文章基本信息

标题：Access Control Policy: A Framework to Enforce Recommendations
本地全文：下载
作者：Nada Essaouini ; Anas Abou El Kalam ; Abdellah Ait Ouahman 等
期刊名称：International Journal of Computer Science and Information Technologies
电子版ISSN：0975-9646
出版年度：2011
卷号：2
期号：5
页码：2452-2463
出版社：TechScience Publications
摘要：Access control policies are generally modelled using permission, prohibition, and obligation rules. However, this does not cover all possible scenarios as several applications have recommendation rules. In this paper, we provide a formal framework to express and to enforce recommendations. More precisely, our framework allows to express recommendation rules that become requirements over time. Furthermore, we give the specification of the policy controller behavior in charge of evaluating such a policy. Basically, in our formalization, a recommendation is asso ciated with three conditions. The first one triggers the recommendation: when this condition is true, a notification is sent to the user to carry out an action satisfying the recommendation. The second condition is the recall deadline that determines when the next notification will be sent if the user has not perform the access satifying the recommendation. The third condition determines when a recommendation could become a requirement.
关键词：Information systems security; access control policy;temporary logic of actions