• Sandro Etalle
  • Timothy L. Hinrichs
  • Adam J. Lee
  • Daniel Trivellato
  • Nicola Zannone

Tag-Based Authorization (TBA) is a hybrid access control model that combines the ease of use of extensional access control models with the expressivity of logic-based formalisms. The main limitation of TBA is that it lacks support for policy administration. More precisely, it does not allow policy-writers to specify administrative policies that constrain the tags that users can assign, and to verify the compliance of assigned tags with these policies. In this paper we introduce TBA2 (Tag-Based Authorization & Administration), an extension of TBA that enables policy administration in distributed systems. We show that TBA2 is more expressive than TBA and than two reference administrative models proposed in the literature, namely HRU and ARBAC97.

Original languageEnglish
Title of host publicationFoundations and Practice of Security
Subtitle of host publication5th International Symposium, FPS 2012, Revised Selected Papers
Number of pages18
ISBN (Electronic)978-3-642-37119-6
ISBN (Print)978-3-642-37118-9
Publication statusPublished - 2013
Externally publishedYes
Event5th International Symposium on Foundations and Practice of Security, FPS 2012 - Montreal, QC, Canada
Duration: 25 Oct 201226 Oct 2012

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume7743 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Conference5th International Symposium on Foundations and Practice of Security, FPS 2012
CityMontreal, QC

    Research areas

  • access control, auditing, policy administration

ID: 32865427