Abstract
PolicyUpdater is a fully-implemented authorisation system that provides policy evaluations as well as dynamic policy updates. These functions are achieved by the use of a logic-based language, \({\cal L}\), to represent the underlying access control policies, constraints and update propositions. The system performs access control query evaluations and conditional policy updates by translating the language \({\cal L}\) policies to a normal logic program in a form suitable for evaluation using the Stable Model semantics. In this paper, we show the underlying mechanisms that make up the PolicyUpdater system, including the theoretical foundation of its formal language, system structure, implementation issues and performance analysis.
Similar content being viewed by others
References
Allen, J.F.: Maintaining knowledge about temporal intervals. Commun. ACM 26(11), 832–843 (1983)
Apache Software Foundation. Authentication, authorization and access control. Apache HTTP Server Version 2.1 Documentation, http://httpd.apache.org/docs-2.1/ (2004)
Bai, Y., Varadharajan, V.: On formal languages for sequences of authorization transformations. In: Proceedings of Safety, Reliability and Security of Computer Systems. Lecture Notes in Computer Science, vol. 1698, pp. 375–384 (1999)
Bai, Y., Varadharajan, V.: On transformation of authorization policies. Data Knowledge Eng. 45(3), 333–357 (2003)
Baral, C.: Knowledge, Representation, Reasoning and Declarative Problem Solving, pp. 99–100. Cambridge University Press, UK (2003)
Bertino, E., Buccafurri, F., Ferrari, E., Rullo, P.: A logic-based approach for enforcing access control. J. Comput. Security 8(2–3), 109–140 (2000)
Bertino, E., Mileo, A., Provetti, A.: Policy monitoring with user-preferences in PDL. In: Proceedings of IJCAI-03 Workshop for Nonmonotonic Reasoning, Action and Change, pp. 37–44 (2003)
Chomicki, J., Lobo, J., Naqvi, S.: A logic programming approach to conflict resolution in policy management. In: Proceedings of KR2000, 7th International Conference on Principles of Knowledge Representation and Reasoning, pp. 121–132 (2000)
Crescini, V.F., Zhang, Y.: A logic based approach for dynamic access control. In: Proceedings of the 17th Australian Joint Conference on Artificial Intelligence, vol. 3339, pp. 623–635 (2004)
Crescini, V.F., Zhang, Y., Wang, W.: Web server authorisation with the policyupdater access control system. In: Proceedings of the 2004 IADIS WWW/Internet Conference, vol. 2, pp. 945–948 (2004)
Gelfond, M., Lifschitz, V.: The stable model semantics for logic programming. In: Proceedings of the Fifth International Conference on Logic Programming, pp. 1070–1080 (1998)
Halpern, J.Y., Weissman, V.: Using First-order logic to reason about policies. In: Proceedings of the 16th IEEE Computer Security Foundations Workshop, pp. 187–201 (2003)
Jajodia, S., Samarati, P., Sapino, M.L., Subrahmanian, V.S.: Flexible support for multiple access control policies. ACM Trans. Database Syst. 29(2), 214–260 (2001)
Krokhin, A., Jeavons, P., Jonsson, P.: Reasoning about temporal relations: the tractable subalgebras of Allen’s interval algebra. J. ACM 50(5), 591–640 (2003)
Laurie, B., Laurie, P., Apache: The Definitive Guide, 3rd ed. O’Reilly & Associates Inc., CA (2003)
Li, N., Grosof, B.N., Feigenbaum, J.: Delegation logic: a logic-based approach to distributed authorization. ACM Trans. Inform. Syst. Security (TISSEC) 6(1), 128–171 (2003)
Lin, F., Zhao, X.: On odd and even cycles in normal logic programs. In: Proceedings of AAAI 19th National Conference on Artificial Intelligence and 16th Conference on Innovative Applications of Artificial Intelligence, p. 80 (2004)
Lobo, J., Bhatia, R., Naqvi, S.: A policy description language. In: Proceedings of AAAI 16th National Conference on Artificial Intelligence and 11th Conference on Innovative Applications of Artificial Intelligence, pp. 291–298 (1999)
Network Working Group. HTTP 1.1 (RFC 2616). The Internet Society, ftp://ftp.isi.edu/in-notes/rfc2616.txt (1999)
Network Working Group. HTTP Authentication: Basic and Digest Access Authentication (RFC 2617). The Internet Society, ftp://ftp.isi.edu/in-notes/rfc2617.txt (1999)
Simons, P.: Efficient implementation of the stable model semantics for normal logic programs. Research Reports Number A35, Helsinki University of Technology, http://www.tcs.hut.fi/Publications/reports/A35.ps.Z (1995)
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Crescini, V.F., Zhang, Y. PolicyUpdater: a system for dynamic access control. Int. J. Inf. Secur. 5, 145–165 (2006). https://doi.org/10.1007/s10207-005-0078-8
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10207-005-0078-8