Toggle Main Menu Toggle Search

Open Access padlockePrints

Monotonicity and Completeness in Attribute-Based Access Control

Lookup NU author(s): Dr Charles Morisset


Full text for this publication is not currently held within this repository. Alternative links are provided below where available.


There have been many proposals for access control models and authorization policy languages, which are used to inform the design of access control systems. Most, if not all, of these proposals impose restrictions on the implementation of access control systems, thereby limiting the type of authorization requests that can be processed or the structure of the authorization policies that can be specified. In this paper, we develop a formal characterization of the features of an access control model that imposes few restrictions of this nature. Our characterization is intended to be a generic framework for access control, from which we may derive access control models and reason about the properties of those models. In this paper, we consider the properties of monotonicity and completeness, the first being particularly important for attribute-based access control systems. XACML, an XML-based language and architecture for attribute-based access control, is neither monotonic nor complete. Using our framework, we define attribute-based access control models, in the style of XACML, that are, respectively, monotonic and complete.

Publication metadata

Author(s): Crampton J, Morisset C

Editor(s): Sjouke Mauw, Christian Damsgaard Jensen

Publication type: Conference Proceedings (inc. Abstract)

Publication status: Published

Conference Name: 10th International Workshop on Security and Trust Management (STM 2014)

Year of Conference: 2014

Pages: 33-48

Online publication date: 10/09/2014

Acceptance date: 01/01/1900

ISSN: 0302-9743

Publisher: Springer


DOI: 10.1007/978-3-319-11851-2_3

Library holdings: Search Newcastle University Library for this item

ISBN: 9783319118505