Tabled evaluation with delaying for general logic programs
Journal of the ACM (JACM)
The ARBAC97 model for role-based administration of roles: preliminary description and outline
RBAC '97 Proceedings of the second ACM workshop on Role-based access control
An access control model supporting periodicity constraints and temporal reasoning
ACM Transactions on Database Systems (TODS)
Workflow, transactions and datalog
PODS '99 Proceedings of the eighteenth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems
A logical framework for reasoning about access control models
ACM Transactions on Information and System Security (TISSEC)
Extending Datalog with Declarative Updates
Journal of Intelligent Information Systems
An Abductive Approach for Analysing Event-Based Requirements Specifications
ICLP '02 Proceedings of the 18th International Conference on Logic Programming
DATALOG with Constraints: A Foundation for Trust Management Languages
PADL '03 Proceedings of the 5th International Symposium on Practical Aspects of Declarative Languages
The Ponder Policy Specification Language
POLICY '01 Proceedings of the International Workshop on Policies for Distributed Systems and Networks
Results on Reasoning about Updates in Transaction Logic
ILPS '97 International Seminar on Logic Databases and the Meaning of Change, Transactions and Change in Logic Databases
Separation of Duty in Role-based Environments
CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
Analysis of SPKI/SDSI Certificates Using Model Checking
CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
Using Event Calculus to Formalise Policy Specification and Analysis
POLICY '03 Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks
Design of a Role-Based Trust-Management Framework
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Binder, a Logic-Based Security Language
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
A Practically Implementable and Tractable Delegation Logic
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
SD3: A Trust Management System with Certified Evaluation
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Enhancing the expressive power of the U-Datalog language
Theory and Practice of Logic Programming
Security analysis in role-based access control
Proceedings of the ninth ACM symposium on Access control models and technologies
Cassandra: Flexible Trust Management, Applied to Electronic Health Records
CSFW '04 Proceedings of the 17th IEEE workshop on Computer Security Foundations
A logic-based framework for attribute based access control
Proceedings of the 2004 ACM workshop on Formal methods in security engineering
SLA Representation, Management and Enforcement
EEE '05 Proceedings of the 2005 IEEE International Conference on e-Technology, e-Commerce and e-Service (EEE'05) on e-Technology, e-Commerce and e-Service
Verification and change-impact analysis of access-control policies
Proceedings of the 27th international conference on Software engineering
Beyond proof-of-compliance: security analysis in trust management
Journal of the ACM (JACM)
Timed constraint programming: a declarative approach to usage control
PPDP '05 Proceedings of the 7th ACM SIGPLAN international conference on Principles and practice of declarative programming
Policy Analysis for Administrative Role Based Access Control
CSFW '06 Proceedings of the 19th IEEE workshop on Computer Security Foundations
Design and Semantics of a Decentralized Authorization Language
CSF '07 Proceedings of the 20th IEEE Computer Security Foundations Symposium
The role of abduction in declarative authorization policies
PADL'08 Proceedings of the 10th international conference on Practical aspects of declarative languages
Specifying and reasoning about dynamic access-control policies
IJCAR'06 Proceedings of the Third international joint conference on Automated Reasoning
A logic for state-modifying authorization policies
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
Service Oriented Computing and Applications
A knowledge-based verification method for dynamic access control policies
ICFEM'11 Proceedings of the 13th international conference on Formal methods and software engineering
Abductive analysis of administrative policies in rule-based access control
ICISS'11 Proceedings of the 7th international conference on Information Systems Security
PlexC: a policy language for exposure control
Proceedings of the 17th ACM symposium on Access Control Models and Technologies
Automated analysis of rule-based access control policies
PLPV '13 Proceedings of the 7th workshop on Programming languages meets program verification
An Integrated Approach for the Enforcement of Contextual Permissions and Pre-Obligations
International Journal of Mobile Computing and Multimedia Communications
Hi-index | 0.00 |
Administering and maintaining access control systems is a challenging task, especially in environments with complex and changing authorization requirements. A number of authorization logics have been proposed that aim at simplifying access control by factoring the authorization policy out of the hard-coded resource guard. However, many policies require the authorization state to be updated after a granted access request, for example, to reflect the fact that a user has activated or deactivated a role. Current authorization languages cannot express such state modifications; these still have to be hard-coded into the resource guard. We present a logic for specifying policies where access requests can have effects on the authorization state. The logic is semantically defined by a mapping to Transaction Logic. Using this approach, updates to the state are factored out of the resource guard, thus enhancing maintainability and facilitating more expressive policies that take the history of access requests into account. We also present a sound and complete proof system for reasoning about sequences of access requests. This gives rise to a goal-oriented algorithm for finding minimal sequences that lead to a specified target authorization state.