Integrated constraints and inheritance in DTAC

Jonathon E. Tidswell, Trent Ray Jaeger

Research output: Contribution to journalArticle

16 Citations (Scopus)

Abstract

Inheritance and constraints are two common techniques for safely managing the complexity of large access control configurations. Inheritance is used to help factor the model, while constraints are used to help ensure that the complexity will not result in an unsafe configuration arising in the future evolution of the system. In this paper we develop an integrated mathematical approach to defining both inheritance and constraints in the dynamically typed access control (DTAC) model. In the process we identify several useful relationships among DTAC objects. The combination of DTAC and our new relationships allow us to graphically construct a greater variety and complexity of efficiently verifiable separation of duty constraints than any other model we are aware of.

Original languageEnglish (US)
Pages (from-to)93-102
Number of pages10
JournalProceedings of the ACM Workshop on Role-Based Access Control
StatePublished - 2000

Fingerprint

Access control

All Science Journal Classification (ASJC) codes

  • Computer Science(all)

Cite this

@article{d79caf7f63864ae3a1c7839b8190a0a8,
title = "Integrated constraints and inheritance in DTAC",
abstract = "Inheritance and constraints are two common techniques for safely managing the complexity of large access control configurations. Inheritance is used to help factor the model, while constraints are used to help ensure that the complexity will not result in an unsafe configuration arising in the future evolution of the system. In this paper we develop an integrated mathematical approach to defining both inheritance and constraints in the dynamically typed access control (DTAC) model. In the process we identify several useful relationships among DTAC objects. The combination of DTAC and our new relationships allow us to graphically construct a greater variety and complexity of efficiently verifiable separation of duty constraints than any other model we are aware of.",
author = "Tidswell, {Jonathon E.} and Jaeger, {Trent Ray}",
year = "2000",
language = "English (US)",
pages = "93--102",
journal = "Proceedings of the ACM Workshop on Role-Based Access Control",

}

Integrated constraints and inheritance in DTAC. / Tidswell, Jonathon E.; Jaeger, Trent Ray.

In: Proceedings of the ACM Workshop on Role-Based Access Control, 2000, p. 93-102.

Research output: Contribution to journalArticle

TY - JOUR

T1 - Integrated constraints and inheritance in DTAC

AU - Tidswell, Jonathon E.

AU - Jaeger, Trent Ray

PY - 2000

Y1 - 2000

N2 - Inheritance and constraints are two common techniques for safely managing the complexity of large access control configurations. Inheritance is used to help factor the model, while constraints are used to help ensure that the complexity will not result in an unsafe configuration arising in the future evolution of the system. In this paper we develop an integrated mathematical approach to defining both inheritance and constraints in the dynamically typed access control (DTAC) model. In the process we identify several useful relationships among DTAC objects. The combination of DTAC and our new relationships allow us to graphically construct a greater variety and complexity of efficiently verifiable separation of duty constraints than any other model we are aware of.

AB - Inheritance and constraints are two common techniques for safely managing the complexity of large access control configurations. Inheritance is used to help factor the model, while constraints are used to help ensure that the complexity will not result in an unsafe configuration arising in the future evolution of the system. In this paper we develop an integrated mathematical approach to defining both inheritance and constraints in the dynamically typed access control (DTAC) model. In the process we identify several useful relationships among DTAC objects. The combination of DTAC and our new relationships allow us to graphically construct a greater variety and complexity of efficiently verifiable separation of duty constraints than any other model we are aware of.

UR - http://www.scopus.com/inward/record.url?scp=0033661309&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=0033661309&partnerID=8YFLogxK

M3 - Article

SP - 93

EP - 102

JO - Proceedings of the ACM Workshop on Role-Based Access Control

JF - Proceedings of the ACM Workshop on Role-Based Access Control

ER -