Reasoning with advanced policy rules and its application to access control

  • Authors:

  • Claudio Bettini;Sushil Jajodia;X. Sean Wang;Duminda Wijesekera

  • Affiliations:

  • Università di Milano, DICo, via Comelico 39, 20135, Milan, Italy;George Mason University, Center for Secure Information Systems, via Comelico 39, 22030, Fairfax, VA, USA;University of Vermont, Department of Computer Science, via Comelico 39, 05405, Burlington, VT, USA;George Mason University, Center for Secure Information Systems, via Comelico 39, 22030, Fairfax, VA, USA

  • Venue:
  • International Journal on Digital Libraries
  • Year:
  • 2004

Quantified Score

Hi-index 0.00

Visualization

Abstract

This paper presents a formal framework to represent and manage advanced policy rules, which incorporate the notions of provision and obligation. Provisions are those conditions that need to be satisfied or actions that must be performed by a user or an agent before a decision is rendered, while obligations are those conditions or actions that must be fulfilled by either the user or agent or by the system itself within a certain period of time after the decision. This paper proposes a specific formalism to express provisions and obligations within a policy and investigates a reasoning mechanism within this framework. A policy decision may be supported by more than one rule-based derivation, each associated with a potentially different set of provisions and obligations (called a global PO set). The reasoning mechanism can derive all the global PO sets for each specific policy decision and facilitates the selection of the best one based on numerical weights assigned to provisions and obligations as well as on semantic relationships among them. The formal results presented in the paper hold for many applications requiring the specification of policies, but this paper illustrates the use of the proposed policy framework in the security domain only.