Databases Reference
In-Depth Information
•
Subtraction
(
). It deletes from a first policy, all the authorizations spec-
ified in a second policy.
−
[[
P
2
]]
e
Intuitively, subtraction operator is used to handle exceptions, and has the
same functionalities of negative authorizations in existing approaches. It
does not generate conflicts since
P
1
prevails on
P
2
by default.
[[
P
1
−
P
2
]]
e
= [
P
1
]]
e
\
•
Closure
(
∗
). It closes a policy under a set of derivation rules.
R
]]
e
=
closure
(
R,
[[
P
]]
e
)
The closure of policy
P
under derivation rules
R
produces a new policy
that contains all the authorizations in
P
and those that can be derived
evaluating
R
on
P
, according to a given semantics. The derivation rules
in
R
can enforce, for example, an authorization propagation along a pre-
defined subject or object hierarchy.
[[
P
∗
Scoping Restriction
(
∧
). It restricts the applicability of a policy to a given
subset of subjects, objects, and actions of the system.
[[
P
1
c
]]
e
=
•
{
t
∈
[[
P
]]
e
|
t
satisfy
c
}
where
c
is a condition. It is useful when administration entities need to
express their policy on a confined subset of subjects and/or objects (e.g.,
each ward can express policies about the doctors working in the ward).
•
Overriding
(
o
). It overrides a portion of policy
P
1
with the specifications
in policy
P
2
; the fragment that is to be substituted is specified by a third
policy
P
3
.
[[
o
(
P
1
,P
2
,P
3
)]]
e
= [(
P
1
−
P
3
)+(
P
2
&
P
3
)]]
e
•
Template
(
τ
). It defines a partially specified (i.e., parametric) policy that
can be completed by supplying the parameters.
[[
τX.P
]]
e
(
S
)= [
P
]]
e
[
S/X
]
where
S
is the set of all policies, and
X
is a parameter. Templates are
useful for representing policies as black-boxes. They are needed any time
when some components are to be specified at a later stage. For instance,
the components might be the result of a further policy refinement, or might
be specified by a different authority.
Due to the formal definition of the semantic of algebra operators, it is
possible to exploit algebra expressions to formally prove the security properties
of the obtained (composed) policy.
Once the policies have been composed through the algebraic operators
described above, for their enforcement it is necessary to provide executable
specifications compatible with different evaluation strategies. To this aim,
the authors propose the following three main strategies to translate policy
expressions into logic programs.
