DocumentCode :
2415893
Title :
A policy validation framework for enterprise authorization specification
Author :
Chandramouli, Ramaswamy
Author_Institution :
Nat. Inst. of Stand. & Technol., Gaithersburg, MD, USA
fYear :
2003
fDate :
8-12 Dec. 2003
Firstpage :
319
Lastpage :
328
Abstract :
The validation of enterprise authorization specification for conformance to enterprise security policies requires an out-of-band framework in many situations since the enforcing access control mechanism does not provide this feature. We describe one such framework. The framework uses XML to encode the enterprise authorization specification, XML schema to specify the underlying access control model (which in our case is the role-based access control model (RBAC)) and Schematron language to encode the policy constraints. The conformance of the XML-encoded enterprise authorization specification to the structure of the RBAC model (specified through XML schema) as well as the policy constraints (specified through Schematron) are verified through a Schematron validator tool.
Keywords :
XML; authorisation; formal specification; specification languages; RBAC model; Schematron language; XML schema; enterprise authorization specification; enterprise security policies; policy validation tool; role-based access control; Access control; Authorization; Control systems; NIST; National security; Operating systems; Permission; Safety; Software systems; XML;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Computer Security Applications Conference, 2003. Proceedings. 19th Annual
Print_ISBN :
0-7695-2041-3
Type :
conf
DOI :
10.1109/CSAC.2003.1254336
Filename :
1254336
Link To Document :
https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=2415893
بازگشت