Paulo Ferreira - Academia.edu (original) (raw)

Uploads

Papers by Paulo Ferreira

Research paper thumbnail of A Policy-Oriented Language for Expressing Security Specifications

Int. J. Netw. Secur., 2007

Organizations' authorization policies are usually described by access control rules enforced ... more Organizations' authorization policies are usually described by access control rules enforced on each protected object scattered all over the organization. Having a single global security policy specification would promote both security clarity and coherency [4, 9, 18, 31, 37]. Having a single security model for the whole organization, a single point of management and enforcement with a innumerous set of unknown users, does not scale well. However, both the policy enforcement and the mapping of unknown users to known entities [28] can be decoupled from the specification; thus, having a single global security policy decoupled from the enforcement and from the mapping of unknown users promotes clarity and coherency without compromising scalability. This work presents a security policy language which is able to express simultaneously many different types of models, which is essential to handle all the policies used on a complex organization. The proposed language can express the con...

Research paper thumbnail of A Policy-Oriented Language for Expressing Security Specifications

Int. J. Netw. Secur., 2007

Organizations' authorization policies are usually described by access control rules enforced ... more Organizations' authorization policies are usually described by access control rules enforced on each protected object scattered all over the organization. Having a single global security policy specification would promote both security clarity and coherency [4, 9, 18, 31, 37]. Having a single security model for the whole organization, a single point of management and enforcement with a innumerous set of unknown users, does not scale well. However, both the policy enforcement and the mapping of unknown users to known entities [28] can be decoupled from the specification; thus, having a single global security policy decoupled from the enforcement and from the mapping of unknown users promotes clarity and coherency without compromising scalability. This work presents a security policy language which is able to express simultaneously many different types of models, which is essential to handle all the policies used on a complex organization. The proposed language can express the con...

Log In