Title :
Authorization in distributed systems: a formal approach
Author :
Woo, Thomas Y C ; Lam, Simon S.
Author_Institution :
Dept. of Comput. Sci., Texas Univ., Austin, TX, USA
Abstract :
It is argued that authorization is an independent semantic concept that must be separated from implementation mechanisms and given a precise semantics. A logical approach to representing and evaluating authorization is proposed. Specifically, a language for specifying policy bases is introduced. A policy base encodes a set of authorization requirements and is given a precise semantics based on a formal notion of authorization policy. The semantics is computable, thus providing a basis for authorization evaluation. Two composition operators for policy bases which are appropriate for modeling distributed systems with multiple administrative domains are introduced
Keywords :
authorisation; distributed processing; message authentication; specification languages; authentication; authorization; distributed systems; policy base; specification language; Access control; Authorization; Control systems; Distributed computing; File systems; Large-scale systems; Permission; Production facilities; Protection; Security;
Conference_Titel :
Research in Security and Privacy, 1992. Proceedings., 1992 IEEE Computer Society Symposium on
Conference_Location :
Oakland, CA
Print_ISBN :
0-8186-2825-1
DOI :
10.1109/RISP.1992.213272
