Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Specification of Attribute Relations for Access Control Policies and Constraints Using Policy Machine

Published

Author(s)

Chung Tong Hu, David F. Ferraiolo, Serban I. Gavrila

Abstract

Attribute relations in access control mechanisms or languages allow accurate and efficient specification of some popular access control models. However, most of the access control systems including today s de-facto access control protocol and specification language, XACML, does not provide sufficient syntactic and semantic support for the specification of attribute relations in their scheme. In this paper, we show the deficiencies of XACML in specifying such capabilities in the implementations of the Multilevel Security, Hierarchical Role Based policies and Separation of Duty requirements of access control systems. In comparison, we then demonstrate the attribute relation mechanism provided by a relation-based access control mechanism the Policy Machine.
Proceedings Title
N/A
Conference Dates
August 23-25, 2010
Conference Location
Atlanta, GA
Conference Title
Sixth International Conference on Information Assurance and Security (IAS 2010)

Keywords

access control, access control model, authorization, privilege management, policy, XACML

Citation

, C. , Ferraiolo, D. and Gavrila, S. (2010), Specification of Attribute Relations for Access Control Policies and Constraints Using Policy Machine, N/A, Atlanta, GA, [online], https://doi.org/10.1109/ISIAS.2010.5604043 (Accessed December 5, 2024)

Issues

If you have any questions about this publication or are having problems accessing it, please contact reflib@nist.gov.

Created August 23, 2010, Updated November 10, 2018