This paper describes the architecture and the core specification language of an extensible access control system, called MACS-Multipolicy Access Control System. Several access control models are supported. by the proposed system, including the mandatory model, a flexible discretionary model, and RBAC. In addition, by using the core specification language, users can define their own access control models. The language is complemented by a number of tools supporting users in the tasks of model specification and analysis, and authorization management. The proposed system is a multipolicy system in that it allows one to apply different policies to different partitions of the set of objects to be protected. Therefore, different access control policies can co-exist, thus enhancing the flexibility of the system.

Keywords

authorisation; security of data; MACS; Multipolicy Access Control System; RBAC; access control mechanism; access control models; architecture; authorization management; core specification language; extensible access control system; multipolicy system; security requirements; Access control; Authorization; History; Instruments; Object oriented modeling; Protection; Security; Specification languages;

fLanguage

English

Publisher

ieee

Conference_Titel

Policies for Distributed Systems and Networks, 2002. Proceedings. Third International Workshop on

Print_ISBN

0-7695-1611-4

Type

conf

DOI

10.1109/POLICY.2002.1011299

Filename

1011299