Skip to main content
SpringerLink
Log in

On the sequence of authorization policy transformations

  • Regular contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

In [2, 3], we proposed a model-based approach to specify the transformation of authorizations based on the principle of minimal change [10] and its application in database systems. Nevertheless, there were some limitations in this approach. Firstly, we could not represent a sequence of transformations. Secondly, default authorizations could not be expressed. In this paper, we propose two high-level formal languages, ℒs and ℒsd, to specify a sequence of authorization transformations and default authorizations. Our work starts with ℒs, a simple, but expressive, language to specify certain sequence of authorization transformations. Furthermore, ℒsd has more powerful expressiveness than ℒs in the sense that constraints, causal and inherited authorizations, and general default authorizations can be specified.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Similar content being viewed by others

References

  1. Atluri V, Gal A (2002) An authorization model for temporal and derived data: securing information portals. ACM Trans Inf Syst Secur 5(1):62–94

    Article  Google Scholar 

  2. Bai Y, Varadharajan V (2002) Object oriented database with authorization policies. J Fundament Inf 53(3–4):229–250

  3. Bai Y, Varadharajan V (2003) On transformation of authorization policies. Data Knowl Eng 45(3):333–357

    Article  Google Scholar 

  4. Bertino E, Buccafurri F, Ferrari E, Rullo P (2000) A logic-based approach for enforcing access control. Comput Secur 8(2–2):109–140

  5. Bertino E, Catania B, Ferrari E, Perlasca P (2003) A logical framework for reasoning about access control models. ACM Trans Inf Syst Secur 6(1):71–127

    Article  Google Scholar 

  6. Bertino E, Jajodia S, Samarati P (1996) Supporting multiple access control policies in database systems. In: Proceedings of the IEEE symposium on research in security and privacy, pp 94–107

  7. Bertino E, Mileo A, Provetti A (2003) Policy monitoring with user-preferences in PDL. In: Proceedings of the IJCAI-03 workshop for nonmonotonic reasoning, action and change, pp 37–44

  8. Brewer DFC, Nash MJ (1989) The Chinese wall security policy. In: Proceedings of the IEEE symposium on research in security and privacy, pp 215–228

  9. Chomicki J, Lobo J, Naqvi S (2000) A logical programming approach to conflict resolution in policy management. In: Proceedings of the international conference on principles of knowledge representation and reasoning, pp 121–132

  10. Chou TSC, Winslett M (1991) Immortal: a model-based belief revision system. In: Proceedings of the international conference on principles of knowledge representation and reasoning, pp 99–110

  11. Crescini V, Zhang Y (2004) Web server authorization with policy updater: a logical based access control system. In: Proceedings of the IADIS international conference on WWW/Internet (in press)

  12. Crescini V, Zhang Y (2004) A logical based approach for dynamic access control. In: Proceedings of the 17th Australian joint conference on artificial intelligence, pp 623–635

  13. Dacier M, Deswarte Y (1994) Privilege graph: an extension to the typed access matrix model. In: Proceedings of the European symposium on research in computer security, pp 319–334

  14. Denning DE (1976) A lattice model of secure information flow. Commun ACM 19:236–243

    Article  MathSciNet  Google Scholar 

  15. Fernandez EB, Gudes E, Song H (1989) A security model for object-oriented databases. In: Proceedings of the IEEE symposium on research in security and privacy, pp 110–115

  16. Fernandez EB, France RB, Wei D (1995) A formal specification of an authorization model for object-oriented databases. In: Database Security, IX: Status and Prospects, pp 95–109

  17. Gelfond M, Lifschitz V (1991) Classical negation in logic programs and disjunctive databases. New Generat Comput 9:365–385

    Article  Google Scholar 

  18. Gong L (1989) A secure identity based capability system. In: Proceedings of the IEEE symposium on research in security and privacy, pp 56–63

  19. Jajodia S, Samarati P, Sapino ML, Subrahmanian VS (2001) Flexible support for multiple access control policies. ACM Trans Database Syst 29(2):214–260

    Article  Google Scholar 

  20. Jajodia S, Samarati P, Subrahmanian VS (1997) A logical language for expressing authorizations. In: Proceedings of the IEEE symposium on research in security and privacy, pp 31–42

  21. Li N, Grosof B, Feigenbaum J (2003) Delegation logic: a logic-based approach to distributed authorization. ACM Trans Inf Syst Secur 6(1):128–171

    Article  Google Scholar 

  22. Meadows C (1991) Policies for dynamic upgrading. In: Database Security, IV: Status and Prospects, pp 241–250

  23. Reiter R (1980) A logic for default reasoning. Artif Intell 13:81–132

    Article  MathSciNet  Google Scholar 

  24. Sandhu RS, Ganta S (1994) On the minimality of testing for rights in transformation models. In: Proceedings of the IEEE symposium on research in security and privacy, pp 230–241

  25. Woo TYC, Lam SS (1992) Authorization in distributed systems: a formal approach. In: Proceedings of the IEEE symposium on research in security and privacy, pp 33–50

  26. Zhang Y, Wu CM, Bai Y (2001) Implementing prioritized logic programming. AI Commun 14(4):183–196

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Computing and Information Technology, University of Western Sydney, Locked Bag 1797, Penrith South DC, NSW, 1797, Australia

    Yun Bai & Yan Zhang

  2. Department of Computing, Macquarie University, North Ryde, NSW, 2109, Australia

    Vijay Varadharajan

Authors
  1. Yun Bai
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yan Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Vijay Varadharajan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yun Bai.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Bai, Y., Zhang, Y. & Varadharajan, V. On the sequence of authorization policy transformations. IJIS 4, 120–131 (2005). https://doi.org/10.1007/s10207-004-0069-1

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-004-0069-1

Keywords

Search

Navigation