Citations: Spl: An access control language for security policies with complex constraints

17 citations found. Retrieving documents...

C. Ribeiro and P. Guedes. Spl: An access control language for security policies with complex constraints, 1999.

Home/Search Document Details and Download Summary Related Articles Check

This paper is cited in the following contexts:

A Framework for Modeling Privacy Requirements in Role Engineering - He, Anton (Correct)

....PII (Personally Identifiable Information) without consent, obtaining consent is a condition that must be satisfied if an organization wants to disclose PII. Conditions are not solely for privacy protection. In security enforcement, conditions are usually modeled as authorization consmints [RZF01 ]. 3.3. Obligations Obligations are actions that must be carded out if a request to access data is granted. For example, in goal, G49: REQUIRE affiliates to destroy customer data after service are completed, destroy customer data is an obligation for affiliates. In current website privacy ....

....from 23 websites privacy policies during the goal mining exercises [AE03] The above example is the only one we identified that involves obligations out of 171 privacy goals. Obligation based security policies can be enforced if they can be completely resolved within an atomic execution [RZF01]. However, with respect to the obligations in privacy policies, they are usually not an immediate action as the previous sample policy has shown. In most cases, it is a task or an action that should be executed in the future. Therefore, monitoring and auditing the execution of privacy obligations ....

C. N. Ribeiro, A. Zuquete, P. Ferreira, and P. Guedes. SPL: An Access Control Language for Security Policies with Complex Constraints, Proc. of Network and Distributed System Security Symposium (NDSS'01), pp. 89-107, 2001.

A Privacy Policy Model for Enterprises - Karjoth, Schunter (2002) (1 citation) (Correct)

....such as [2, 8] for example, are very expressive and flexible to use, they do not support all required elements of a privacy policy. Therefore we implemented our privacy language within the Flexible Authorization Framework (FAF) 8] enriched with the notions of grantors [2, 15] and obligations [7, 11]. Conditions impose restrictions on the use of the collected data, such as modeling guardian consent and options, or narrowing the set of accessing principals. Access decisions are extended with obligations, which list a set of activities that must be executed together with the access request. ....

....the customer must still be notified of this information sharing. Such notifications may be delayed, as in the case of law enforcement access, but not omitted [1] Obligation based security policies can be enforced by reference monitors if they can be completely resolved inside an atomic execution [11]. Thus, their (future) execution relies on the application that provides a transactional environment. But privacy obligations may be independent from the application logic, and thus might require their own transactional environment. However, if there are compensatory actions [3] for obligations, ....

C. N. Ribeiro, A. Z uquete, P. Ferreira, and P. Guedes. SPL: An access control language for security policies with complex constraints. In Network and Distributed System Security Symposium (NDSS'01), pages 89--107, 2001.

OBIWAN: Design and Implementation of a - Middleware Platform Paulo (2003) Self-citation (Ribeiro Ferreira) (Correct)

No context found.

C. Ribeiro, A. Zu quete, P. Ferreira, and P. Guedes, "SPL: An Access Control Language for Security Policies with Complex Constraints," Proc. Network and Distributed System Security Symp., Feb. 2001.

Unknown - Self-citation (Ribeiro) (Correct)

No context found.

C. RIBEIRO, A. Z UQUETE, P. FERREIRA, AND P. GUEDES, Spl: An access control language for security policies with complex constraints, in Network and Distributed System Security Symposium (NDSS'01), San Diego, California, Feb. 2001.

Verifying Workflow Processes against Organization Security.. - Ribeiro, Guedes (1999) Self-citation (Ribeiro Guedes) (Correct)

....deal with several policies. Although several security policies have been proposed in the literature, none satisfies simultaneously all the security needs of all domains in most organizations. These organizations are the ideal environment for multi policy platforms like the one we have proposed in [1]. This multi policy platform is based on a security policy language (SPL) which is flexible enough to express several complex policies simultaneously and is simple enough to be implemented by an event monitor. In order to solve conflicts between policies, the platform disposes policies over a ....

....Some of the entities manipulated by SPL are policy Private( user set OrganizationUsers ) object set InternalDocs: Policy data Private: Rule name. event.action = SendEmail Applicability event.target IN InternalDocs expression. Separation marker. event.parameter[1] IN OrganizationUsers Aceptability expression. Figure 2: Simple policy defining that objects belonging to InternalDocs can only be sent to users belonging to OrganizationUsers. internal to SPL, like rules and policies, but most are external, like users, files actions, objects and ....

[Article contains additional citation context not shown here]

Carlos Ribeiro and Paulo Guedes, "Spl: An access control language for security policies with complex constraints, " Tech. Rep. RT/0001/99, INESC, Jan. 1999.

Verifying Workflow Processes against Organization Security.. - Ribeiro, Guedes (1999) Self-citation (Ribeiro Guedes) (Correct)

.... specification written in a generic and flexible security language (SPL) can be checked for inconsistencies with a workflow specification written in an off the shelf workflow process definition language, namely WPDL (Workflow Process Definition language) 8] 2 Security language (SPL) SPL [6] is a security language designed to express policies that aim to decide about the acceptability of events. The acceptability of each event depends on the properties of the event (e.g. author, target and action) on the context at that time and on the properties of past and future events. SPL ....

C. Ribeiro and P. Guedes. Spl: An access control language for security policies with complex constraints. Technical Report RT/0001/99, INESC, Jan. 1999.

Security Policy Consistency - Ribeiro, Zuquete, Ferreira, Guedes (2000) Self-citation (Ribeiro Guedes) (Correct)

....di#erent access control policies. Moreover, policies are often scattered over di#erent environments, making understanding and managing of global policies much more di#cult. Recently there has been a considerable interest in environments that support multiple and complex access control policies, [5, 11, 16, 13]. The goal of these environments is to provide support for the definition of all the policies that makes up the global security policy of an organization into one single platform, thus simplifying management and consistency maintenance. Some of these environments provide mechanisms to solve ....

.... to decide upon the acceptability of an action whenever a conflict arises [11] others use properties such as authorship , specificity and recency of security policies to decide on their priority [5, 12] or combine policies through special operators which decide on the policies applicability [13]. These mechanisms are used to solve conflicts resulting from the existence of implicit rules in common language. For instance, a user specifies that all his files should not be read by any one else, and simultaneously, he specifies that the files with information about a particular project ....

[Article contains additional citation context not shown here]

C. Ribeiro and P. Guedes. Spl: An access control language for security policies with complex constraints. Technical Report RT/0001/99, INESC, Jan. 1999.

How to Exploit Ontologies in Trust Negotiation - Travis Leithead Wolfgang (Correct)