The Unified Policy Framework (UPF)

By Achim D. Brucker, Lukas Brügger, and Burkhart Wolff.

We present the Unified Policy Framework (UPF), a generic framework for modelling security (access control) policies. UPF emphasizes the view that a policy is a policy decision function that grants or denies access to resources, permissions, etc. In other words, instead of modelling the relations of permitted or prohibited requests directly, we model the concrete function that implements the policy decision point in a system. In more detail, UPF is based on the following four principles: 1) Functional representation of policies, 2) No conflicts are possible, 3) Three-valued decision type (allow, deny, undefined), 4) Output type not containing the decision only.

Please cite this work as follows:
A. D. Brucker, L. Brügger, and B. Wolff, “The unified policy framework (UPF),” Archive of Formal Proofs, Nov. 2014. https://www.isa-afp.org/entries/UPF.shtml, Formal proof development. Author copy: https://logicalhacking.com/publications/brucker.ea-upf-2014/

BibTeX
@Article{ brucker.ea:upf:2014,
  author    = {Achim D. Brucker and Lukas Br{\"u}gger and Burkhart Wolff},
  title     = {The Unified Policy Framework ({UPF})},
  journal   = {Archive of Formal Proofs},
  month     = {sep},
  year      = {2014},
  date      = {2014-11-28},
  note      = {\url{https://www.isa-afp.org/entries/UPF.shtml}, Formal proof
               development. 
               Author copy: \url{https://logicalhacking.com/publications/brucker.ea-upf-2014/}},
  issn      = {2150-914x},
  abstract  = {We present the Unified Policy Framework (UPF), a generic
               framework for modelling security (access control) policies.
               UPF emphasizes the view that a policy is a policy decision
               function that grants or denies access to resources,
               permissions, etc. In other words, instead of modelling the
               relations of permitted or prohibited requests directly, we
               model the concrete function that implements the policy
               decision point in a system. In more detail, UPF is based on
               the following four principles: 1) Functional representation of
               policies, 2) No conflicts are possible, 3) Three-valued
               decision type (allow, deny, undefined), 4) Output type not
               containing the decision only.},
  filelabel = {Outline},
  file      = {download/2014/brucker.ea-upf-outline-2014.pdf},
  areas     = {formal methods, security},
  pdf       = {https://logicalhacking.com/publications/brucker.ea-upf-2014/brucker.ea-upf-2014.pdf},
}