A logic-based approach for enforcing access control[1]A preliminary version of this paper appears in the Proceedings of the 5th European Symposium on Research in Computer Security (ESORICS’98), Louvain-La-Neuve, Belgium, September 1998 under the title “An Authorization Model and its Formal Semantics”.

Authors:
Elisa Bertino;Francesco Buccafurri;Elena Ferrari;Pasquale Rullo
Affiliations:
Dipartimento di Scienze dell’Informazione, Università degli Studi di Milano, Via Comelico 39/41, 20135 Milano, Italy E-mail: {bertino,ferrarie}@dsi.unimi.it;Dipartimento DIMET, Università di Reggio Calabria, Feo di Vito, 89100 Reggio Calabria, Italy E-mail: bucca@ns.ing.unirc.it;(Correspd.) Dipo. di Scienze dell’Informazione, Università degli Studi di Milano, Via Comelico 39/41, 20135 Milano, Italy E-mail: {bertino,ferrarie}@dsi.unimi.it;Dipartimento di Matematica, Università della Calabria, Arcavacata di Rende, 87030 Rende, Italy E-mail: rullo@si.deis.unical.it
Venue:
Journal of Computer Security
Year:
2000

Citing 0
Cited 11

A logical framework for reasoning about access control models

SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
A logical framework for reasoning about access control models

ACM Transactions on Information and System Security (TISSEC)
A Content-Based Authorization Model for Digital Libraries

IEEE Transactions on Knowledge and Data Engineering
Access Control for XML Document

IEA/AIE '08 Proceedings of the 21st international conference on Industrial, Engineering and Other Applications of Applied Intelligent Systems: New Frontiers in Applied Artificial Intelligence
A logic program solution for conflict authorizations

ACOS'06 Proceedings of the 5th WSEAS international conference on Applied computer science
A sound and complete model-generation procedure for consistent and confidentiality-preserving databases

Theoretical Computer Science
History-dependent inference control of queries by dynamic policy adaption

DBSec'11 Proceedings of the 25th annual IFIP WG 11.3 conference on Data and applications security and privacy
A logic based approach for dynamic access control

AI'04 Proceedings of the 17th Australian joint conference on Advances in Artificial Intelligence
A new approach for conflict resolution of authorization

KES'05 Proceedings of the 9th international conference on Knowledge-Based Intelligent Information and Engineering Systems - Volume Part I
A modal logic for information system security

AISC '11 Proceedings of the Ninth Australasian Information Security Conference - Volume 116
Dynamic policy adaptation for inference control of queries to a propositional information system

Journal of Computer Security - DBSec 2011

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper describes an advanced authorization mechanism basedon a logic formalism. The model supports both positive and negativeauthorizations. It also supports derivation rules by which anauthorization can be granted on the basis of the presence orabsence of other authorizations. Subjects, objects andauthorization types are organized into hierarchies, supporting amore adequate representation of their semantics. From theauthorizations explicitly specified, additional authorizations areautomatically derived by the system, based on those hierarchies.The combination of all the above features results in a powerful yetflexible access control mechanism.The logic formalism on which the system relies is an extensionof Ordered Logic with ordered domains. This is an elegant yetpowerful formalism whereby the basic concepts of the authorizationmodel can be naturally formalized. Its semantics is based on thenotion of stable model and assigns, to a given set of authorizationrules, a multiplicity of (stable) models, each representing apossible way of assigning access authorizations. This form ofnon-determinism entails an innovative approach to enforce accesscontrol: when an access request is issued, the appropriate model(set of consistent access authorizations) is chosen, on the basisof the accesses currently under execution in the system.