Reasoning about Multiple Access Control Configurations

  • Dangprasert, Supakit (Department of Computer Engineering, Faculty of Engineering, King Mongkut’s University of Technology Thonburi) ;
  • Permpoontanalarp,Yongyuth (Department of Computer Engineering, Faculty of Engineering, King Mongkut’s University of Technology Thonburi)
  • Published : 2002.07.01

Abstract

At present, many applications independently provide access control for their own resources, for example Web, Databases and Operating Systems, etc. Such independent access control systems result in multiple access control configurations each of which deals with the access control in its own application context. Since those multiple configurations are operated in isolation, and maintained by possibly different administrators, they are likely to be incoherent. In this paper, we propose a logical specification to reason about multiple access control configurations. Our specification can be used to detect the incoherence in multiple configurations. Furthermore, it of offers many kinds of policies for multiple configurations that can capture several kinds of requirements for multiple access control systems.

Keywords