PTaCL: A Language for Attribute-Based Access Control in Open Systems

@article{Crampton2012PTaCLAL,
  title={PTaCL: A Language for Attribute-Based Access Control in Open Systems},
  author={Jason Crampton and Charles Morisset},
  journal={ArXiv},
  year={2012},
  volume={abs/1111.5767}
}
Many languages and algebras have been proposed in recent years for the specification of authorization policies. For some proposals, such as XACML, the main motivation is to address real-world requirements, typically by providing a complex policy language with somewhat informal evaluation methods; others try to provide a greater degree of formality --- particularly with respect to policy evaluation --- but support far fewer features. In short, there are very few proposals that combine a rich set… 
View PDF on arXiv
68 Citations
Highly Influential Citations
6
Background Citations
31
Methods Citations
22
Results Citations
2

68 Citations

Citation Type

Citation Type

Obligations in PTaCL
TLDR
This paper enhances PTaCL by extending the policy syntax to include obligations and defining the obligations that should be associated with an authorization decision and shows that obligation semantics provide a principled method for determining obligations for any policy-combining algorithm and the set of possible obligations in the presence of indeterminacy, thereby providing considerable advantages over existing approaches.
Towards A Generic Formal Framework for Access Control Systems
TLDR
This paper develops a formal characterization of the features of an access control model that imposes few restrictions, and considers the properties of monotonicity and completeness, the first being particularly important for attribute-based access control systems.
A Rigorous Framework for Specification, Analysis and Enforcement of Access Control Policies
TLDR
This paper introduces a formally-defined, fully-implemented framework for specification, analysis and enforcement of attribute-based access control policies in FACPL, a language with a compact, yet expressive, syntax for specification of real-world access control Policies and with a rigorously defined denotational semantics.
On Completeness in Languages for Attribute-Based Access Control
TLDR
This paper considers the expressive power of the rule- and policy-combining algorithms defined by the XACML standard, and proposes a new policy authorization language PTaCL which is canonically complete and is capable of expressing any arbitrary policy in a normal form.
Efficient evaluation of PBel access control policies
TLDR
This thesis presents the solution to this problem of automated generation of correct and efficient access control evaluation procedure based on Markov Decision Processes and proves formally its correctness with respect to formal semantics of the policy language PBel.
Analyzing access control policies with SMT
TLDR
The X2S framework is presented, a formal framework for the analysis of XACML policies that employs Satisfiability Modulo Theories (SMT) as the underlying reasoning mechanism, which allows more fine-grained analysis of policies and improves the performance of policy analysis significantly.
Sophisticated Access Control via SMT and Logical Frameworks
TLDR
By leveraging the programmability of the underlying logical framework, the system provides exceptionally flexible ways of resolving conflicts and composing policies, and shows that the system subsumes FIA (Fine-grained Integration Algebra), an algebra recently developed for the purpose of integrating complex policies.
POSTER: Analyzing Access Control Policies with SMT
TLDR
The X2S framework is presented, a formal framework for the analysis of XACML policies that employs Satisfiability Modulo Theories (SMT) as the underlying reasoning mechanism, which allows more fine-grained analysis of policies and improves the performance of policy analysis significantly.
Monotonicity and Completeness in Attribute-Based Access Control
TLDR
This paper develops a formal characterization of the features of an access control model that imposes few restrictions, and considers the properties of monotonicity and completeness, the first being particularly important for attribute-based access control systems.
An Expressive, Flexible and Uniform Logical Formalism for Attribute-based Access Control
TLDR
This paper recasts the high-level structure of ABAC models in a logical formalism that treats all types of actions uniformly, and provides improved flexibility in supporting a variety of different requirements depending on the domain.
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 18 REFERENCES
An algebra for composing access control policies
TLDR
An algebra of security policies together with its formal semantics is proposed and how to formulate complex policies in the algebra is illustrated, which provides the basis for the implementation of the algebra.
Access control policy combining: theory meets practice
TLDR
A policy combining language PCL, which can succinctly and precisely express a variety of PCAs, which is based on automata theory and linear constraints, and is more expressive than existing approaches.
Access-Control Policies via Belnap Logic: Effective and Efficient Composition and Analysis
  • G. Bruns, M. Huth
  • Computer Science
    2008 21st IEEE Computer Security Foundations Symposium
  • 2008
TLDR
This work defines a query language in which policy analysis questions can be phrased, and establishes expressiveness results showing that all data independent policies can be expressed in the policy language.
A propositional policy algebra for access control
TLDR
An algebra for manipulating access control policies at a higher level, where the operations of the algebra are abstracted from their specification details, and it is shown how to use algebraic identities to reason about consistency, completeness, and determinacy of composed policies using similar properties of their constituents.
An Authorization Framework Resilient to Policy Evaluation Failures
TLDR
This work defines syntax and semantics for an XACML-like policy language that uses simple binary operators to combine sub-policy decisions and identifies a number of strategies for optimizing policy evaluation and policy representation.
An algebra for fine-grained integration of XACML policies
TLDR
An algebra for fine-grained integration of sophisticated policies of collaborating parties, which consists of three binary and two unary operations, is able to support the specification of a large variety of integration constraints.
D-algebra for composing access control policy decisions
TLDR
This paper proposes a D-algebra to compose decisions from multiple access control policies, namely the analysis of policy languages decision mechanisms, and the development of tools for policy authoring and enforcement.
A fine-grained access control system for XML documents
TLDR
This work presents an access control model to protect information distributed on the Web that, by exploiting XML's own capabilities, allows the definition and enforcement of access restrictions directly on the structure and content of the documents.
Functional Completeness and Canonical Forms in Many-Valued Logics
This paper examines the questions of functional completeness and canonical completeness in many-valued logics, offering proofs for several theorems on these topics. A skeletal description of the
Securing XML Documents with Author-X
TLDR
Author-X is a Java-based system that addresses the security issues of access control and policy design for XML document administration and allows a user to verify a document's integrity without contacting the document server.
...
1
2
...