Automated decomposition of access control policies

Author

Su, Linying ; Chadwick, David W. ; Basden, Andrew ; Cunningham, James A.

Author_Institution

Comput. Lab., Kent Univ., Canterbury, UK

fYear

2005

fDate

6-8 June 2005

Firstpage

3

Lastpage

13

Abstract

Modern dynamic distributed information systems need access control policies to address controlling access to multiple resources that are distributed. The resources may be considered as a single abstract hierarchical resource. An access control policy at a high level should be able to define who is allowed to use the resources. At tower levels, the policy will address controlling access to concrete resources. By modelling the resource hierarchy, it is possible that low level policies can be automatically produced from the high level policy. These low level policies can then be distributed to the concrete resources that use an existing policy based access control decision system so that the high level policy can be enforced throughout the system. In this paper a model for representing and refining high level policies is presented. Other relevant issues and examples for demonstrating the capability of the policy decomposition (refinement) process are also presented.

Keywords

authorisation; distributed processing; information systems; resource allocation; access control decision system; access control policy; automated decomposition; dynamic distributed information systems; policy decomposition; resource hierarchy modelling; Access control; Authorization; Automatic control; Concrete; Control systems; Decision making; Distributed information systems; Internet; Laboratories; Security;

fLanguage

English

Publisher

ieee

Conference_Titel

Policies for Distributed Systems and Networks, 2005. Sixth IEEE International Workshop on

Print_ISBN

0-7695-2265-3

Type

conf

DOI

10.1109/POLICY.2005.10

Filename

1454298