Team for Research in
Ubiquitous Secure Technology

ARSL: A Language for Authorization Rule Specification in Software Security
Weider D. Yu, Ellora Nayak

Citation
Weider D. Yu, Ellora Nayak. "ARSL: A Language for Authorization Rule Specification in Software Security". The 11th IEEE International Symposium on Computers and Communications, 54-62, June, 2006.

Abstract
Web services constitute an important part of distributed applications, providing flexibility in the development of distributed applications. One of the key challenges in Web Service security is to determine whether an authenticated user has access to only those services for which he has authorization. Since all authorization patterns for accessing resources cannot be anticipated and hence the access rules cannot be defined beforehand, implementing authorization becomes a concern. This paper describes an approach aimed at a more generalized and reusable solution which provides the flexibility to handle authorization rule updates in real time. The authorization framework is complemented by ARSL (Authorization Rule Specification Language), which is based on predicate logic.

Electronic downloads


(No downloads are available for this publication.)
Citation formats  
  • HTML
    Weider D. Yu, Ellora Nayak. <a
    href="http://www.truststc.org/pubs/194.html"
    >ARSL: A Language for Authorization Rule Specification in
    Software Security</a>, The 11th IEEE International
    Symposium on Computers and Communications, 54-62, June, 2006.
  • Plain text
    Weider D. Yu, Ellora Nayak. "ARSL: A Language for
    Authorization Rule Specification in Software Security".
    The 11th IEEE International Symposium on Computers and
    Communications, 54-62, June, 2006.
  • BibTeX
    @inproceedings{YuNayak06_ARSLLanguageForAuthorizationRuleSpecificationInSoftware,
        author = {Weider D. Yu and Ellora Nayak},
        title = {ARSL: A Language for Authorization Rule
                  Specification in Software Security},
        booktitle = {The 11th IEEE International Symposium on Computers
                  and Communications},
        pages = {54-62},
        month = {June},
        year = {2006},
        abstract = {Web services constitute an important part of
                  distributed applications, providing flexibility in
                  the development of distributed applications. One
                  of the key challenges in Web Service security is
                  to determine whether an authenticated user has
                  access to only those services for which he has
                  authorization. Since all authorization patterns
                  for accessing resources cannot be anticipated and
                  hence the access rules cannot be defined
                  beforehand, implementing authorization becomes a
                  concern. This paper describes an approach aimed at
                  a more generalized and reusable solution which
                  provides the flexibility to handle authorization
                  rule updates in real time. The authorization
                  framework is complemented by ARSL (Authorization
                  Rule Specification Language), which is based on
                  predicate logic.},
        URL = {http://www.truststc.org/pubs/194.html}
    }
    

Posted by Weider D. Yu on 10 Mar 2007.
For additional information, see the Publications FAQ or contact webmaster at www truststc org.

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.