The Policy Machine For Security Policy Management

Get BibTex-formatted data

Author

Hu, Vincent C., Frincke, Deborah, A., Ferraiolo, David F.

Entry type

techreport

Abstract

Many different access control policies and models have been developed to suit a variety of goals; these include Role-Based Access Control, One-directional Information Flow, Chinese Wall, Clark-Wilson, N-person Control, and DAC, in addition to more informal ad hoc policies. While each of these policies has a particular area of strength, the notational differences between these policies are substantial. As a result it is difficult to combine them, both in making formal statements about systems which are based on differing models and in using more than one access control policy model within a given system. Thus, there is a need for a unifying formalism which is general enough to encompass a range of these policies and models. In this paper, we propose an open security architecture called Policy Machine (PM) that would meet this need. We also provide examples showing how the PM specifies and enforces access control polices.

URL

http://www.springerlink.com/co ... 5dc9ht2dbgtf/fulltext.pdf

Key alpha

Organization

National Institute of Standards and Technology and Department of Computer Science of the University of Idaho

Publication Date

2001-01-01

Language

English

Subject

Policy Machine

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.

@Techreport{ Hu,
	title = "The Policy Machine For Security Policy Management",
	author = "Hu, Vincent C., Frincke, Deborah, A., Ferraiolo, David F.",
	organization = "National Institute of Standards and Technology and Department of Computer Science of the University of Idaho",
	abstract = "Many different access control policies and models have been developed to suit a variety of goals; these include Role-Based Access Control, One-directional Information Flow, Chinese Wall, Clark-Wilson, N-person Control, and DAC, in addition to more informal ad hoc policies.  While each of these policies has a particular area of strength, the notational differences between these policies are substantial.  As a result it is difficult to combine them, both in making formal statements about systems which are based on differing models and in using more than one access control policy model within a given system.  Thus, there is a need for a unifying formalism which is general enough to encompass a range of these policies and models.  In this paper, we propose an open security architecture called Policy Machine (PM) that would meet this need.  We also provide examples showing how the PM specifies and enforces access control polices.",
	language = "English",
	subject = "Policy Machine",
	url = "http://www.springerlink.com/content/00hr5dc9ht2dbgtf/fulltext.pdf",
}