Abstract
In [2, 3], we proposed a model-based approach to specify the transformation of authorizations based on the principle of minimal change [10] and its application in database systems. Nevertheless, there were some limitations in this approach. Firstly, we could not represent a sequence of transformations. Secondly, default authorizations could not be expressed. In this paper, we propose two high-level formal languages, ℒs and ℒsd, to specify a sequence of authorization transformations and default authorizations. Our work starts with ℒs, a simple, but expressive, language to specify certain sequence of authorization transformations. Furthermore, ℒsd has more powerful expressiveness than ℒs in the sense that constraints, causal and inherited authorizations, and general default authorizations can be specified.
Similar content being viewed by others
References
Atluri V, Gal A (2002) An authorization model for temporal and derived data: securing information portals. ACM Trans Inf Syst Secur 5(1):62–94
Bai Y, Varadharajan V (2002) Object oriented database with authorization policies. J Fundament Inf 53(3–4):229–250
Bai Y, Varadharajan V (2003) On transformation of authorization policies. Data Knowl Eng 45(3):333–357
Bertino E, Buccafurri F, Ferrari E, Rullo P (2000) A logic-based approach for enforcing access control. Comput Secur 8(2–2):109–140
Bertino E, Catania B, Ferrari E, Perlasca P (2003) A logical framework for reasoning about access control models. ACM Trans Inf Syst Secur 6(1):71–127
Bertino E, Jajodia S, Samarati P (1996) Supporting multiple access control policies in database systems. In: Proceedings of the IEEE symposium on research in security and privacy, pp 94–107
Bertino E, Mileo A, Provetti A (2003) Policy monitoring with user-preferences in PDL. In: Proceedings of the IJCAI-03 workshop for nonmonotonic reasoning, action and change, pp 37–44
Brewer DFC, Nash MJ (1989) The Chinese wall security policy. In: Proceedings of the IEEE symposium on research in security and privacy, pp 215–228
Chomicki J, Lobo J, Naqvi S (2000) A logical programming approach to conflict resolution in policy management. In: Proceedings of the international conference on principles of knowledge representation and reasoning, pp 121–132
Chou TSC, Winslett M (1991) Immortal: a model-based belief revision system. In: Proceedings of the international conference on principles of knowledge representation and reasoning, pp 99–110
Crescini V, Zhang Y (2004) Web server authorization with policy updater: a logical based access control system. In: Proceedings of the IADIS international conference on WWW/Internet (in press)
Crescini V, Zhang Y (2004) A logical based approach for dynamic access control. In: Proceedings of the 17th Australian joint conference on artificial intelligence, pp 623–635
Dacier M, Deswarte Y (1994) Privilege graph: an extension to the typed access matrix model. In: Proceedings of the European symposium on research in computer security, pp 319–334
Denning DE (1976) A lattice model of secure information flow. Commun ACM 19:236–243
Fernandez EB, Gudes E, Song H (1989) A security model for object-oriented databases. In: Proceedings of the IEEE symposium on research in security and privacy, pp 110–115
Fernandez EB, France RB, Wei D (1995) A formal specification of an authorization model for object-oriented databases. In: Database Security, IX: Status and Prospects, pp 95–109
Gelfond M, Lifschitz V (1991) Classical negation in logic programs and disjunctive databases. New Generat Comput 9:365–385
Gong L (1989) A secure identity based capability system. In: Proceedings of the IEEE symposium on research in security and privacy, pp 56–63
Jajodia S, Samarati P, Sapino ML, Subrahmanian VS (2001) Flexible support for multiple access control policies. ACM Trans Database Syst 29(2):214–260
Jajodia S, Samarati P, Subrahmanian VS (1997) A logical language for expressing authorizations. In: Proceedings of the IEEE symposium on research in security and privacy, pp 31–42
Li N, Grosof B, Feigenbaum J (2003) Delegation logic: a logic-based approach to distributed authorization. ACM Trans Inf Syst Secur 6(1):128–171
Meadows C (1991) Policies for dynamic upgrading. In: Database Security, IV: Status and Prospects, pp 241–250
Reiter R (1980) A logic for default reasoning. Artif Intell 13:81–132
Sandhu RS, Ganta S (1994) On the minimality of testing for rights in transformation models. In: Proceedings of the IEEE symposium on research in security and privacy, pp 230–241
Woo TYC, Lam SS (1992) Authorization in distributed systems: a formal approach. In: Proceedings of the IEEE symposium on research in security and privacy, pp 33–50
Zhang Y, Wu CM, Bai Y (2001) Implementing prioritized logic programming. AI Commun 14(4):183–196
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Bai, Y., Zhang, Y. & Varadharajan, V. On the sequence of authorization policy transformations. IJIS 4, 120–131 (2005). https://doi.org/10.1007/s10207-004-0069-1
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10207-004-0069-1