Logo image
Back
A policy language for abstraction and automation in application-oriented access controls: The Functionality-based application confinement policy language
Conference paper   Open access

A policy language for abstraction and automation in application-oriented access controls: The Functionality-based application confinement policy language

Z.C. Schreuders, C. Payne and T.J. McGill
Information and Communications Security, pp.113-116
IEEE
IEEE International Symposium on Policies for Distributed Systems and Networks (POLICY 2011) (Pisa, Italy, 06/06/2011–08/06/2011)
2011
DOI: https://doi.org/10.1007/978-3-540-88625-9_14
pdf
Policy_Language.pdfDownloadView
Author’s Version Open Access
url
Link to Published Version *Subscription may be requiredView
url
Conference WebsiteView

Abstract

This paper presents a new policy language, known as functionality-based application confinement policy language (FBAC-PL). FBAC-PL takes a unique approach to expressing application-oriented access control policies. Policies for restricting applications are defined in terms of the features applications provide, by means of parameterised and hierarchical policy abstractions known as functionalities. Policies also include metadata for management and the automation of policy specification. The result is a novel scheme for application confinement policy that reuses, encapsulates and abstracts policy details, and facilitates a priori policy specification: that is, without having to rely solely on learning modes for creating policies to restrict applications. This paper presents the policy language, and illustrates its use with examples. A Linux-based implementation, which uses FBAC-PL, has demonstrated that this approach can overcome policy complexity and usability issues of previous schemes.

Details

Metrics

266 File views/ downloads
47 Record Views
Logo image