Computing in Horn clause theories
Computing in Horn clause theories
Term rewriting and all that
An algebra for composing access control policies
ACM Transactions on Information and System Security (TISSEC)
Delegation logic: A logic-based approach to distributed authorization
ACM Transactions on Information and System Security (TISSEC)
Agents, trust, and information access on the semantic web
ACM SIGMOD Record
Binder, a Logic-Based Security Language
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
KAoS Policy Management for Semantic Web Services
IEEE Intelligent Systems
The Description Logic Handbook
The Description Logic Handbook
Analyzing web access control policies
Proceedings of the 16th international conference on World Wide Web
Pellet: A practical OWL-DL reasoner
Web Semantics: Science, Services and Agents on the World Wide Web
A rewriting framework for the composition of access control policies
Proceedings of the 10th international ACM SIGPLAN conference on Principles and practice of declarative programming
Analysis of Rewrite-Based Access Control Policies
Electronic Notes in Theoretical Computer Science (ENTCS)
Using semantic web technologies for policy management on the web
AAAI'06 proceedings of the 21st national conference on Artificial intelligence - Volume 2
Term rewriting for access control
DBSEC'06 Proceedings of the 20th IFIP WG 11.3 working conference on Data and Applications Security
Representation and reasoning on RBAC: a description logic approach
ICTAC'05 Proceedings of the Second international conference on Theoretical Aspects of Computing
Modular access control via strategic rewriting
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
| Hi-index | 0.00 |
This paper presents a rule-based, domain specific language for modeling access control policies which is particularly suitable for managing security in the semantic web, since (i) it allows one to evaluate authorization requests according to semantic information retrieved from remote knowledge bases; (ii) it supports semantic-based policy composition, delegation and closure via flexible operators which can be defined by security administrators in a pure declarative way with little effort. The operational engine of the language smoothly integrates description logic into standard term rewriting giving support to reasoning capabilities which are particularly useful in this context, since they allow one to naturally combine and reuse data extracted from multiple knowledge bases. Such a rewrite engine can be used to evaluate authorization requests w.r.t. a policy specification as well as to formally check properties regarding the security domain to be protected. The language we propose has been implemented in a prototypical system, which is written in Haskell. Some case studies have been analyzed to highlight the potentiality of our approach.