TY - GEN
T1 - A language driven approach to multi-system access control
AU - Davy, Steven
AU - Barron, Jason
AU - Shi, Lei
AU - Butler, Bernard
AU - Jennings, Brendan
AU - Griffin, Keith
AU - Collins, Kevin
PY - 2013
Y1 - 2013
N2 - Resource access control policies for an organization are often derived from best practice standards or from high level business policies. To ensure that access control is enforced effectively, these business policies need to be translated into deployable system configurations or lower level policies for multiple diverse systems. These target policy representations require experts to coordinate and collaborate so that business policies are fully supported. It is difficult and cumbersome to effectively ensure that all access control policies are enforced with the desired effect and in a consistent way, particularly given that there may be many people editing policies and that business policies can change over time. We present a language driven approach that abstracts access control policies into a clear and structured set of rules defined using terms familiar to a non-systems expert, which may then be realized into multiple levels of abstraction. Our proof of concept system uses Language-Driven Development (LDD) techniques to transform high level business policies into device specific policies that can be enforced by multiple access control system types. Our scenario examines the application of access control to instant messaging communications and network server access, two systems with different access control configuration languages.
AB - Resource access control policies for an organization are often derived from best practice standards or from high level business policies. To ensure that access control is enforced effectively, these business policies need to be translated into deployable system configurations or lower level policies for multiple diverse systems. These target policy representations require experts to coordinate and collaborate so that business policies are fully supported. It is difficult and cumbersome to effectively ensure that all access control policies are enforced with the desired effect and in a consistent way, particularly given that there may be many people editing policies and that business policies can change over time. We present a language driven approach that abstracts access control policies into a clear and structured set of rules defined using terms familiar to a non-systems expert, which may then be realized into multiple levels of abstraction. Our proof of concept system uses Language-Driven Development (LDD) techniques to transform high level business policies into device specific policies that can be enforced by multiple access control system types. Our scenario examines the application of access control to instant messaging communications and network server access, two systems with different access control configuration languages.
UR - https://www.scopus.com/pages/publications/84883480231
M3 - Conference contribution
AN - SCOPUS:84883480231
SN - 9783901882517
T3 - Proceedings of the 2013 IFIP/IEEE International Symposium on Integrated Network Management, IM 2013
SP - 1004
EP - 1008
BT - Proceedings of the 2013 IFIP/IEEE International Symposium on Integrated Network Management, IM 2013
T2 - 2013 IFIP/IEEE International Symposium on Integrated Network Management, IM 2013
Y2 - 27 May 2013 through 31 May 2013
ER -