ABSTRACT
In this paper, we describe a logic based authorization program and its implementation. Weighted Delegatable Authorization Program (WDAP) is a logic based framework supporting weighted authorizations and weighted administrative privilege delegations in a decentralised access control system. In this paper we describe various aspects about WDAP and show how it can be used to specify complex security policies. The access control policy is also given. The program Smodels is a widely used system that implements the answer set semantics for extended logic programs. We show how to use Smodels to implement WDAP.
- M.Abadi, M.Burrows, B.Lampson, G.Plotkin, A calculus for access control in distributed systems. ACM Trans. on programming languages and systems, 15(4):706--734, 1993. Google ScholarDigital Library
- E. Barka and R. Sandhu, Framework for role-based delegation models. Proceedings of 16th Annual Computer Security Applications Conference, pp 168--176, 2000. Google ScholarDigital Library
- E. Bertino, F.buccafurri, E.Ferrari, P.Rullo, A logical framework for reasoning on data access control policies. proceedings of the 12th IEEE Computer Society Foundations Workshop, IEEE Computer Society Press, Los Alamitos, 1999, pp.175--189. Google ScholarDigital Library
- M.Gelfond and V.Lifschitz, The stable model semantics for logic programming. Proc.5th Int. Conf. on Logic Programming, MIT Press. pp.1070--1080, 1988.Google Scholar
- M.Gelfond and V.Lifschitz, Classical negation in logic programs and disjunctive databases. New Generation Computing, 9:pp365--385, 1991.Google ScholarDigital Library
- S. Jajodia, P. Samarati, and V.S. Subrahmanian, A logical language for expressing authorizations. In Proceedings of the 1997 IEEE Symposium on Security and Privacy, IEEE Computer Society Press, pp 31--42, 1997. Google ScholarDigital Library
- N. Li, B.N. Grosof, and J. Feigenbaum, Delegation Logic: A Logic-based approach to distributed authorization. ACM Transactions on Information and Systems Security, 6(1): 128--171 2003. Google ScholarDigital Library
- C. Ruan and V. Varadharajan, Reasoning on weighted delegatable authorizations. Proceedings of the 20th International Conference on Database and Expert Systems Applications. Springer Lecture Notes in Computer Science 5690, pp 279--286, 2009. ISSN 0302--9743. Google ScholarDigital Library
- C. Ruan and V. Varadharajan, A weighted graph approach to authorization delegation and conflict resolution. In Proc. of the 9th Australasian Conference on Information Security and Privacy, pp 402--413, 2004.Google ScholarCross Ref
- A. Schaad. Conflict detection in a role-based delegation model. Proceedings of Annual Computer Security Applications Conference, 2001. Google ScholarDigital Library
- A.Van Gelder, K, Ross and J. S. Schlipf, Unfounded sets and well-founded semantics for general logic programs. Proc. Seventh Symp. on Principles of Database Systems, 1988,221--230. Google ScholarDigital Library
- T. Woo and S. Lam, Authorization in distributed systems: a formal approach. Proceedings of IEEE on Research in Security and Privacy, pp33--50,1992.Google ScholarDigital Library
- X. Zhang, S. Oh, and R. Sandhu, PBDM: A flexible delegation model in RBAC. Proceedings of the 8th ACM Symposium on Access Control Models and Technologies, pp 2003 Google ScholarDigital Library
Index Terms
- Logic based authorization program and its implementation
Recommendations
A logic for state-modifying authorization policies
Administering and maintaining access control systems is a challenging task, especially in environments with complex and changing authorization requirements. A number of authorization logics have been proposed that aim at simplifying access control by ...
An authorization mechanism for a relational database system
A multiuser database system must selectively permit users to share data, while retaining the ability to restrict data access. There must be a mechanism to provide protection and security, permitting information to be accessed only by properly authorized ...
Policy administration in tag-based authorization
FPS'12: Proceedings of the 5th international conference on Foundations and Practice of SecurityTag-Based Authorization (TBA) is a hybrid access control model that combines the ease of use of extensional access control models with the expressivity of logic-based formalisms. The main limitation of TBA is that it lacks support for policy ...
Comments