Reasoning with advanced policy rules and its application
to access control |
| |
Authors: | Email author" target="_blank">Claudio?BettiniEmail author Sushil?Jajodia X Sean?Wang Duminda?Wijesekera |
| |
Affiliation: | (1) DICo, Università di Milano, via Comelico 39, 20135 Milan, Italy;(2) Center for Secure Information Systems, George Mason University, Fairfax, VA 22030, USA;(3) Department of Computer Science, University of Vermont, Burlington, VT 05405, USA |
| |
Abstract: | This paper presents a formal framework to represent and manage advanced policy rules, which incorporate the notions of provision and obligation. Provisions are those conditions that need to be satisfied or actions that must be performed by a user or an agent before a decision is rendered, while obligations are those conditions or actions that must be fulfilled by either the user or agent or by the system itself within a certain period of time after the decision. This paper proposes a specific formalism to express provisions and obligations within a policy and investigates a reasoning mechanism within this framework. A policy decision may be supported by more than one rule-based derivation, each associated with a potentially different set of provisions and obligations (called a global PO set). The reasoning mechanism can derive all the global PO sets for each specific policy decision and facilitates the selection of the best one based on numerical weights assigned to provisions and obligations as well as on semantic relationships among them. The formal results presented in the paper hold for many applications requiring the specification of policies, but this paper illustrates the use of the proposed policy framework in the security domain only. |
| |
Keywords: | Policies Access control Policy rule evaluation Provisions Obligations |
本文献已被 SpringerLink 等数据库收录! |
|