@inproceedings{72ae8f54981f48b09e03802f4ec1a547,
title = "PolicyMorph: Interactive policy transformations for a logical attribute-based access control framework",
abstract = "Constraint systems provide techniques for automatically analyzing the conformance of low-level access control policies to high-level business rules formalized as logical constraints. However, there are likely to be priorities for solutions that are not easy to encode formally, so administrator input is often important. This paper introduces PolicyMorph, a constraint system that supports interactive development and maintenance of access control policies that respect both formalized and un-formalized business rules and priorities. We provide a mathematical description of the system and an architecture for implementing it. We constructed a prototype that is validated using a case study in which constraints are imposed on a building automation system that controls door locks. PolicyMorph advances the state-of-the-art in constraint systems by suggesting predictable policy model modifications that will resolve specific constraint violations and then allowing policy administrators to select the appropriate modifications using knowledge that is not formally encoded in the constraint system.",
keywords = "Attribute based access control, Constraints, Policy administration, Separation of duty",
author = "Michael Lemay and Omid Fatemieh and Carl Gunter",
year = "2007",
doi = "10.1145/1266840.1266874",
language = "English (US)",
isbn = "1595937455",
series = "Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT",
publisher = "Association for Computing Machinery",
pages = "205--214",
booktitle = "SACMAT'07",
address = "United States",
note = "SACMAT'07: 12th ACM Symposium on Access Control Models and Technologies ; Conference date: 20-06-2007 Through 22-06-2007",
}