A logical framework for reasoning about access control models

Authors:
Elisa Bertino;Barbara Catania;Elena Ferrari;Paolo Perlasca
Affiliations:
Univ. of Milano, Milan, Italy;Univ. of Milano, Milan, Italy;Univ. of Milano, Milan, Italy;Univ. of Milano, Milan, Italy
Venue:
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
Year:
2001

Citing 9
Cited 24

Foundations of logic programming; (2nd extended ed.)

Foundations of logic programming; (2nd extended ed.)
Principles of database and knowledge-base systems, Vol. I

Principles of database and knowledge-base systems, Vol. I
Database security

Database security
Role-Based Access Control Models

Computer
A unified framework for enforcing multiple access control policies

SIGMOD '97 Proceedings of the 1997 ACM SIGMOD international conference on Management of data
An access control model supporting periodicity constraints and temporal reasoning

ACM Transactions on Database Systems (TODS)
COMPLEX: An Object-Oriented Logic Programming System

IEEE Transactions on Knowledge and Data Engineering
An Extended Authorization Model for Relational Databases

IEEE Transactions on Knowledge and Data Engineering
A logic-based approach for enforcing access control[1]A preliminary version of this paper appears in the Proceedings of the 5th European Symposium on Research in Computer Security (ESORICS’98), Louvain-La-Neuve, Belgium, September 1998 under the title “An Authorization Model and its Formal Semantics”.

Journal of Computer Security

Dynamic access control: preserving safety and trust for network defense operations

Proceedings of the eighth ACM symposium on Access control models and technologies
A Privacy Policy Model for Enterprises

CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
A System to Specify and Manage Multipolicy Access Control Models

POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
A logical specification for usage control

Proceedings of the ninth ACM symposium on Access control models and technologies
Formal model and policy specification of usage control

ACM Transactions on Information and System Security (TISSEC)
Role-based access control for a distributed calculus

Journal of Computer Security - Special issue on CSFW17
Supporting access control policies across multiple operating systems

Proceedings of the 43rd annual Southeast regional conference - Volume 2
A layered approach to simplified access control in virtualized systems

ACM SIGOPS Operating Systems Review
Role-based access control for boxed ambients

Theoretical Computer Science
Access control by action control

Proceedings of the 13th ACM symposium on Access control models and technologies
Interactive access control for autonomic systems: From theory to implementation

ACM Transactions on Autonomous and Adaptive Systems (TAAS)
A rewriting framework for the composition of access control policies

Proceedings of the 10th international ACM SIGPLAN conference on Principles and practice of declarative programming
Verifying compliance of trusted programs

SS'08 Proceedings of the 17th conference on Security symposium
DRM policies for web map service

SPRINGL '08 Proceedings of the SIGSPATIAL ACM GIS 2008 International Workshop on Security and Privacy in GIS and LBS
Action Control by Term Rewriting

Electronic Notes in Theoretical Computer Science (ENTCS)
A logical specification and analysis for SELinux MLS policy

ACM Transactions on Information and System Security (TISSEC)
SecPAL: Design and semantics of a decentralized authorization language

Journal of Computer Security - Digital Identity Management (DIM 2007)
Security rules versus security properties

ICISS'10 Proceedings of the 6th international conference on Information systems security
Supporting role based provisioning with rules using OWL and F-logic

OTM'10 Proceedings of the 2010 international conference on On the move to meaningful internet systems - Volume Part I
Types for security in a mobile world

TGC'05 Proceedings of the 1st international conference on Trustworthy global computing
Term rewriting for access control

DBSEC'06 Proceedings of the 20th IFIP WG 11.3 working conference on Data and Applications Security
Considering privacy and effectiveness of authorization policies for shared electronic health records

Proceedings of the 2nd ACM SIGHIT International Health Informatics Symposium
E pluribus unum: deduction, abduction and induction, the reasoning services for access control in autonomic communication

WAC'04 Proceedings of the First international IFIP conference on Autonomic Communication
A unified attribute-based access control model covering DAC, MAC and RBAC

DBSec'12 Proceedings of the 26th Annual IFIP WG 11.3 conference on Data and Applications Security and Privacy

Quantified Score

Hi-index	0.00

Visualization

Abstract

The increased availability of tools and technologies to access and use the data has made more urgent the needs for data protection. Moreover, emerging applications and data models call for more flexible and expressive access control models. This has lead to an extensive research activity that has resulted in the definition of a variety of access control models, that greatly differ with respect to the access control policies they can support. The need thus arises of developing some sort of tools that make it possible to reason about the expressive power of such models and to make a comparison among the various proposals. In this paper we make a first step in this direction by proposing a formal framework for reasoning about access control models. The framework we propose is based on a logical formalism and is general enough to model both discretionary and mandatory access control policies. Each instance of the proposed framework corresponds to a C-Datalog program [8], interpreted according to a stable model semantics. In the paper, besides giving the syntax and the formal semantic of our framework, we show some examples of its application.