Foundations of logic programming; (2nd extended ed.)
Foundations of logic programming; (2nd extended ed.)
Principles of database and knowledge-base systems, Vol. I
Principles of database and knowledge-base systems, Vol. I
On the declarative semantics of logic programs with negation
Foundations of deductive databases and logic programming
SIGMOD '90 Proceedings of the 1990 ACM SIGMOD international conference on Management of data
A model of authorization for next-generation database systems
ACM Transactions on Database Systems (TODS)
A calculus for access control in distributed systems
ACM Transactions on Programming Languages and Systems (TOPLAS)
Well-founded semantics and stratification for ordered logic programs
New Generation Computing
On the expressive power of ordered logic
AI Communications
A unified framework for enforcing multiple access control policies
SIGMOD '97 Proceedings of the 1997 ACM SIGMOD international conference on Management of data
An access control model supporting periodicity constraints and temporal reasoning
ACM Transactions on Database Systems (TODS)
A Model for Evaluation and Administration of Security in Object-Oriented Databases
IEEE Transactions on Knowledge and Data Engineering
WFS + Branch and Bound = Stable Models
IEEE Transactions on Knowledge and Data Engineering
A Temporal Access Control Mechanism for Database Systems
IEEE Transactions on Knowledge and Data Engineering
Administration Policies in a Multipolicy Autorization System
Proceedings of the IFIP TC11 WG11.3 Eleventh International Conference on Database Securty XI: Status and Prospects
A Deductive System for Non-Monotonic Reasoning
LPNMR '97 Proceedings of the 4th International Conference on Logic Programming and Nonmonotonic Reasoning
An Authorization Model and Its Formal Semantics
ESORICS '98 Proceedings of the 5th European Symposium on Research in Computer Security
Supporting Multiple Access Control Policies in Database Systems
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
A Logical Language for Expressing Authorizations
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Delegation logic: A logic-based approach to distributed authorization
ACM Transactions on Information and System Security (TISSEC)
A Content-Based Authorization Model for Digital Libraries
IEEE Transactions on Knowledge and Data Engineering
Resolving Conflicts in Authorization Delegations
ACISP '02 Proceedings of the 7th Australian Conference on Information Security and Privacy
Logic-Based Reasoning on Delegatable Authorizations
ISMIS '02 Proceedings of the 13th International Symposium on Foundations of Intelligent Systems
A Policy Language for the Management of Distributed Agents
AOSE '01 Revised Papers and Invited Contributions from the Second International Workshop on Agent-Oriented Software Engineering II
A propositional logic for access control policy in distributed systems
Artificial intelligence and security in computing systems
Secure Interoperation in a Multidomain Environment Employing RBAC Policies
IEEE Transactions on Knowledge and Data Engineering
On the modeling and analysis of obligations
Proceedings of the 13th ACM conference on Computer and communications security
Reasoning on Weighted Delegatable Authorizations
DEXA '09 Proceedings of the 20th International Conference on Database and Expert Systems Applications
Distributed and Parallel Databases
Model checking of location and mobility related security policy specifications in ambient calculus
MMM-ACNS'10 Proceedings of the 5th international conference on Mathematical methods, models and architectures for computer network security
Logic based authorization program and its implementation
Proceedings of the 4th international conference on Security of information and networks
Defining and measuring policy coverage in testing access control policies
ICICS'06 Proceedings of the 8th international conference on Information and Communications Security
A formalization of distributed authorization with delegation
ACISP'05 Proceedings of the 10th Australasian conference on Information Security and Privacy
Specifying distributed authorization with delegation using logic programming
KES'05 Proceedings of the 9th international conference on Knowledge-Based Intelligent Information and Engineering Systems - Volume Part II
Proceedings of the 17th ACM symposium on Access Control Models and Technologies
TBA: a hybrid of logic and extensional access control systems
FAST'11 Proceedings of the 8th international conference on Formal Aspects of Security and Trust
Rule-based policy representation and reasoning for the semantic web
RW'07 Proceedings of the Third international summer school conference on Reasoning Web
DEAL: A Distributed Authorization Language for Ambient Intelligence
International Journal of Ambient Computing and Intelligence
Access Control on Semantic Web Data Using Query Rewriting
International Journal of Organizational and Collective Intelligence
A semantic authorization model for pervasive healthcare
Journal of Network and Computer Applications
| Hi-index | 0.00 |
In this paper we propose a logic formalism that naturally supports the encoding of complex security specifications. This formalism relies on a hierarchically structured domain made of subjects, objects and privileges.Authorizations are expressed by logic rules. The formalism supports both negation by failure (possibly unstratified) and true negation. The latter is used to express negative authorizations. It turns out that conflicts may result from a set of authorization rules. Dealing with such conflicts requires the knowledge of the domain structure, such as grantor priorities and object/subject hierarchies, which is used in the deductive process to determine which authorization prevails, if any, on the others. Often, however, conflicts are unsolvable, as they express intrinsic ambiguities.We have devised two semantics as an extension of the well-founded and the stable model semantics of logic programming. We have also defined a number of access policies, each based on two orthogonal choices: one is related to the way how we cope with multiplicity of authorization sets in case of stable model semantics; the other is concerned with the open/closed assumption. A comparative analysis of the proposed authorization policies, based on their degree of permissivity, shows that they form a complete lattice.