
By Achim D. Brucker, Lukas Brügger, and Burkhart Wolff.
We present the Unified Policy Framework (UPF), a generic framework for modelling security (access control) policies. UPF emphasizes the view that a policy is a policy decision function that grants or denies access to resources, permissions, etc. In other words, instead of modelling the relations of permitted or prohibited requests directly, we model the concrete function that implements the policy decision point in a system. In more detail, UPF is based on the following four principles: 1) Functional representation of policies, 2) No conflicts are possible, 3) Three-valued decision type (allow, deny, undefined), 4) Output type not containing the decision only.
Please cite this work as follows: A. D. Brucker, L. Brügger, and B. Wolff, “The unified policy framework (UPF),” Archive of Formal Proofs, Nov. 2014. https://www.isa-afp.org/entries/UPF.shtml, Formal proof development. Author copy: https://logicalhacking.com/publications/brucker.ea-upf-2014/
@Article{ brucker.ea:upf:2014,
author = {Achim D. Brucker and Lukas Br{\"u}gger and Burkhart Wolff},
title = {The Unified Policy Framework ({UPF})},
journal = {Archive of Formal Proofs},
month = {sep},
year = {2014},
date = {2014-11-28},
note = {\url{https://www.isa-afp.org/entries/UPF.shtml}, Formal proof
development. \url{https://logicalhacking.com/publications/brucker.ea-upf-2014/}},
Author copy: issn = {2150-914x},
abstract = {We present the Unified Policy Framework (UPF), a generic
framework for modelling security (access control) policies.
UPF emphasizes the view that a policy is a policy decision
function that grants or denies access to resources,
permissions, etc. In other words, instead of modelling the
relations of permitted or prohibited requests directly, we
model the concrete function that implements the policy
decision point in a system. In more detail, UPF is based on
the following four principles: 1) Functional representation of
policies, 2) No conflicts are possible, 3) Three-valued
decision type (allow, deny, undefined), 4) Output type not
containing the decision only.},filelabel = {Outline},
file = {download/2014/brucker.ea-upf-outline-2014.pdf},
areas = {formal methods, security},
pdf = {https://logicalhacking.com/publications/brucker.ea-upf-2014/brucker.ea-upf-2014.pdf},
}