The Unified Policy Framework (UPF)

@Article{ brucker.ea:upf:2014,
  author    = {Achim D. Brucker and Lukas Br{\"u}gger and Burkhart Wolff},
  title     = {The Unified Policy Framework ({UPF})},
  journal   = {Archive of Formal Proofs},
  month     = {sep},
  year      = {2014},
  date      = {2014-11-28},
  note      = {\url{https://www.isa-afp.org/entries/UPF.shtml}, Formal proof
               development. 
               Author copy: \url{https://logicalhacking.com/publications/brucker.ea-upf-2014/}},
  issn      = {2150-914x},
  abstract  = {We present the Unified Policy Framework (UPF), a generic
               framework for modelling security (access control) policies.
               UPF emphasizes the view that a policy is a policy decision
               function that grants or denies access to resources,
               permissions, etc. In other words, instead of modelling the
               relations of permitted or prohibited requests directly, we
               model the concrete function that implements the policy
               decision point in a system. In more detail, UPF is based on
               the following four principles: 1) Functional representation of
               policies, 2) No conflicts are possible, 3) Three-valued
               decision type (allow, deny, undefined), 4) Output type not
               containing the decision only.},
  filelabel = {Outline},
  file      = {download/2014/brucker.ea-upf-outline-2014.pdf},
  areas     = {formal methods, security},
  pdf       = {https://logicalhacking.com/publications/brucker.ea-upf-2014/brucker.ea-upf-2014.pdf},
}