Policy administration in tag-based authorization

Sandro Etalle, Timothy L. Hinrichs, Adam J. Lee, Daniel Trivellato, Nicola Zannone

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    2 Citations (Scopus)
    83 Downloads (Pure)


    Tag-Based Authorization (TBA) is a hybrid access control model that combines the ease of use of extensional access control models with the expressivity of logic-based formalisms. The main limitation of TBA is that it lacks support for policy administration. More precisely, it does not allow policy-writers to specify administrative policies that constrain the tags that users can assign, and to verify the compliance of assigned tags with these policies. In this paper we introduce TBA2 (Tag-Based Authorization & Administration), an extension of TBA that enables policy administration in distributed systems. We show that TBA2 is more expressive than TBA and than two reference administrative models proposed in the literature, namely HRU and ARBAC97.
    Original languageUndefined
    Title of host publication5th International Symposium on Foundations and Practice of Security, FPS 2012
    Place of PublicationBerlin
    Number of pages18
    ISBN (Print)978-3-642-37119-6
    Publication statusPublished - 2013
    Event5th International Symposium on Foundations and Practice of Security 2012 - Montreal, Canada
    Duration: 25 Oct 201226 Oct 2012
    Conference number: 5

    Publication series

    NameLecture Notes in Computer Science
    PublisherSpringer Verlag
    ISSN (Print)0302-9743
    ISSN (Electronic)1611-3349


    Conference5th International Symposium on Foundations and Practice of Security 2012
    Abbreviated titleFPS 2012
    Internet address


    • EWI-23344
    • SCS-Cybersecurity
    • policy administration
    • IR-86128
    • Access Control
    • METIS-297634
    • auditing

    Cite this