Skip to main content

Advertisement

SpringerLink
Log in

A temporal defeasible logic for handling access control policies

  • Published:
Applied Intelligence Aims and scope Submit manuscript

Abstract

Access control policies are specified within systems to ensure confidentiality of their information. Available knowledge about policies is usually incomplete and uncertain. An essential goal in reasoning is to reach conclusions which can be justified. However, since justification does not necessarily guarantee truth, the best we can do is to derive “plausible/ tentative” conclusions from partial and conflicting information. Policies are typically expressed as rules that could be complex and include timing constraints. Complex sets of access policies can contain conflicts e.g., a rule allows access while another rule prevents it. In this paper, we aim at providing a formalism for specifying authorization policies of a dynamic system. We present a temporal defeasible logic (TDL) which allows us to specify temporal policies and to handle conflicts. It can be shown that the proposed model is a generalization of the role-based access control model.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1

Similar content being viewed by others

References

  1. Allen J (1984) Towards a general theory of action and time. Artif Intell 23(2):123–154

    Article  MATH  Google Scholar 

  2. Antoniou G, Billington D, Governatori G, Maher M (1999) On the Modeling and Analysis of Regulations. In: Proceedings of the Australian conference on information systems

  3. Antoniou G, Billington D, Maher M (1999) On the analysis of regulations using defeasible rules. In: Proceedings of the 32nd Hawaii international conference on systems Science

  4. Antoniou G, Billington D, Governatori G, Maher M (2000) A Flexible Framework for Defeasible Logics. In: Proceedings of the 17th National conference on artificial intelligence and 12th conference on innovative applications of artificial intelligence, pp 405–410. AAAI Press

  5. Antoniou G, Billington D, Governatori G, Maher M (2001) Representation Results for Defeasible Logic. ACM Trans Comput Log 2(2):255–287

    Article  MathSciNet  MATH  Google Scholar 

  6. Antoniou G (2002) Nonmonotonic rule system on top of ontology layer. In: Proceedings of the ISWC 2002, LNCS 2432: pp 394–398

  7. Atluri V, Gal A (2002) An Authorization Model for Temporal and Derived Data: Securing Information Portals. ACM Trans Inf Syst Secur 5(1):62–94

    Article  Google Scholar 

  8. Basin D, Klaedtke F, Muller S (2010) Monitoring Security Policies with Metric First-Order Temporal Logic. In: Proceedings of the 15th ACM symposium on access control models and technologies, SACMAT ’10. ACM, USA, pp 23–34

  9. Bertino E, Bettini C, Ferrari E, Samarati P (1998) An Access Control Model Supporting Periodicity Constraints and Temporal Reasoning. ACM Trans Database Syst 23(3):231–285

    Article  Google Scholar 

  10. Bertino E, Bonatti P, Ferrari E (2001) TRBAC: A Temporal Role-Based Access Control Model. ACM Trans Inf Syst Secur 4(3):191–233

    Article  Google Scholar 

  11. Ferraiolo D, Gilbert D, Lynch N (1993) An examination of federal and commercial access control policy needs. In: NIST-NCSC national computer security conference, pp 107–116

  12. Gavrila S, Barkley J (1998) Formal Specification for Role Based Access Control User/Role and Role/Role Relationship Management. In: Proceedings of the 3rd ACM workshop on Role-based access control, RBAC ’98, pp 81–90

  13. Gelfond M, Lobo J (2008) Authorization and Obligation Policies in Dynamic Systems. In: Lecture notes in computer science, vol. 5366. Springer, pp 22–36

  14. Georgiadis C, Mavridis I, Pangalos G, Thomas R (2001) Flexible Team-Based Access Control using Contexts. In: Proceedings of the 6th ACM symposium on access control models and technologies, SACMAT ’01, pp 21–27

  15. Governatori G, Dumas M, ter Hofstede A, Oaks P (2001) A formal approach to protocols and strategies for (legal) negotiation. In: Proceedings of the ICAIL’01, pp 168–177

  16. Governatori G, Maher M, Antoniou G, Billington D (2004) Argumentation semantics for defeasible logic. J Log Comput 14(5):675–702

    Article  MathSciNet  MATH  Google Scholar 

  17. Governatori G, Rotolo A (2004) Defeasible logic: Agency, intention and obligation. In: Proceedings of the Deon 2004, LNAI 3065, pp 114–128

  18. Governatori G (2005) Representing business contracts in RuleML. International Journal of Cooperative Information Systems 14(2-3):181–216

    Article  Google Scholar 

  19. Governatori G, Rotolo A, Sartor G (2005) Temporalised normative positions in defeasible logic. In: Proceedings of the ICAIL05, pp 25–34

  20. Governatori G, Padmanabhan V, Antonino R (2006) Rule-based agents in temporalised defeasible logic. In: Proceedings of the PRICAI’06, LNAI 4099, pp 31–40

  21. Governatori G, Rotolo A, Padmanabhan V (2006) The cost of social agents. In: Proceedings of the AAMAS 2006, pp 513–520

  22. Governatori G, Hulstijn J, Riveret R, Rotolo A (2007) Characterising deadlines in temporal modal defeasible logic. In: Proceedings of the Aust. AI 2007, LNAI

  23. Grosof B, Labrou Y, Chan H (1999) A Declarative Approach to Business Rules in Contracts: Courteous Logic Programs in XML. In: Proceedings of the 1st ACM conference on electronic commerce (EC-99). ACM Press

  24. Jajodia S, Samarati P, Sapino K, Subrahmanian V (2001) Flexible Support for Multiple Access Control Policies. ACM Trans Database Syst 26(2):214–260

    Article  MATH  Google Scholar 

  25. Lamport (1994) The temporal logic of actions, ACM Transactions on Programming Languages and Systems (TOPLAS), vol 6(3), pp 872–923. ACM

  26. Lee A, Boyer J, Olson L, Gunter C (2006) Defeasible Security Policy Composition for Web Services. In: Proceedings of the 4th ACM workshop on formal methods in security, USA, pp 45– 54

  27. Moubaiddin A, Obeid N (2008) Dialogue and Argumentation in Multi-agent Diagnosis. In: Nguyen NT, Katarzyniak R (eds) Proceedings of 21st International Conference on Industrial, Engineering and Other Applications of Applied Intelligent Systems. New Challenges in Applied Intelligence Technologies, Studies in Computational Intelligence, vol 134, pp 13–22

  28. Moubaiddin A, Obeid N (2009) Partial Information Basis for Agent-Based Collaborative Dialogue. Appl Intell 30(2):142– 167

    Article  Google Scholar 

  29. Moubaiddin A, Obeid N (2013) On Formalizing Social Commitments in Dialogue and Argumentation Models Using Temporal Defeasible Logic. Knowl Inf Syst 37(2):417–452

    Article  Google Scholar 

  30. Nute D (1994) Defeasible Logic (Chapter). In: Handbook of Logic in Artificial Intelligence and Logic Programming, vol 3. Oxford University Press, pp 353–395

  31. Obeid N (1996) Three Valued Logic and Nonmonotonic Reasoning. Comput Artif Intell 15(6):509–530

    MathSciNet  MATH  Google Scholar 

  32. Obeid N (2000) Towards a Model of Learning through Communication. Knowl Inf Syst 2(4):498–508

    Article  MATH  Google Scholar 

  33. Obeid N (2005) A Formalism for Representing and Reasoning with Temporal Information, Event and Change. Appl Intell 23(2):109–119

    Article  MathSciNet  Google Scholar 

  34. Obeid N, Rao RBKN (2010) On Integrating Event Definition and Event Detection. Knowl Inf Syst 22 (2):129–158

    Article  Google Scholar 

  35. Obeid N, Moubaiddin A (2009) On The Role Of Dialogue And Argumentation In Collaborative Problem Solving. In: Proceedings of 9th international conference on intelligent systems design and applications. IEEE, Italy, pp 1202–1208

  36. Reeves D, Grosof B, Wellman M, Chan H (1999) Towards a Declarative Language for Negotiating Executable Contracts. In: Proceedings of the AAAI-99 workshop on artificial intelligence in electronic commerce (AIEC-99). AAAI Press / MIT Press

  37. Sabri K, Khedri R, Jaskolka J (2009) Verification of Information Flow in Agent-Based Systems. In: Babin G, Kropf P, Weiss M (eds) Proceedings of the 4th MCETECH Conference on e-Technologies, Lecture Notes in Business Information Processing, vol 26, pp 252–266. Springer

  38. Samarati P, De Capitani di Vimercati S (2001) Access Control: Policies, Models, and Mechanisms, in Foundations of Security Analysis and Design. In: Focardi R, Gorrieri R (eds) LNCS 2171, pp 137–196. Springer-Verlag

  39. Sandhu R, Coyne E, Feinstein H, Youman C (1996) Role-Based Access Control Models. Computer 29(2):38–47

    Article  Google Scholar 

  40. Siewe F, Cau A, Zedan H (2003) A Compositional Framework for Access Control Policies Enforcement. In: Proceedings of ACM workshop on formal methods in security engineering, USA, pp 32–42

  41. Stoller S, Yang P, Ramakrishnan C, Gofman M (2007) Efficient Policy Analysis for Administrative Role Based Access Control. In: ACM conference on computer and communications security, pp 445–455

  42. Thomas R (1997) Team-Based Access Control (TBAC): A Primitive for Applying Role-Based Access Controls in Collaborative Environments. In: Proceedings of the 2nd ACM workshop on role-based access control, USA, pp 13–19

  43. Thomas R, Sandhu R (1998) Task-Based Authorization Controls (TBAC): A Family of Models for Active and Enterprise-Oriented Autorization Management. In: Proceedings of the IFIP TC11 WG11.3 11th international conference on database security XI: Status and Prospects, London, pp 166–181

  44. Wilikens M, Feriti S, Sanna A, Masera M (2002) A Context-Related Authorization and Access Control Method Based on RBAC. In: Proceedings of the 7th ACM symposium on access control models and technologies, SACMAT ’02, USA, pp 117–124

  45. Woo T, Lam S (1998) Designing a Distributed Authorization Service. In: 17th annual joint conference of the IEEE computer and communications societies, vol 2, pp 419–429

  46. Zhang X, Parisi-Presicce F, Sandhu R, Park J (2005) Formal Model and Policy Specification of Usage Control. ACM Trans Inf Syst Secur 8(4):351–387

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. King Abdullah II School for Information Technology, The University of Jordan, Amman, Jordan

    Khair Eddin Sabri & Nadim Obeid

Authors
  1. Khair Eddin Sabri
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Nadim Obeid
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Khair Eddin Sabri.

Appendix: A time theory based on points and intervals (PI)

Appendix: A time theory based on points and intervals (PI)

Let i, j, k, r, m ,n ∈ I and p, p 1 ∈ P. Let → be the implication of classical logic and A \(\leftrightarrow \) B iff (A → B)&(B → A).

A time structure is a tuple, M T=〈P, I, <P , Meets, In 〉 where

  1. (1)

    P and I are non-empty sets of points and intervals respectively,

  2. (2)

    <P is a precedence relation on points of time. <P has the following properties:

    1. (P1)

      (p 1 <P p 2) & (p 2 <P p 3) → p 1 <P p 3 (Transitivity)

    2. (P2)

      \(\lnot \) (p 1 <P p 1) (Irreflexivity)

    3. (P3)

      (p 1 <P p 2) ∨ (p 1= p 2) ∨ (p 2 <P p 1) (linearity)

    4. (P4)

      (∀p) (∃ p 1)(p <P p 1) (U-Unboundedness)

    5. (P5)

      (∀p) (∃ p 1)(p 1 <P p) (L-Unboundedness)

    6. (P6)

      (∀p 1, p 2)(p 1 <P p 2)(∃p 3)(p 1 <P p 3 & p 3 <P p 2) (Density)

(P4) (resp. P5) states that for any time point p, there exists a point p 1 that comes after it, U-Unboundedness (resp. before it, L-Unboundedness).

  1. (3)

    Meets is axiomatized [1] as follows:

  1. (I1)

    (∀ i, j) (∃ k) (Meets(i, k) & Meets(j, k) → (∀ r) (Meets(i, r) ≡ Meets(j, r))

  2. (I2)

    (∀ i, j) (∃ k) (Meets(k, i) & Meets(k, j) → (∀ r) (Meets(r, i) ≡ Meets(r, j))

  3. (I3)

    (∀ i, j, k, r)(Meets(i, j) & Meets(k, r) → Meets(i, r) XOR

    (∃ m)(Meets(i, m) & Meets(m,r) XOR

    (∃ n)(Meets(k, n) & Meets(n, j)

  4. (I4)

    (∀ i)((∃ j, k)(Meets(j, i) & Meets(i, k))

  5. (I5)

    (∀ i, j)(Meets(i, j) → (∃ k = i + j,)(∃ m,n)(Meets(m, i) & Meets(i, j) &Meets(j, n) & Meets(m, k) & Meets(k, n))

where XOR denotes exclusive OR. (I1) and (I2) state that every interval has a unique start point and a unique end point. (I3) defines all the possible relations between any two meeting places. (I4) states that every interval has one interval that precedes and an interval that succeeds it. k = i + j is only definable if Meets(i, j) holds and k contains exactly i, j and their meeting points p, i.e., k = i\(\cup \){p} \(\cup \)j. (I5) states that for any two adjacent intervals i and j, there exists an interval k such that k = i + j.

(4) In is a point-interval relation that is governed by the following axiom:

(PI 1):

(∀i)(∃p 1, p 2) (In(p 1, i) & In(p 2, i) & (p 1 ≠ p 2) & (p 1 <P p 2))

We may add the following definition:

Definition A.1

Let t ∈ P\(\cup \)I. Duration (t) = 0 iff t ∈ P and Duration(t) > 0 iff t ∈ I.

Given the above set of axioms we may define other interval-interval relations. It is well known that there are 13 different binary relations between intervals on a linear order (and quite a few more on a partial ordering) as shown in Fig. 2.

Fig. 2
figure 2

Binary relations between intervals

Full size image

We may also define point-interval relations. Let p, p 1, p 2 ∈ P and t, t 1 ∈ I. Begin(p,t) states that p is the lower limit (beginning) of t. End(p,t) states that p is the Upper limit (end) of t. Begin(p,t) and End(p,t) can be defined as:

(Def1):

Begin(p,t) iff (∀p 1)[(In(p 1, t) → p ≤ P p 1) and

(∀p 2) if (p 2 ≠ p and (In(p 1 , t) → p 2 <P p 1) then p 2 <P p].(Def2) End(p,t) iff (∀p 1)[(In(p 1, t) → p 1 <P p) and

(∀p 2):

if (p 2 ≠ p and (In(p 1 , t) → p 1 <P p 2) then p <P p2].

From these definitions, we may derive the following axioms:

(PI 2):

(∀t) (∀p) (∀p 1)(Begin(p,t)&End(p 1,t) → p <P p 1)

(PI 3):

(∀t)(∃p)(∃p 1)(Begin(p,t)&End(p 1,t))

(PI 4):

(∀t)(Begin(p,t)&Begin(p 1,t)) → p = p1

(PI 5):

(∀t)(End(p,t)&End(p 1,t)) → p = p1

(PI 6):

(∀t) (∀t1)(Begin(p,t)&End(p 1,t)&Begin(p, t1)&End (p 1, t 1)) → t = t 1.

(Def3):

Before(p,t) iff p <P p 1 where Begin(p 1, t).

(Def4):

After(p,t) iff p 2 <P p where End(p 2, t).

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Sabri, K.E., Obeid, N. A temporal defeasible logic for handling access control policies. Appl Intell 44, 30–42 (2016). https://doi.org/10.1007/s10489-015-0692-8

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10489-015-0692-8

Keywords

Search

Navigation