Vinícius Julião Ramos, Alexander Holmquist, Fernando Magno Quintão Pereira
{"title":"Hapi: A domain-specific language for the declaration of access policies","authors":"Vinícius Julião Ramos, Alexander Holmquist, Fernando Magno Quintão Pereira","doi":"10.1016/j.cola.2022.101153","DOIUrl":null,"url":null,"abstract":"<div><p><span>Access policies specify what are the actions that different actors can perform on available resources. Access policies are a core notion in multiuser environments<span>, such as operating systems and distributed databases. Currently, most of these systems use general data specification languages, such as JSON, XML and YAML to describe access policies. Yet, domain-specific languages are also available for this task. One of such languages is </span></span><span>Legalease</span>, from Microsoft. This paper presents a new version of <span>Legalease</span>, called <span>Hapi</span>. <span>Hapi</span> replaces <span>Legalease</span>’s notion of a lattice with a partially ordered set (poset). Posets improve the expressivity of <span>Legalease</span>, at the expenses of a more expensive verification algorithm. This poset-based representation generalizes the notion of actors, actions and resources to user-defined entities. <span>Hapi</span> is publicly available. Its distribution includes a policy visualizer and a code-compression tool to efficiently store specifications.</p></div>","PeriodicalId":48552,"journal":{"name":"Journal of Computer Languages","volume":"72 ","pages":"Article 101153"},"PeriodicalIF":1.7000,"publicationDate":"2022-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Computer Languages","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2590118422000508","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, SOFTWARE ENGINEERING","Score":null,"Total":0}
引用次数: 1
Abstract
Access policies specify what are the actions that different actors can perform on available resources. Access policies are a core notion in multiuser environments, such as operating systems and distributed databases. Currently, most of these systems use general data specification languages, such as JSON, XML and YAML to describe access policies. Yet, domain-specific languages are also available for this task. One of such languages is Legalease, from Microsoft. This paper presents a new version of Legalease, called Hapi. Hapi replaces Legalease’s notion of a lattice with a partially ordered set (poset). Posets improve the expressivity of Legalease, at the expenses of a more expensive verification algorithm. This poset-based representation generalizes the notion of actors, actions and resources to user-defined entities. Hapi is publicly available. Its distribution includes a policy visualizer and a code-compression tool to efficiently store specifications.