Management of Exceptions on Access Control Policies

Download Now
Provided by: Universitat Kassel
Topic: Security
Format: PDF
The use of languages based on positive or negative expressiveness is very common for the deployment of security policies (i.e., deployment of permissions and prohibitions on firewalls through singlehanded positive or negative condition attributes). Although these languages may allow one to specify any policy, the single use of positive or negative statements alone leads to complex configurations when excluding some specific cases of general rules that should always apply. In this paper, the authors survey such a management and study existing solutions, such as ordering of rules and segmentation of condition attributes, in order to settle this lack of expressiveness.
Download Now

Find By Topic