Refinement for Administrative Policies

M.A.C. Dekker, S. Etalle

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    2 Downloads (Pure)

    Abstract

    Flexibility of management is an important requisite for access control systems as it allows users to adapt the access control system in accordance with practical requirements. This paper builds on earlier work where we defined administrative policies for a general class of RBAC models. We present a formal definition of administrative refinement and we show that there is an ordering for administrative privileges which yields administrative refinements of policies. We argue (by giving an example) that this privilege ordering can be very useful in practice, and we prove that the privilege ordering is tractable.
    Original languageEnglish
    Title of host publicationSecure Data Management
    Subtitle of host publication4th VLDB Workshop, SDM 2007, Vienna, Austria, September 23-24, 2007. Proceedings
    EditorsWillem Jonker, Milan Petković
    Place of PublicationBerlin
    PublisherSpringer
    Pages33-46
    Number of pages15
    ISBN (Electronic)978-3-540-75248-6
    ISBN (Print)978-3-540-75247-9
    DOIs
    Publication statusPublished - Sept 2007
    Event4th VLDB Workshop on Secure Data Management, SDM 2007 - Vienna, Austria
    Duration: 23 Sept 200724 Sept 2007
    Conference number: 4

    Publication series

    NameLecture Notes in Computer Science
    PublisherSpringer
    Volume4721
    ISSN (Print)0302-9743
    ISSN (Electronic)1611-3349

    Workshop

    Workshop4th VLDB Workshop on Secure Data Management, SDM 2007
    Abbreviated titleSDM
    Country/TerritoryAustria
    CityVienna
    Period23/09/0724/09/07

    Keywords

    • SCS-Cybersecurity
    • Access control
    • Access control policy
    • Access control model
    • Access control system
    • Administrative policy

    Fingerprint

    Dive into the research topics of 'Refinement for Administrative Policies'. Together they form a unique fingerprint.

    Cite this