Please use this identifier to cite or link to this item:
Title: Relationship-Based Access Control Policies and Their Policy Languages
Authors: Fong, Philip
Siahaan, Ida
Keywords: Security, Language, Theory
Issue Date: 24-Jan-2011
Abstract: The Relationship-Based Access Control (ReBAC) model was recently proposed as a general-purpose access control model. It supports the natural expression of parameterized roles, the composition of policies, and the delegation of trust. Fong proposed a policy language that is based on Modal Logic for expressing and composing ReBAC policies. A natural question is whether such a language is representationally complete, that is, whether the language is capable of expressing all ReBAC policies that one is interested in expressing. In this work, we argue that the extensive use of what we call Relational Policies is what distinguishes ReBAC from traditional access control models. We show that Fong’s policy language is representationally incomplete in that certain previously studied Relational Policies are not expressible in the language. We introduce two extensions to the policy language of Fong, and prove that the extended policy language is representationally complete with respect to a well-defined subclass of Relational Policies.
Appears in Collections:Fong, Philip

Files in This Item:
File Description SizeFormat 
2011-990-02.pdf255.14 kBAdobe PDFView/Open

Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.