A Logical Framework for Reasoning on Data Access Control Policies
CSFW '99 Proceedings of the 12th IEEE workshop on Computer Security Foundations
A Logical Language for Expressing Authorizations
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
PeerAccess: a logic for distributed authorization
Proceedings of the 12th ACM conference on Computer and communications security
Implementation aspects of a delegation system
Proceedings of the 3rd international conference on Mobile multimedia communications
Reasoning on Weighted Delegatable Authorizations
DEXA '09 Proceedings of the 20th International Conference on Database and Expert Systems Applications
Policy Evolution in Distributed Usage Control
Electronic Notes in Theoretical Computer Science (ENTCS)
Temporal authorizations scheme for XML document
DNCOCO'06 Proceedings of the 5th WSEAS international conference on Data networks, communications and computers
A representation model of trust relationships with delegation extensions
iTrust'05 Proceedings of the Third international conference on Trust Management
Graphical representation of authorization policies for weighted credentials
ACISP'06 Proceedings of the 11th Australasian conference on Information Security and Privacy
| Hi-index | 0.00 |
In this paper, we propose a logic program based formulation that supports delegatable authorizations, where negation as failure, classical negation and rules inheritance are allowable. A conflict resolution policy has been developed in our approach that can be used to support the controlled delegation and exception. In our framework, authorization rules are specified in a Delegatable Authorization Program (DAP) which is an extended logic program associated with different types of partial orderings on the domain, and these orderings specify various inheritance relationships among subjects, objects and access rights in the domain. The semantics of a DAP is defined based on the well-known stable model and the conflict resolution is achieved in the process of model generation for the underlying DAP. Our framework provides users a feasible way to express complex security policies.