Title :
Access control by Boolean expression evaluation
Author :
Miller, Donald V. ; Baldwin, R.W.
Author_Institution :
Tandem Comput. Inc., Cupertino, CA, USA
Abstract :
An access control mechanism based on Boolean expression evaluation is presented. This mechanism allows the implementation of customer-specified, rather than vendor-specified, security policies. The mechanism makes it possible to easily implement such conventional mechanisms as access control lists, named access control lists, user groups, user attributes, user capability lists, and user roles. Additional access restrictions based on time, day, date, location, load average, or any customer-supplied function can be incorporated into access decisions. This mechanism can directly express Clark-Wilson triples, and it can easily implement policies that are difficult or impossible to implement using the Bell-LaPadula model
Keywords :
Boolean functions; computer architecture; security of data; Boolean expression evaluation; Clark-Wilson triples; access control mechanism; customer-specified; security policies; user attributes; user capability lists; user groups; user roles; Access control; Data security; Dictionaries; Information security; Lab-on-a-chip; Monitoring;
Conference_Titel :
Computer Security Applications Conference, 1989., Fifth Annual
Conference_Location :
Tucson, AZ
Print_ISBN :
0-8186-2006-4
DOI :
10.1109/CSAC.1989.81042
