A modal logic for information system security

Authors:
Yun Bai;Khaled M. Khan
Affiliations:
University of Western Sydney, Penrith South DC, Australia;Qatar University, Qatar
Venue:
AISC '11 Proceedings of the Ninth Australasian Information Security Conference - Volume 116
Year:
2011

Citing 13
Cited 0

Reasoning about knowledge

Reasoning about knowledge
A formal specification of an authorization model for object-oriented databases

Proceedings of the ninth annual IFIP TC11 WG11.3 working conference on Database security IX : status and prospects: status and prospects
Flexible support for multiple access control policies

ACM Transactions on Database Systems (TODS)
An authorization model for temporal and derived data: securing information portals

ACM Transactions on Information and System Security (TISSEC)
Knowledge Representation, Reasoning, and Declarative Problem Solving

Knowledge Representation, Reasoning, and Declarative Problem Solving
A logical framework for reasoning about access control models

ACM Transactions on Information and System Security (TISSEC)
On transformation of authorization policies

Data & Knowledge Engineering
A logic-based approach for enforcing access control[1]A preliminary version of this paper appears in the Proceedings of the 5th European Symposium on Research in Computer Security (ESORICS’98), Louvain-La-Neuve, Belgium, September 1998 under the title “An Authorization Model and its Formal Semantics”.

Journal of Computer Security
Delegation in role-based access control

International Journal of Information Security
Security policy refinement and enforcement for the design of multi-level secure systems

Journal of Computer Security - Privacy, Security and Trust (PST) Technologies: Evolution and Challenges
Non-delegatable authorities in capability systems

Journal of Computer Security
Epistemic reasoning in logic programs

IJCAI'07 Proceedings of the 20th international joint conference on Artifical intelligence
Supporting multiple access control policies in database systems

SP'96 Proceedings of the 1996 IEEE conference on Security and privacy

Quantified Score

Hi-index	0.00

Visualization

Abstract

As a security mechanism, authorization or access control ensures that all accesses to the system resources occur exclusively according to the access polices and rules specified by the system security agent. Authorization specification has been extensively studied and a variety of approaches have been investigated. In this paper, we propose a knowledge oriented formal language to specify the system security policies and their reasoning in response to system resource access request. The semantics of our language is provided by translating our language into epistemic logic program in which knowledge related modal operators are employed to represent agents' knowledge in reasoning. We demonstrate how our authorization language handles the situation where the security agent's knowledge on access decision is incomplete.