Most of today's information systems are quite complex and often involve multi-user resource-sharing. In such a system, authorization policies are needed to ensure that the information flows in the desired way and to prevent illegal access to the system resource. Overall, authorization policies provide the ability to limit and control accesses to systems, applications and information. These policies need to be updated to capture the changing requirements of applications, systems and users. These updatings are implemented through the transformation of authorization policies. In this thesis, the author proposes a logic based formal approach to specifying authorization policies and to reason about the transformation and sequence of transformations of authorization policies and its application in object oriented databases. The author defines the structure of the policy transformation and employs model-based semantics to perform the transformation under the principle of minimum change. The language is modified to consider a sequence of authorization policy transformations. It handles more complex transformations and solves certain problems. The language is able to represent incomplete information, default authorizations and allows denials to be expressed explicitly. The proposed language is used to specify a variety of well known access control policies such as static separation of duty, dynamic separation of duty and Chinese wall security policy. The authorization formalization is also applied to object oriented databases. / Doctor of Philosophy (PhD)
Identifer | oai:union.ndltd.org:ADTP/235907 |
Date | January 2000 |
Creators | Bai, Yun, University of Western Sydney, Nepean, School of Computing and Information Technology |
Source Sets | Australiasian Digital Theses Program |
Language | English |
Detected Language | English |
Source | THESIS_XXX_CIT_Bai_Y.xml |
Page generated in 0.009 seconds