Abstract
We show how core concepts in access control can be represented in axiomatic terms and how multiple access control models and policies can be uniformly represented as particular logical theories in the axiom system that we introduce. Authorization policies are represented in our framework by using a form of answer set programming. We describe the motivations for our approach and we consider how properties of policies can be proven in our scheme.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Abadi, M., Burrows, M., Lampson, B.W., Plotkin, G.D.: A calculus for access con-trol in distributed systems. ACM Trans. Program. Lang. Syst. 15(4), 706–734 (1993)
ANSI. RBAC, INCITS 359-2004 (2004)
Baral, C.: Knowledge Representation, Reasoning and Declarative Problem Solving. Cambridge University Press (2003)
Barker, S.: The next 700 access control models or a unifying meta-model? In: SACMAT, pp. 187–196 (2009)
Barker, S., Genovese, V.: Secommunity: A Framework for Distributed Access Control. In: Delgrande, J.P., Faber, W. (eds.) LPNMR 2011. LNCS, vol. 6645, pp. 297–303. Springer, Heidelberg (2011)
Barker, S., Sergot, M.J., Wijesekera, D.: Status-based access control. ACM Trans. Inf. Syst. Secur. 12(1) (2008)
Barker, S., Stuckey, P.: Flexible access control policy specification with constraint logic programming. ACM Trans. on Information and System Security 6(4), 501–546 (2003)
Bauer, L., Schneider, M.A., Felten, E.W.: A general and flexible access-control system for the web. In: USENIX Security Symposium, pp. 93–108 (2002)
Becker, M.Y., Fournet, C., Gordon, A.D.: SecPAL: Design and semantics of a decentralized authorization language. Journal of Computer Security 18(4), 619–665 (2010)
Bell, D.E., LaPadula, L.J.: Secure computer system: Unified exposition and multics interpretation. MITRE-2997 (1976)
Biba, K.: Integrity considerations for secure computer systems. MITRE Report MTR-3153 (1977)
Brewer, D.F.C., Nash, M.J.: The Chinese Wall security policy. In: IEEE Symposium on Security and Privacy, pp. 206–214 (1989)
Cholak, P., Blair, H.A.: The complexity of local stratification. Fundam. Inform. 21(4), 333–344 (1994)
Clark, K.: Negation as failure. In: Gallaire, H., Minker, J. (eds.) Logic and Databases, pp. 293–322. Plenum (1978)
Craven, R., Lobo, J., Ma, J., Russo, A., Lupu, E.C., Bandara, A.K.: Expressive policy analysis with enhanced system dynamicity. In: ASIACCS, pp. 239–250 (2009)
Dell’Armi, T., Faber, W., Ielpa, G., Leone, N., Pfeifer, G.: Aggregate functions in disjunctive logic programming: Semantics, complexity, and implementation in DLV. In: Proceedings of the Eighteenth International Joint Conference on Artificial Intelligence IJCAI, pp. 847–852 (2003)
DeTreville, J.: Binder, a logic-based security language. In: Proc. IEEE Symposium on Security and Privacy, pp. 105–113 (2002)
Gelfond, M., Lifschitz, V.: Classical negation in logic programs and disjunctive databases. New Generation Computing 9, 365–385 (1991)
Gelfond, M., Lobo, J.: Authorization and Obligation Policies in Dynamic Systems. In: Garcia de la Banda, M., Pontelli, E. (eds.) ICLP 2008. LNCS, vol. 5366, pp. 22–36. Springer, Heidelberg (2008)
Halpern, J.Y., Weissman, V.: Using first-order logic to reason about policies. ACM Trans. Inf. Syst. Secur. 11(4) (2008)
Jajodia, S., Samarati, P., Sapino, M., Subrahmaninan, V.: Flexible support for mul-tiple access control policies. ACM TODS 26(2), 214–260 (2001)
Jim, T.: SD3: A trust management system with certified evaluation. In: IEEE Symp. Security and Privacy, pp. 106–115 (2001)
Jones, J.I., Sergot, M.J.: Formal Specification of Security Requirements Using the Theory of Normative Positions. In: Deswarte, Y., Quisquater, J.-J., Eizenberg, G. (eds.) ESORICS 1992. LNCS, vol. 648, pp. 103–121. Springer, Heidelberg (1992)
Jones, A.J.I., Sergot, M.J.: A formal characterisation of institutionalised power. Logic Journal of the IGPL 4(3), 427–443 (1996)
Kowalski, R., Sergot, M.: A logic-based calculus of events. New Generation Computing 4(1), 67–95 (1986)
Kuhn, T.: The Structure of Scientific Revolutions, 3rd edn. University of Chicago Press (1996)
Li, N., Grosof, B.N., Feigenbaum, J.: Delegation logic: A logic-based approach to dis- tributed authorization. ACM Trans. Inf. Syst. Secur. 6(1), 128–171 (2003)
Li, N., Mitchell, J.C., Winsborough, W.H.: Design of a role-based trust-management framework. In: IEEE Symposium on Security and Privacy, pp. 114–130 (2002)
Lloyd, J.: Foundations of Logic Programming. Springer, Heidelberg (1987)
Przymusinski, T.C.: On the declarative semantics of deductive databases and logic programs. In: Foundations of Deductive Databases and Logic Programming, pp. 193–216. Morgan Kaufmann (1988)
Russell, B.: The Principles of Mathematics. Cambridge University Press (1903)
Sandhu, R., Coyne, E., Feinstein, H., Youman, C.: Role-based access control models. IEEE Computer 29(2), 38–47 (1996)
Thomas, R.: Team-based access control (TMAC): a primitive for applying role-based access controls in collaborative environments. In: ACM Workshop on Role-Based Access Control, pp. 13–19 (1997)
Wang, S., Zhang, Y.: Handling distributed authorization with delegation through answer set programming. Int. J. Inf. Sec. 6(1), 27–46 (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Barker, S. (2012). Logical Approaches to Authorization Policies. In: Artikis, A., Craven, R., Kesim Çiçekli, N., Sadighi, B., Stathis, K. (eds) Logic Programs, Norms and Action. Lecture Notes in Computer Science(), vol 7360. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-29414-3_19
Download citation
DOI: https://doi.org/10.1007/978-3-642-29414-3_19
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-29413-6
Online ISBN: 978-3-642-29414-3
eBook Packages: Computer ScienceComputer Science (R0)