Skip to main content
SpringerLink
Log in
Book cover

Logic Programs, Norms and Action pp 349–373Cite as

Logical Approaches to Authorization Policies

  • Chapter

Part of the book series: Lecture Notes in Computer Science ((LNAI,volume 7360))

Abstract

We show how core concepts in access control can be represented in axiomatic terms and how multiple access control models and policies can be uniformly represented as particular logical theories in the axiom system that we introduce. Authorization policies are represented in our framework by using a form of answer set programming. We describe the motivations for our approach and we consider how properties of policies can be proven in our scheme.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Abadi, M., Burrows, M., Lampson, B.W., Plotkin, G.D.: A calculus for access con-trol in distributed systems. ACM Trans. Program. Lang. Syst. 15(4), 706–734 (1993)

    Article  Google Scholar 

  2. ANSI. RBAC, INCITS 359-2004 (2004)

    Google Scholar 

  3. Baral, C.: Knowledge Representation, Reasoning and Declarative Problem Solving. Cambridge University Press (2003)

    Google Scholar 

  4. Barker, S.: The next 700 access control models or a unifying meta-model? In: SACMAT, pp. 187–196 (2009)

    Google Scholar 

  5. Barker, S., Genovese, V.: Secommunity: A Framework for Distributed Access Control. In: Delgrande, J.P., Faber, W. (eds.) LPNMR 2011. LNCS, vol. 6645, pp. 297–303. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  6. Barker, S., Sergot, M.J., Wijesekera, D.: Status-based access control. ACM Trans. Inf. Syst. Secur. 12(1) (2008)

    Google Scholar 

  7. Barker, S., Stuckey, P.: Flexible access control policy specification with constraint logic programming. ACM Trans. on Information and System Security 6(4), 501–546 (2003)

    Article  Google Scholar 

  8. Bauer, L., Schneider, M.A., Felten, E.W.: A general and flexible access-control system for the web. In: USENIX Security Symposium, pp. 93–108 (2002)

    Google Scholar 

  9. Becker, M.Y., Fournet, C., Gordon, A.D.: SecPAL: Design and semantics of a decentralized authorization language. Journal of Computer Security 18(4), 619–665 (2010)

    Google Scholar 

  10. Bell, D.E., LaPadula, L.J.: Secure computer system: Unified exposition and multics interpretation. MITRE-2997 (1976)

    Google Scholar 

  11. Biba, K.: Integrity considerations for secure computer systems. MITRE Report MTR-3153 (1977)

    Google Scholar 

  12. Brewer, D.F.C., Nash, M.J.: The Chinese Wall security policy. In: IEEE Symposium on Security and Privacy, pp. 206–214 (1989)

    Google Scholar 

  13. Cholak, P., Blair, H.A.: The complexity of local stratification. Fundam. Inform. 21(4), 333–344 (1994)

    MathSciNet  MATH  Google Scholar 

  14. Clark, K.: Negation as failure. In: Gallaire, H., Minker, J. (eds.) Logic and Databases, pp. 293–322. Plenum (1978)

    Google Scholar 

  15. Craven, R., Lobo, J., Ma, J., Russo, A., Lupu, E.C., Bandara, A.K.: Expressive policy analysis with enhanced system dynamicity. In: ASIACCS, pp. 239–250 (2009)

    Google Scholar 

  16. Dell’Armi, T., Faber, W., Ielpa, G., Leone, N., Pfeifer, G.: Aggregate functions in disjunctive logic programming: Semantics, complexity, and implementation in DLV. In: Proceedings of the Eighteenth International Joint Conference on Artificial Intelligence IJCAI, pp. 847–852 (2003)

    Google Scholar 

  17. DeTreville, J.: Binder, a logic-based security language. In: Proc. IEEE Symposium on Security and Privacy, pp. 105–113 (2002)

    Google Scholar 

  18. Gelfond, M., Lifschitz, V.: Classical negation in logic programs and disjunctive databases. New Generation Computing 9, 365–385 (1991)

    Article  Google Scholar 

  19. Gelfond, M., Lobo, J.: Authorization and Obligation Policies in Dynamic Systems. In: Garcia de la Banda, M., Pontelli, E. (eds.) ICLP 2008. LNCS, vol. 5366, pp. 22–36. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  20. Halpern, J.Y., Weissman, V.: Using first-order logic to reason about policies. ACM Trans. Inf. Syst. Secur. 11(4) (2008)

    Google Scholar 

  21. Jajodia, S., Samarati, P., Sapino, M., Subrahmaninan, V.: Flexible support for mul-tiple access control policies. ACM TODS 26(2), 214–260 (2001)

    Article  MATH  Google Scholar 

  22. Jim, T.: SD3: A trust management system with certified evaluation. In: IEEE Symp. Security and Privacy, pp. 106–115 (2001)

    Google Scholar 

  23. Jones, J.I., Sergot, M.J.: Formal Specification of Security Requirements Using the Theory of Normative Positions. In: Deswarte, Y., Quisquater, J.-J., Eizenberg, G. (eds.) ESORICS 1992. LNCS, vol. 648, pp. 103–121. Springer, Heidelberg (1992)

    Chapter  Google Scholar 

  24. Jones, A.J.I., Sergot, M.J.: A formal characterisation of institutionalised power. Logic Journal of the IGPL 4(3), 427–443 (1996)

    Article  MathSciNet  MATH  Google Scholar 

  25. Kowalski, R., Sergot, M.: A logic-based calculus of events. New Generation Computing 4(1), 67–95 (1986)

    Article  Google Scholar 

  26. Kuhn, T.: The Structure of Scientific Revolutions, 3rd edn. University of Chicago Press (1996)

    Google Scholar 

  27. Li, N., Grosof, B.N., Feigenbaum, J.: Delegation logic: A logic-based approach to dis- tributed authorization. ACM Trans. Inf. Syst. Secur. 6(1), 128–171 (2003)

    Article  Google Scholar 

  28. Li, N., Mitchell, J.C., Winsborough, W.H.: Design of a role-based trust-management framework. In: IEEE Symposium on Security and Privacy, pp. 114–130 (2002)

    Google Scholar 

  29. Lloyd, J.: Foundations of Logic Programming. Springer, Heidelberg (1987)

    Book  MATH  Google Scholar 

  30. Przymusinski, T.C.: On the declarative semantics of deductive databases and logic programs. In: Foundations of Deductive Databases and Logic Programming, pp. 193–216. Morgan Kaufmann (1988)

    Google Scholar 

  31. Russell, B.: The Principles of Mathematics. Cambridge University Press (1903)

    Google Scholar 

  32. Sandhu, R., Coyne, E., Feinstein, H., Youman, C.: Role-based access control models. IEEE Computer 29(2), 38–47 (1996)

    Article  Google Scholar 

  33. Thomas, R.: Team-based access control (TMAC): a primitive for applying role-based access controls in collaborative environments. In: ACM Workshop on Role-Based Access Control, pp. 13–19 (1997)

    Google Scholar 

  34. Wang, S., Zhang, Y.: Handling distributed authorization with delegation through answer set programming. Int. J. Inf. Sec. 6(1), 27–46 (2007)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Informatics, King’s College London, Strand, London, WC2R 2LS, UK

    Steve Barker

Authors
  1. Steve Barker
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Software and Knowledge Engineering Laboratory, Institute of Informatics and Telecommunications, National Centre for Scientific Research ’Demokritos’, 15310, Athens, Greece

    Alexander Artikis

  2. Department of Computing, Imperial College London, 180 Queen’s Gate, SW7 2AZ, London, UK

    Robert Craven

  3. Department of Computer Engineering, Middle East Technical University, Dumlupınar Bulvarı No. 1, 06800, Çankaya, Ankara, Turkey

    Nihan Kesim Çiçekli

  4. Axiomatics AB, Box 2157, 103 14, Stockholm, Sweden

    Babak Sadighi

  5. Royal Holloway, University of London, UK

    Kostas Stathis

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this chapter

Cite this chapter

Barker, S. (2012). Logical Approaches to Authorization Policies. In: Artikis, A., Craven, R., Kesim Çiçekli, N., Sadighi, B., Stathis, K. (eds) Logic Programs, Norms and Action. Lecture Notes in Computer Science(), vol 7360. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-29414-3_19

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-29414-3_19

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-29413-6

  • Online ISBN: 978-3-642-29414-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation