D-algebra for composing access control policy decisions
Abstract
This paper proposes a D-algebra to compose decisions from multiple access control policies. Compared to other algebra-based approaches aimed at policy composition, D-algebra is the only one that satisfies both functional completeness (any possible decision matrix can be expressed by a D-algebra formula) and computational effectiveness (a formula can be computed efficiently given any decision matrix). The D-algebra has several relevant applications in the context of access control policies, namely the analysis of policy languages decision mechanisms, and the development of tools for policy authoring and enforcement.
Keywords
access controls, decision, management, many-valued logic, mv-algebras, policy composition, security, security and protection, standardization
Date of this Version
2009
Comments
ASIACCS '09 Proceedings of the 4th International Symposium on Information, Computer, and Communications Security