Use this URL to cite or link to this record in EThOS:
Title: Authoring access control policies with controlled natural language
Author: Shi, Leilei
Awarding Body: University of Kent
Current Institution: University of Kent
Date of Award: 2011
Availability of Full Text:
Access from EThOS:
This thesis is based on the research carried out under the EPSRC-funded EEAP project and the EC-funded TAS3 project. The research aimed to develop a technique enabling users to write access control policies in natural language. One of the main intentions of the research was to help non- technical users overcome the difficulty of understanding the security policy authoring within computer languages. Policies are relatively easy for humans to specify in natural language, but are much more difficult for them to specify in computer based languages e.g. XML. Consequently humans usually need some sort of Human Computer Interface (HCI) in order to ease the task of policy specification. The usual solution to this problem is to devise a Graphical User Interface (GUI) that is relatively easy for humans to use, and that is capable of converting the chosen icons, menu items and entered text strings into the computer based policy language. However, users still have to learn how to use the GUI, and this can be difficult for them, especially for novice users. This thesis describes the research that was performed in order to allow human I users to specify access control policies using a subset of English called Controlled Natural Language (CNL). The CNL was designed for the task of authoring access control policies based on the Role Based Access Control (RBAC) model, with enhancements for a distributed environment. An ontology was made as a common representation of policies from different languages. As the result of the research, the author has designed and implemented an interface enabling users to author access control policies in the CNL. The policy in CNL can be converted to a policy in one of several machine language formats, so that it can be automatically enforced by a Policy Enforcement Point (PEP) and Policy Decision Point (PDP). The design is modular and a set of APIs have been specified, so that new modules can be added or existing modules can be extended in functionality or replaced.
Supervisor: Not available Sponsor: Not available
Qualification Name: Thesis (Ph.D.) Qualification Level: Doctoral
EThOS ID:  DOI: Not available