- 1.MartLn Abadi and Leslie Lamp~tt. Composing Specifications. ACM Transactions on Programming Languages and Systems, 15(I):73-132, January 1993. Google ScholarDigital Library
- 2.Marshall D. Abrams, Kenneth W. Eggers, Leonard J. La Padula, and Ingrid M. Olson. A Generalized Framework for Access Control: An Informal Description. In 13th National Computer Security Conference, pages 135-- 143, Washington, D.C., October 1990.Google Scholar
- 3.W. E. Boebert and R. Y. Kain. A practical alternative to hierarchical integrity policies. In Proceedings 8th National Computer Security Conference, pages 18-27, Gaithersburg, ME), October 1985.Google Scholar
- 4.David E C. Brewer and bfiehael J. Nash. The Chinese wall security policy. In IEEE Symposium on Security and Privacy, pages 206--214, Oakland, CA, May 1989.Google Scholar
- 5.David D. Clark and David R. Wilson. A comparison of commercial and military computer security policies. In IEEE Symposium on Security and Privacy, pages 184-194, Oakland, CA, April 1987.Google Scholar
- 6.Todd Fine. A Framework for Composition. In Proceedings of the Eleventh Annual Conference on Computer Assurance, pages 199-212, Gaithersburg, Maryland, June 1996.Google Scholar
- 7.Todd Fine and Spencer E. Minear. Assuring Distributed Trusted Math. In Proceedings IEEE Computer Society Symposium on Research in Security and Privacy, pages 206--218, Oakland, CA, May 1993. Google ScholarDigital Library
- 8.Hilary H. Hosmer. Metapolicies 11. In 15thNational Computer Security Conference, pages 369-378, Baltimore, MD, october 1992.Google Scholar
- 9.Hilary H. Hosmer. The Multipolicy Paradigm. In 15th National Computer Security Conference, pages 409--422, Baltimore, ME), October 1992.Google Scholar
- 10.Catherine Jensen McCollum, Judith R. Messing, and LouAnna Notargiacomo. Beyond the pale of MAC and DAC- defining new forms of access control. In IEEE Symposium on Security and Privacy, pages 190-200, Oakland, CA, May 1990.Google ScholarCross Ref
- 11.Spencer E. Minear. Providing Policy Control Over Object Operations in a Mach Based System. In Proceedings of the Fifih USE2VIX UNIX Security Symposium, pages 141-156, Salt Lake City, Utah, June 1995. Google ScholarDigital Library
- 12.NCSC. Trusted Computer Systems Evaluation Criteria. Standard, DOD 5200.28-STD, US National Computer Security Center, Fort George G. Meade, Ma~land 20755-6000, December 1985.Google Scholar
- 13.John Page,Jody Heanoy, Marc Adkins, and Gary Dolsen. Evaluation of Security Model Rule Bases. In 12th National Computer Security Conference, pages 98-111, Baltimore, MD, october 1989.Google Scholar
- 14.Secure Computing Corporation. DTOS Generalized Security Policy Specification. Technical report, Secure Computing Corporation, 2675 Long Lake Road, Roseville, Minnesota 55113-2536, January 1995. DTOS CDRL A019.Google Scholar
- 15.N. Shankar. A lazy approach to compositional verification. Technical Report TSL-93-08, SKI International, December 1993.Google Scholar
- 16.J.M. Spivey. The Z Notation: A Reference Manual. Prentice Hall International, 1992. Google ScholarDigital Library
- 17.Bruce J. Walker, Richard A. Kemmerer, and Gerald J. PopeL Specification and Verification of the UCLA Unix Security Kernel. Communications of the ACM, 23(2): 118-131, February 1980. Google ScholarDigital Library
Index Terms
- Developing and using a “policy neutral” access control policy
Recommendations
Access control policy combining: theory meets practice
SACMAT '09: Proceedings of the 14th ACM symposium on Access control models and technologiesMany access control policy languages, e.g., XACML, allow a policy to contain multiple sub-policies, and the result of the policy on a request is determined by combining the results of the sub-policies according to some policy combining algorithms (PCAs)...
Network-level access control policy analysis and transformation
Network-level access control policies are often specified by various people (network, application, and security administrators), and this may result in conflicts or suboptimal policies. We have defined a new formal model for policy representation that ...
Comments