Title: Access control policies and languages

Authors: Sabrina De Capitani Di Vimercati, Sara Foresti, Pierangela Samarati, Sushil Jajodia

Addresses: DTI, Universita degli Studi di Milano, 26013 Crema, Italy. ' DTI, Universita degli Studi di Milano, 26013 Crema, Italy. ' DTI, Universita degli Studi di Milano, 26013 Crema, Italy. ' George Mason University, Fairfax, VA 22030-4444, USA

Abstract: Access control is the process of mediating every request to data and services maintained by a system and determining whether the request should be granted or denied. Expressiveness and flexibility are top requirements for an access control system together with, and usually in conflict with, simplicity and efficiency. In this paper, we discuss the main desiderata for access control systems and illustrate the main characteristics of access control solutions.

Keywords: authorisation hierarchies; positive authorisation; negative authorisation; attribute-based access control.

DOI: 10.1504/IJCSE.2007.015739

International Journal of Computational Science and Engineering, 2007 Vol.3 No.2, pp.94 - 102

Published online: 11 Nov 2007 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article