Glenn Bruns, Daniel S. Dantas, Michael Huth
In defining large, complex access control policies, one would like to compose sub-policies, perhaps authored by different organizations, into a single global policy. Existing policy composition approaches tend to be ad-hoc, and do not explain whether too many or too few policy combinators have been defined. We define an access control policy as a *four-valued* predicate that maps accesses to either *grant*, *deny*, *conflict*, or *unspecified*. These correspond to the four elements of the Belnap bilattice. Functions on this bilattice are then extended to policies to serve as policy combinators. We argue that this approach provides a simple and natural semantic framework for policy composition, with a minimal but functionally complete set of policy combinators. We define derived, higher-level operators that are convenient for the specification of access control policies, and enable the decoupling of conflict resolution from policy composition. Finally, we propose a basic query language and show that it can reduce important analyses (e.g. conflict analysis) to checks of policy refinement.
The PDF is a preliminary version of the final version of the paper.
pubs.doc.ic.ac.uk: built & maintained by Ashok Argent-Katwala.