DocumentCode
3382863
Title
Access control by Boolean expression evaluation
Author
Miller, Donald V. ; Baldwin, R.W.
Author_Institution
Tandem Comput. Inc., Cupertino, CA, USA
fYear
1989
fDate
4-8 Dec 1989
Firstpage
131
Lastpage
139
Abstract
An access control mechanism based on Boolean expression evaluation is presented. This mechanism allows the implementation of customer-specified, rather than vendor-specified, security policies. The mechanism makes it possible to easily implement such conventional mechanisms as access control lists, named access control lists, user groups, user attributes, user capability lists, and user roles. Additional access restrictions based on time, day, date, location, load average, or any customer-supplied function can be incorporated into access decisions. This mechanism can directly express Clark-Wilson triples, and it can easily implement policies that are difficult or impossible to implement using the Bell-LaPadula model
Keywords
Boolean functions; computer architecture; security of data; Boolean expression evaluation; Clark-Wilson triples; access control mechanism; customer-specified; security policies; user attributes; user capability lists; user groups; user roles; Access control; Data security; Dictionaries; Information security; Lab-on-a-chip; Monitoring;
fLanguage
English
Publisher
ieee
Conference_Titel
Computer Security Applications Conference, 1989., Fifth Annual
Conference_Location
Tucson, AZ
Print_ISBN
0-8186-2006-4
Type
conf
DOI
10.1109/CSAC.1989.81042
Filename
81042
Link To Document