Tabled evaluation with delaying for general logic programs
Journal of the ACM (JACM)
Termination analysis for abductive general logic programs
Proceedings of the 1999 international conference on Logic programming
Foundations of Databases: The Logical Level
Foundations of Databases: The Logical Level
OLD Resolution with Tabulation
Proceedings of the Third International Conference on Logic Programming
DATALOG with Constraints: A Foundation for Trust Management Languages
PADL '03 Proceedings of the 5th International Symposium on Practical Aspects of Declarative Languages
Design of a Role-Based Trust-Management Framework
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Binder, a Logic-Based Security Language
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Towards Practical Automated Trust Negotiation
POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
Abduction in well-founded semantics and generalized stable models via tabled dual programs
Theory and Practice of Logic Programming
Cassandra: Distributed Access Control Policies with Tunable Expressiveness
POLICY '04 Proceedings of the Fifth IEEE International Workshop on Policies for Distributed Systems and Networks
Cassandra: Flexible Trust Management, Applied to Electronic Health Records
CSFW '04 Proceedings of the 17th IEEE workshop on Computer Security Foundations
KNOW Why your access was denied: regulating feedback for usable security
Proceedings of the 11th ACM conference on Computer and communications security
Design and Semantics of a Decentralized Authorization Language
CSF '07 Proceedings of the 20th IEEE Computer Security Foundations Symposium
Advanced Policy Explanations on the Web
Proceedings of the 2006 conference on ECAI 2006: 17th European Conference on Artificial Intelligence August 29 -- September 1, 2006, Riva del Garda, Italy
A logic for state-modifying authorization policies
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
Interactive access control for autonomic systems: From theory to implementation
ACM Transactions on Autonomous and Adaptive Systems (TAAS)
Development and Verification of Rule Based Systems -- A Survey of Developers
RuleML '08 Proceedings of the International Symposium on Rule Representation, Interchange and Reasoning on the Web
Expressive policy analysis with enhanced system dynamicity
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
A logic for state-modifying authorization policies
ACM Transactions on Information and System Security (TISSEC)
SecPAL: Design and semantics of a decentralized authorization language
Journal of Computer Security - Digital Identity Management (DIM 2007)
A practical generic privacy language
ICISS'10 Proceedings of the 6th international conference on Information systems security
Semi-automatic synthesis of security policies by invariant-guided abduction
FAST'10 Proceedings of the 7th International conference on Formal aspects of security and trust
Abductive analysis of administrative policies in rule-based access control
ICISS'11 Proceedings of the 7th international conference on Information Systems Security
Datalog for security, privacy and trust
Datalog'10 Proceedings of the First international conference on Datalog Reloaded
On the verification of security-aware E-services
Journal of Symbolic Computation
An Integrated Approach for the Enforcement of Contextual Permissions and Pre-Obligations
International Journal of Mobile Computing and Multimedia Communications
Information flow in trust management systems
Journal of Computer Security - CSF 2010
Hi-index | 0.00 |
Declarative authorization languages promise to simplify the administration of access control systems by allowing the authorization policy to be factored out of the implementation of the resource guard. However, writing a correct policy is an error-prone task by itself, and little attention has been given to tools and techniques facilitating the analysis of complex policies, especially in the context of access denials. We propose the use of abduction for policy analysis, for explaining access denials and for automated delegation. We show how a deductive policy evaluation algorithm can be conservatively extended to perform abduction on Datalog-based authorization policies, and present soundness, completeness and termination results.