A logic-based calculus of events
New Generation Computing
Foundations of logic programming; (2nd extended ed.)
Foundations of logic programming; (2nd extended ed.)
Arithmetic classification of perfect models of stratified programs
Fundamenta Informaticae - Special issue on LOGIC PROGRAMMING
A transformation system for deductive database modules with perfect model semantics
Theoretical Computer Science
A calculus for access control in distributed systems
ACM Transactions on Programming Languages and Systems (TOPLAS)
The alternating fixpoint of logic programs with negation
PODS '89 Selected papers of the eighth ACM SIGACT-SIGMOD-SIGART symposium on Principles of database systems
Role-Based Access Control Models
Computer
Tabled evaluation with delaying for general logic programs
Journal of the ACM (JACM)
Transformations of CLP modules
Theoretical Computer Science
From logic programming to Prolog
From logic programming to Prolog
On the semantics of “now” in databases
ACM Transactions on Database Systems (TODS)
An access control model supporting periodicity constraints and temporal reasoning
ACM Transactions on Database Systems (TODS)
TRBAC: a temporal role-based access control model
RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
Flexible support for multiple access control policies
ACM Transactions on Database Systems (TODS)
Proposed NIST standard for role-based access control
ACM Transactions on Information and System Security (TISSEC)
Policy algebras for access control: the propositional case
CCS '01 Proceedings of the 8th ACM conference on Computer and Communications Security
An algebra for composing access control policies
ACM Transactions on Information and System Security (TISSEC)
Certificate chain discovery in SPKI?SDSI
Journal of Computer Security
Intelligent Database Systems
A model of OASIS role-based access control and its support for active security
ACM Transactions on Information and System Security (TISSEC)
Policy algebras for access control the predicate case
Proceedings of the 9th ACM conference on Computer and communications security
Delegation logic: A logic-based approach to distributed authorization
ACM Transactions on Information and System Security (TISSEC)
A Policy Language for a Pervasive Computing Environment
POLICY '03 Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks
Design of a Role-Based Trust-Management Framework
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Binder, a Logic-Based Security Language
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Managing and Sharing Servents' Reputations in P2P Systems
IEEE Transactions on Knowledge and Data Engineering
Access Control Meets Public Key Infrastructure, Or: Assigning Roles to Strangers
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
SD3: A Trust Management System with Certified Evaluation
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Flexible access control policy specification with constraint logic programming
ACM Transactions on Information and System Security (TISSEC)
Technologies for Trust in Electronic Commerce
Electronic Commerce Research
A Semantic Web Primer
The UCONABC usage control model
ACM Transactions on Information and System Security (TISSEC)
Cassandra: Distributed Access Control Policies with Tunable Expressiveness
POLICY '04 Proceedings of the Fifth IEEE International Workshop on Policies for Distributed Systems and Networks
Efficient and flexible access control via logic program specialisation
Proceedings of the 2004 ACM SIGPLAN symposium on Partial evaluation and semantics-based program manipulation
A logic-based framework for attribute based access control
Proceedings of the 2004 ACM workshop on Formal methods in security engineering
A Generalized Temporal Role-Based Access Control Model
IEEE Transactions on Knowledge and Data Engineering
Formal model and policy specification of usage control
ACM Transactions on Information and System Security (TISSEC)
Efficient and flexible access control via Jones-optimal logic program specialisation
Higher-Order and Symbolic Computation
iTrust'05 Proceedings of the Third international conference on Trust Management
Semantic web architecture: stack or two towers?
PPSWR'05 Proceedings of the Third international conference on Principles and Practice of Semantic Web Reasoning
Secure knowledge management: confidentiality, trust, and privacy
IEEE Transactions on Systems, Man, and Cybernetics, Part A: Systems and Humans
The next 700 access control models or a unifying meta-model?
Proceedings of the 14th ACM symposium on Access control models and technologies
Personalizing access control by generalizing access control
Proceedings of the 15th ACM symposium on Access control models and technologies
DBSec'10 Proceedings of the 24th annual IFIP WG 11.3 working conference on Data and applications security and privacy
Socially constructed trust for distributed authorization
ESORICS'11 Proceedings of the 16th European conference on Research in computer security
The scientific contribution of marek sergot
Logic Programs, Norms and Action
Logic Programs, Norms and Action
Logical approaches to authorization policies
Logic Programs, Norms and Action
HealthSec'12 Proceedings of the 3rd USENIX conference on Health Security and Privacy
Mobi-CoSWAC: an access control approach for collaborative scientific workflow in mobile environment
ICPCA/SWS'12 Proceedings of the 2012 international conference on Pervasive Computing and the Networked World
An information flow control meta-model
Proceedings of the 18th ACM symposium on Access control models and technologies
| Hi-index | 0.00 |
Despite their widespread adoption, Role-based Access Control (RBAC) models exhibit certain shortcomings that make them less than ideal for deployment in, for example, distributed access control. In the distributed case, standard RBAC assumptions (e.g., of relatively static access policies, managed by human users, with complete information available about users and job functions) do not necessarily apply. Moreover, RBAC is restricted in the sense that it is based on one type of ascribed status, an assignment of a user to a role. In this article, we introduce the status-based access control (SBAC) model for distributed access control. The SBAC model (or family of models) is based on the notion of users having an action status as well as an ascribed status. A user's action status is established, in part, from a history of events that relate to the user; this history enables changing access policy requirements to be naturally accommodated. The approach can be implemented as an autonomous agent that reasons about the events, actions, and a history (of events and actions), which relates to a requester for access to resources, in order to decide whether the requester is permitted the access sought. We define a number of algebras for composing SBAC policies, algebras that exploit the language that we introduce for SBAC policy representation: identification-based logic programs. The SBAC model is richer than RBAC models and the policies that can be represented in our approach are more expressive than the policies admitted by a number of monotonic languages that have been hitherto described for representing distributed access control requirements. Our algebras generalize existing algebras that have been defined for access policy composition. We also describe an approach for the efficient implementation of SBAC policies.