A logical framework for reasoning about access control models
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
A logical framework for reasoning about access control models
ACM Transactions on Information and System Security (TISSEC)
A Content-Based Authorization Model for Digital Libraries
IEEE Transactions on Knowledge and Data Engineering
Access Control for XML Document
IEA/AIE '08 Proceedings of the 21st international conference on Industrial, Engineering and Other Applications of Applied Intelligent Systems: New Frontiers in Applied Artificial Intelligence
A logic program solution for conflict authorizations
ACOS'06 Proceedings of the 5th WSEAS international conference on Applied computer science
Theoretical Computer Science
History-dependent inference control of queries by dynamic policy adaption
DBSec'11 Proceedings of the 25th annual IFIP WG 11.3 conference on Data and applications security and privacy
A logic based approach for dynamic access control
AI'04 Proceedings of the 17th Australian joint conference on Advances in Artificial Intelligence
A new approach for conflict resolution of authorization
KES'05 Proceedings of the 9th international conference on Knowledge-Based Intelligent Information and Engineering Systems - Volume Part I
A modal logic for information system security
AISC '11 Proceedings of the Ninth Australasian Information Security Conference - Volume 116
Dynamic policy adaptation for inference control of queries to a propositional information system
Journal of Computer Security - DBSec 2011
Hi-index | 0.00 |
This paper describes an advanced authorization mechanism basedon a logic formalism. The model supports both positive and negativeauthorizations. It also supports derivation rules by which anauthorization can be granted on the basis of the presence orabsence of other authorizations. Subjects, objects andauthorization types are organized into hierarchies, supporting amore adequate representation of their semantics. From theauthorizations explicitly specified, additional authorizations areautomatically derived by the system, based on those hierarchies.The combination of all the above features results in a powerful yetflexible access control mechanism.The logic formalism on which the system relies is an extensionof Ordered Logic with ordered domains. This is an elegant yetpowerful formalism whereby the basic concepts of the authorizationmodel can be naturally formalized. Its semantics is based on thenotion of stable model and assigns, to a given set of authorizationrules, a multiplicity of (stable) models, each representing apossible way of assigning access authorizations. This form ofnon-determinism entails an innovative approach to enforce accesscontrol: when an access request is issued, the appropriate model(set of consistent access authorizations) is chosen, on the basisof the accesses currently under execution in the system.