Policy administration in tag-based authorization

Sandro Etalle, Timothy L. Hinrichs, Adam J. Lee, Daniel Trivellato, Nicola Zannone

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    1 Citation (Scopus)
    41 Downloads (Pure)

    Abstract

    Tag-Based Authorization (TBA) is a hybrid access control model that combines the ease of use of extensional access control models with the expressivity of logic-based formalisms. The main limitation of TBA is that it lacks support for policy administration. More precisely, it does not allow policy-writers to specify administrative policies that constrain the tags that users can assign, and to verify the compliance of assigned tags with these policies. In this paper we introduce TBA2 (Tag-Based Authorization & Administration), an extension of TBA that enables policy administration in distributed systems. We show that TBA2 is more expressive than TBA and than two reference administrative models proposed in the literature, namely HRU and ARBAC97.
    Original languageUndefined
    Title of host publication5th International Symposium on Foundations and Practice of Security, FPS 2012
    Place of PublicationBerlin
    PublisherSpringer
    Pages162-179
    Number of pages18
    ISBN (Print)978-3-642-37119-6
    DOIs
    Publication statusPublished - 2013
    Event5th International Symposium on Foundations and Practice of Security 2012 - Montreal, Canada
    Duration: 25 Oct 201226 Oct 2012
    Conference number: 5
    http://conferences.telecom-bretagne.eu/fps2012/

    Publication series

    NameLecture Notes in Computer Science
    PublisherSpringer Verlag
    Volume7743
    ISSN (Print)0302-9743
    ISSN (Electronic)1611-3349

    Conference

    Conference5th International Symposium on Foundations and Practice of Security 2012
    Abbreviated titleFPS 2012
    CountryCanada
    CityMontreal
    Period25/10/1226/10/12
    Internet address

    Keywords

    • EWI-23344
    • SCS-Cybersecurity
    • policy administration
    • IR-86128
    • Access Control
    • METIS-297634
    • auditing

    Cite this

    Etalle, S., Hinrichs, T. L., Lee, A. J., Trivellato, D., & Zannone, N. (2013). Policy administration in tag-based authorization. In 5th International Symposium on Foundations and Practice of Security, FPS 2012 (pp. 162-179). (Lecture Notes in Computer Science; Vol. 7743). Berlin: Springer. https://doi.org/10.1007/978-3-642-37119-6_11
    Etalle, Sandro ; Hinrichs, Timothy L. ; Lee, Adam J. ; Trivellato, Daniel ; Zannone, Nicola. / Policy administration in tag-based authorization. 5th International Symposium on Foundations and Practice of Security, FPS 2012. Berlin : Springer, 2013. pp. 162-179 (Lecture Notes in Computer Science).
    @inproceedings{929536cde305499dbc4bcafbdd90a4e1,
    title = "Policy administration in tag-based authorization",
    abstract = "Tag-Based Authorization (TBA) is a hybrid access control model that combines the ease of use of extensional access control models with the expressivity of logic-based formalisms. The main limitation of TBA is that it lacks support for policy administration. More precisely, it does not allow policy-writers to specify administrative policies that constrain the tags that users can assign, and to verify the compliance of assigned tags with these policies. In this paper we introduce TBA2 (Tag-Based Authorization & Administration), an extension of TBA that enables policy administration in distributed systems. We show that TBA2 is more expressive than TBA and than two reference administrative models proposed in the literature, namely HRU and ARBAC97.",
    keywords = "EWI-23344, SCS-Cybersecurity, policy administration, IR-86128, Access Control, METIS-297634, auditing",
    author = "Sandro Etalle and Hinrichs, {Timothy L.} and Lee, {Adam J.} and Daniel Trivellato and Nicola Zannone",
    note = "10.1007/978-3-642-37119-6_11",
    year = "2013",
    doi = "10.1007/978-3-642-37119-6_11",
    language = "Undefined",
    isbn = "978-3-642-37119-6",
    series = "Lecture Notes in Computer Science",
    publisher = "Springer",
    pages = "162--179",
    booktitle = "5th International Symposium on Foundations and Practice of Security, FPS 2012",

    }

    Etalle, S, Hinrichs, TL, Lee, AJ, Trivellato, D & Zannone, N 2013, Policy administration in tag-based authorization. in 5th International Symposium on Foundations and Practice of Security, FPS 2012. Lecture Notes in Computer Science, vol. 7743, Springer, Berlin, pp. 162-179, 5th International Symposium on Foundations and Practice of Security 2012, Montreal, Canada, 25/10/12. https://doi.org/10.1007/978-3-642-37119-6_11

    Policy administration in tag-based authorization. / Etalle, Sandro; Hinrichs, Timothy L.; Lee, Adam J.; Trivellato, Daniel; Zannone, Nicola.

    5th International Symposium on Foundations and Practice of Security, FPS 2012. Berlin : Springer, 2013. p. 162-179 (Lecture Notes in Computer Science; Vol. 7743).

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    TY - GEN

    T1 - Policy administration in tag-based authorization

    AU - Etalle, Sandro

    AU - Hinrichs, Timothy L.

    AU - Lee, Adam J.

    AU - Trivellato, Daniel

    AU - Zannone, Nicola

    N1 - 10.1007/978-3-642-37119-6_11

    PY - 2013

    Y1 - 2013

    N2 - Tag-Based Authorization (TBA) is a hybrid access control model that combines the ease of use of extensional access control models with the expressivity of logic-based formalisms. The main limitation of TBA is that it lacks support for policy administration. More precisely, it does not allow policy-writers to specify administrative policies that constrain the tags that users can assign, and to verify the compliance of assigned tags with these policies. In this paper we introduce TBA2 (Tag-Based Authorization & Administration), an extension of TBA that enables policy administration in distributed systems. We show that TBA2 is more expressive than TBA and than two reference administrative models proposed in the literature, namely HRU and ARBAC97.

    AB - Tag-Based Authorization (TBA) is a hybrid access control model that combines the ease of use of extensional access control models with the expressivity of logic-based formalisms. The main limitation of TBA is that it lacks support for policy administration. More precisely, it does not allow policy-writers to specify administrative policies that constrain the tags that users can assign, and to verify the compliance of assigned tags with these policies. In this paper we introduce TBA2 (Tag-Based Authorization & Administration), an extension of TBA that enables policy administration in distributed systems. We show that TBA2 is more expressive than TBA and than two reference administrative models proposed in the literature, namely HRU and ARBAC97.

    KW - EWI-23344

    KW - SCS-Cybersecurity

    KW - policy administration

    KW - IR-86128

    KW - Access Control

    KW - METIS-297634

    KW - auditing

    U2 - 10.1007/978-3-642-37119-6_11

    DO - 10.1007/978-3-642-37119-6_11

    M3 - Conference contribution

    SN - 978-3-642-37119-6

    T3 - Lecture Notes in Computer Science

    SP - 162

    EP - 179

    BT - 5th International Symposium on Foundations and Practice of Security, FPS 2012

    PB - Springer

    CY - Berlin

    ER -

    Etalle S, Hinrichs TL, Lee AJ, Trivellato D, Zannone N. Policy administration in tag-based authorization. In 5th International Symposium on Foundations and Practice of Security, FPS 2012. Berlin: Springer. 2013. p. 162-179. (Lecture Notes in Computer Science). https://doi.org/10.1007/978-3-642-37119-6_11