Skip to main content
SpringerLink
Log in

PolicyUpdater: a system for dynamic access control

  • Regular Contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

PolicyUpdater is a fully-implemented authorisation system that provides policy evaluations as well as dynamic policy updates. These functions are achieved by the use of a logic-based language, \({\cal L}\), to represent the underlying access control policies, constraints and update propositions. The system performs access control query evaluations and conditional policy updates by translating the language \({\cal L}\) policies to a normal logic program in a form suitable for evaluation using the Stable Model semantics. In this paper, we show the underlying mechanisms that make up the PolicyUpdater system, including the theoretical foundation of its formal language, system structure, implementation issues and performance analysis.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Allen, J.F.: Maintaining knowledge about temporal intervals. Commun. ACM 26(11), 832–843 (1983)

    Article  MATH  Google Scholar 

  2. Apache Software Foundation. Authentication, authorization and access control. Apache HTTP Server Version 2.1 Documentation, http://httpd.apache.org/docs-2.1/ (2004)

  3. Bai, Y., Varadharajan, V.: On formal languages for sequences of authorization transformations. In: Proceedings of Safety, Reliability and Security of Computer Systems. Lecture Notes in Computer Science, vol. 1698, pp. 375–384 (1999)

  4. Bai, Y., Varadharajan, V.: On transformation of authorization policies. Data Knowledge Eng. 45(3), 333–357 (2003)

    Article  Google Scholar 

  5. Baral, C.: Knowledge, Representation, Reasoning and Declarative Problem Solving, pp. 99–100. Cambridge University Press, UK (2003)

    MATH  Google Scholar 

  6. Bertino, E., Buccafurri, F., Ferrari, E., Rullo, P.: A logic-based approach for enforcing access control. J. Comput. Security 8(2–3), 109–140 (2000)

    Google Scholar 

  7. Bertino, E., Mileo, A., Provetti, A.: Policy monitoring with user-preferences in PDL. In: Proceedings of IJCAI-03 Workshop for Nonmonotonic Reasoning, Action and Change, pp. 37–44 (2003)

  8. Chomicki, J., Lobo, J., Naqvi, S.: A logic programming approach to conflict resolution in policy management. In: Proceedings of KR2000, 7th International Conference on Principles of Knowledge Representation and Reasoning, pp. 121–132 (2000)

  9. Crescini, V.F., Zhang, Y.: A logic based approach for dynamic access control. In: Proceedings of the 17th Australian Joint Conference on Artificial Intelligence, vol. 3339, pp. 623–635 (2004)

  10. Crescini, V.F., Zhang, Y., Wang, W.: Web server authorisation with the policyupdater access control system. In: Proceedings of the 2004 IADIS WWW/Internet Conference, vol. 2, pp. 945–948 (2004)

  11. Gelfond, M., Lifschitz, V.: The stable model semantics for logic programming. In: Proceedings of the Fifth International Conference on Logic Programming, pp. 1070–1080 (1998)

  12. Halpern, J.Y., Weissman, V.: Using First-order logic to reason about policies. In: Proceedings of the 16th IEEE Computer Security Foundations Workshop, pp. 187–201 (2003)

  13. Jajodia, S., Samarati, P., Sapino, M.L., Subrahmanian, V.S.: Flexible support for multiple access control policies. ACM Trans. Database Syst. 29(2), 214–260 (2001)

    Article  Google Scholar 

  14. Krokhin, A., Jeavons, P., Jonsson, P.: Reasoning about temporal relations: the tractable subalgebras of Allen’s interval algebra. J. ACM 50(5), 591–640 (2003)

    Article  MathSciNet  Google Scholar 

  15. Laurie, B., Laurie, P., Apache: The Definitive Guide, 3rd ed. O’Reilly & Associates Inc., CA (2003)

    Google Scholar 

  16. Li, N., Grosof, B.N., Feigenbaum, J.: Delegation logic: a logic-based approach to distributed authorization. ACM Trans. Inform. Syst. Security (TISSEC) 6(1), 128–171 (2003)

    Article  Google Scholar 

  17. Lin, F., Zhao, X.: On odd and even cycles in normal logic programs. In: Proceedings of AAAI 19th National Conference on Artificial Intelligence and 16th Conference on Innovative Applications of Artificial Intelligence, p. 80 (2004)

  18. Lobo, J., Bhatia, R., Naqvi, S.: A policy description language. In: Proceedings of AAAI 16th National Conference on Artificial Intelligence and 11th Conference on Innovative Applications of Artificial Intelligence, pp. 291–298 (1999)

  19. Network Working Group. HTTP 1.1 (RFC 2616). The Internet Society, ftp://ftp.isi.edu/in-notes/rfc2616.txt (1999)

  20. Network Working Group. HTTP Authentication: Basic and Digest Access Authentication (RFC 2617). The Internet Society, ftp://ftp.isi.edu/in-notes/rfc2617.txt (1999)

    Google Scholar 

  21. Simons, P.: Efficient implementation of the stable model semantics for normal logic programs. Research Reports Number A35, Helsinki University of Technology, http://www.tcs.hut.fi/Publications/reports/A35.ps.Z (1995)

Download references

Author information

Authors and Affiliations

  1. School of Computing and Information Technology, University of Western Sydney, Penrith South DC, NSW, 1797, Australia

    Vino Fernando Crescini & Yan Zhang

Authors
  1. Vino Fernando Crescini
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yan Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Vino Fernando Crescini.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Crescini, V.F., Zhang, Y. PolicyUpdater: a system for dynamic access control. Int. J. Inf. Secur. 5, 145–165 (2006). https://doi.org/10.1007/s10207-005-0078-8

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-005-0078-8

Keywords

Search

Navigation