Abstract
New security and privacy enhancing technologies are demanded in the new information and communication environments where a huge number of computers interact with each other in a distributed and ad hoc manner to access various resources. In this paper, we focus on access control because this is the underlying core technology to enforce security and privacy. Access control decides permit or deny according to access control policies. Since notations of policies are specialized in each system, it is difficult to ensure consistency of policies that are stated in different notations. In this paper, we propose a readable notation for policies by adopting the concept of feature structures, which has mainly been used for parsing in natural language processing. Our proposed notation is also logically well-founded, which guarantees strict access control decisions, and expressive in that it returns not only a binary value of permit or deny but also various result values through the application of partial order relations of the security risk level. We illustrate the effectiveness of our proposed method using examples from P3P.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Capretta, V., Stepien, B., Felty, A., Matwin, S.: Formal correctness of conflict detection for firewalls. In: Proceedings of the 2007 ACM Workshop on Formal Methods in Security Engineering, FMSE 2007, pp. 22–30. ACM, New York (2007)
Cranor, L.: P3P: Making privacy policies more useful. IEEE Security & Privacy 1(6), 50–55 (2003)
Denning, D.E.: A lattice model of secure information flow. ACM Commun. 19(5), 236–243 (1976)
Halpern, J.Y., Weissman, V.: Using first-order logic to reason about policies. ACM Trans. Inf. Syst. Secur. 11(4), 1–41 (2008)
Karjoth, G., Schunter, M., Herreweghen, E.V., Waidner, M.: Amending P3P for clearer privacy promises. In: Proceedings of the 14th International Workshop on Database and Expert Systems Applications, DEXA 2003, pp. 445–449. IEEE Computer Society, Washington, DC (2003)
Kasper, R.T., Rounds, W.C.: A logical semantics for feature structures. In: Proceedings of the 24th Annual Meeting on Association for Computational Linguistics, pp. 257–266. Association for Computational Linguistics, Morristown (1986)
May, M.J., Gunter, C.A., Lee, I., Zdancewic, S.: Strong and weak policy relations. In: Proceedings of the 2009 IEEE International Symposium on Policies for Distributed Systems and Networks, POLICY 2009, pp. 33–36. IEEE Computer Society, Washington, DC (2009)
Ni, Q., Trombetta, A., Bertino, E., Lobo, J.: Privacy-aware role based access control. In: Proceedings of the 12th ACM Symposium on Access Control Models and Technologies, SACMAT 2007, pp. 41–50. ACM, New York (2007)
Organization for the Advancement of Structured Information Standards (OASIS): Extensible Access Control Markup Language (XACML), http://xml.coverpages.org/xacml.html
Sandhu, R.S.: Lattice-based access control models. Computer 26(11), 9–19 (1993)
Walker, D.D., Mercer, E.G., Seamons, K.E.: Or best offer: A privacy policy negotiation protocol. In: Proceedings of the 2008 IEEE International Symposium on Policies for Distributed Systems and Networks, POLICY 2008, pp. 173–180. IEEE Computer Society, Washington, DC (2008)
World Wide Web Consortium (W3C): P3P: The Platform for Privacy Preferences, http://www.w3.org/P3P/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Fujita, K., Tsukada, Y. (2011). A Notation for Policies Using Feature Structures. In: Garcia-Alfaro, J., Navarro-Arribas, G., Cavalli, A., Leneutre, J. (eds) Data Privacy Management and Autonomous Spontaneous Security. DPM SETOP 2010 2010. Lecture Notes in Computer Science, vol 6514. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-19348-4_11
Download citation
DOI: https://doi.org/10.1007/978-3-642-19348-4_11
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-19347-7
Online ISBN: 978-3-642-19348-4
eBook Packages: Computer ScienceComputer Science (R0)