Abstract
In this paper, we present a logic based approach to temporal decentralized authorization administration that supports time constrained authorization delegations, both positive and negative authorizations, and implicit authorizations. A set of domain-independent rules are given to capture the features of temporal delegation correctness, temporal conflict resolution and temporal authorization propagation along the hierarchies of subjects, objects and access rights. The basic idea is to combine these general rules with a set of domain-specific rules defined by users to derive the authorizations holding at any time in the system. In addition, some important semantic properties including the unique answer set property are further investigated.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Allen, J.F.: Towards a general theory of action and time. Artificial Intelligence 23, 123–154 (1984)
Abadi, M., Burrows, M., Lampson, B., Plotkin, G.: A calculus for access control in distributed systems. ACM Trans. on Programming Languages and Systems 15(4), 706–734 (1993)
Barker, S.: Data protection by logic programming. In: Palamidessi, C., Moniz Pereira, L., Lloyd, J.W., Dahl, V., Furbach, U., Kerber, M., Lau, K.-K., Sagiv, Y., Stuckey, P.J. (eds.) CL 2000. LNCS (LNAI), vol. 1861, pp. 1300–1314. Springer, Heidelberg (2000)
Bertino, E., Bettini, C., Ferrari, E., Samarati, P.: A temporal access control mechanism for database systems. IEEE Trans. on KDE 8(1), 67–80 (1996)
Bertino, E., Bonatti, P.A., Ferrari, E.: TRBAC: A temporal role-based access control model. ACM Trans. on Information and System Security 4(3), 191–233 (2001)
Bertino, E., Bettini, C., Ferrari, E., Samarati, P.: An access control model supporting periodicity constraints and temporal reasoning. ACM Transactions on Database Systems 23(3), 231–285 (1998)
Crampton, J., Loizou, G., O’Shea, G.: A logic of access control. The Computer Journal 44, 54–66 (2001)
Das, S.K.: Deductive databases and logic programming. Addison-Wesley Publishing Company, Reading (1992)
Gelfond, M., Lifschitz, V.: The stable model semantics for logic programming. In: Proc.5th Int. Conf. on Logic Programming, pp. 1070–1080. MIT Press, Cambridge (1988)
Gelfond, M., Lifschitz, V.: Classical negation in logic programs and disjunctive databases. New Generation Computing 9, 365–385 (1991)
Jajodia, S., Samarati, P., Subrahmanian, V.S.: A logical language for expressing authorizations. In: Proc. of the 1997 IEEE Symposium on Security and Privacy, pp. 31–42. IEEE Computer Society Press, Los Alamitos (1997)
Li, N., Feigenbaum, J., Grosof, B.N.: A Logic-Based Knowledge Representation for Authorization with Delegation. In: Proc. of the 12th IEEE Computer Security Foundations Workshop, pp. 162–174. IEEE Computer Society Press, Los Alamitos (1999)
Ruan, C., Varadharajan, V., Zhang, Y.: Logic-based reasoning on delegatable authorizations. In: Batten, L.M., Seberry, J. (eds.) ACISP 2002. LNCS, vol. 2384, pp. 185–193. Springer, Heidelberg (2002)
Woo, T., Lam, S.: Authorization in distributed systems: a formal approach. In: Proc. of IEEE on Research in Security and Privacy, pp. 33–50 (1992)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Ruan, C., Varadharajan, V., Zhang, Y. (2003). A Logic Model for Temporal Authorization Delegation with Negation. In: Boyd, C., Mao, W. (eds) Information Security. ISC 2003. Lecture Notes in Computer Science, vol 2851. Springer, Berlin, Heidelberg. https://doi.org/10.1007/10958513_24
Download citation
DOI: https://doi.org/10.1007/10958513_24
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-20176-2
Online ISBN: 978-3-540-39981-0
eBook Packages: Springer Book Archive