Sciweavers

POLICY
2004
Springer

Cassandra: Distributed Access Control Policies with Tunable Expressiveness

13 years 9 months ago
Cassandra: Distributed Access Control Policies with Tunable Expressiveness
We study the specification of access control policy in large-scale distributed systems. Our work on real-world policies has shown that standard policy idioms such as role hierarchy or role delegation occur in practice in many subtle variants. A policy specification language should therefore be able to express this variety of features smoothly, rather than add them as specific features in an ad hoc way, as is the case in many existing languages. We present Cassandra, a role-based trust management system with an elegant and readable policy specification language based on Datalog with constraints. The expressiveness (and computational complexity) of the language can be adjusted by choosing an appropriate constraint domain. With just five special predicates, we can easily express a wide range of policies including role hierarchy, role delegation, separation of duties, cascading revocation, automatic credential discovery and trust negotiation. Cassandra has a formal semantics for quer...
Moritz Y. Becker, Peter Sewell
Added 02 Jul 2010
Updated 02 Jul 2010
Type Conference
Year 2004
Where POLICY
Authors Moritz Y. Becker, Peter Sewell
Comments (0)