Conference Paper

PolicyMorph: Interactive Policy Transformations for a Logical Attribute-Based Access Control Framework

New York, NY, USA
DOI: 10.1145/1266840.1266874 Conference: Proceedings of the 12th ACM symposium on Access control models and technologies
Source: DBLP

ABSTRACT Constraint systems provide techniques for automatically analyzing the conformance of low-level access control policies to high-level business rules formalized as logical constraints. However, there are likely to be priorities for solutions that are not easy to encode formally, so administrator input is often important. This paper introduces PolicyMorph, a constraint system that supports interactive development and maintenance of access control policies that respect both formalized and un-formalized business rules and priorities. We provide a mathematical description of the system and an architecture for implementing it. We constructed a prototype that is validated using a case study in which constraints are imposed on a building automation system that controls door locks. PolicyMorph advances the state-of-the-art in constraint systems by suggesting predictable policy model modifications that will resolve specific constraint violations and then allowing policy administrators to select the appropriate mo

  • Source
  • [Show abstract] [Hide abstract]
    ABSTRACT: This paper considers the privacy issues in attribute-based access control systems, and presents a privacy-preserving access control protocol named as symmetrically oblivious envelope protocol. Its important property is symmetric privacy, i.e., the resource owner can't learn attribute values of the resource requester, and the resource requester can't learn access control policies established by resource owner. The proposed protocol can support access control policies constructed by various comparison predicates such as =, >, ges,
    2009 IEEE International Conference on e-Business Engineering, ICEBE 2009, Macau, China, 21-23 October 2009; 01/2009
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: Access control and privacy policy relations tend to focus on decision outcomes and are very sensitive to defined terms and state. Small changes or updates to a policy language or vocabulary may make two similar policies incomparable. To address this we develop two flexible policy relations derived from bisimulation in process calculi. Strong licensing compares the outcome of two policies strictly, similar to strong bisimulation. Weak licensing compares the outcome of policies more flexibly by ignoring irrelevant (non-conflicting)differences between outcomes, similar to weak bisimulation. We illustrate the relations using examples from P3P.
    Policies for Distributed Systems and Networks, IEEE International Workshop on. 01/2009;


1 Download
Available from