%0 Conference Proceedings
%T Modelling Dynamic Access Control Policies for Web-Based Collaborative Systems
%+ School of Computer Science [Birmingham]
%A Qunoo, Hasan
%A Ryan, Mark
%< avec comité de lecture
%( Lecture Notes in Computer Science
%B 24th Annual IFIP WG 11.3 Working Conference on Data and Applications Security and Privacy (DBSEC)
%C Rome, Italy
%Y Sara Foresti; Sushil Jajodia
%I Springer
%3 Data and Applications Security and Privacy XXIV
%V LNCS-6166
%P 295-302
%8 2010-06-21
%D 2010
%R 10.1007/978-3-642-13739-6_20
%Z Computer Science [cs]/Digital Libraries [cs.DL]Conference papers
%X We present a modelling language, called X-Policy, for web-based collaborative systems with dynamic access control policies. The access to resources in these systems depends on the state of the system and its configuration. The X-Policy language models systems as a set of actions. These actions can model system operations which are executed by users. The X-Policy language allows us to specify execution permissions on each action using complex access conditions which can depend on data values, other permissions, and agent roles. We demonstrate that X-Policy is expressive enough to model collaborative conference management systems. We model the EasyChair conference management system and we reason about three security attacks on EasyChair.
%G English
%2 https://inria.hal.science/hal-01056680/document
%2 https://inria.hal.science/hal-01056680/file/_49.pdf
%L hal-01056680
%U https://inria.hal.science/hal-01056680
%~ IFIP-LNCS
%~ IFIP
%~ IFIP-LNCS-6166
%~ IFIP-TC
%~ IFIP-WG
%~ IFIP-TC11
%~ IFIP-WG11-3
%~ IFIP-DBSEC
%~ IFIP-2010