Negotiation of Prohibition: An Approach Based on Policy Rewriting

13 years 1 months ago
Negotiation of Prohibition: An Approach Based on Policy Rewriting
Abstract. In recent security architectures, it is possible that the security policy is not evaluated in a centralized way but requires negotiation between the subject who is requesting the access and the access controller. This negotiation is generally based on exchanging credentials between the parties so that the access controller can decide to accept or deny the requesting access. Previous proposals in this field generally implicitly or explicitly assume that the access control policy only contains permissions. In this paper, we present a new approach of negotiation when the security policy contains both permissions and prohibitions. In this case, we claim that it would not be fair to ask for credentials to directly activate prohibitions. Thus, our approach consists in rewriting the policy into an equivalent one that only contain permissions. Since the rewritten policy specifies negative conditions, we then show how to define strategies to negotiate these negative conditions.
Nora Cuppens-Boulahia, Frédéric Cupp
Added 30 Oct 2010
Updated 30 Oct 2010
Type Conference
Year 2008
Where SEC
Authors Nora Cuppens-Boulahia, Frédéric Cuppens, Diala Abi Haidar, Hervé Debar
Comments (0)