Variations in Access Control Logic
DEON '08 Proceedings of the 9th international conference on Deontic Logic in Computer Science
EON: modeling and analyzing dynamic access control systems with logic programs
Proceedings of the 15th ACM conference on Computer and communications security
Identity-based long running negotiations
Proceedings of the 4th ACM workshop on Digital identity management
Specifying and enforcing high-level semantic obligation policies
Web Semantics: Science, Services and Agents on the World Wide Web
Towards Role Based Trust Management without Distributed Searching of Credentials
ICICS '08 Proceedings of the 10th International Conference on Information and Communications Security
Fine-grained access control for GridFTP using SecPAL
GRID '07 Proceedings of the 8th IEEE/ACM International Conference on Grid Computing
A decision support system for secure information sharing
Proceedings of the 14th ACM symposium on Access control models and technologies
The next 700 access control models or a unifying meta-model?
Proceedings of the 14th ACM symposium on Access control models and technologies
Specifying and Composing Non-functional Requirements in Model-Based Development
SC '09 Proceedings of the 8th International Conference on Software Composition
Security and trust in virtual healthcare communities
Proceedings of the 2nd International Conference on PErvasive Technologies Related to Assistive Environments
PPDP '09 Proceedings of the 11th ACM SIGPLAN conference on Principles and practice of declarative programming
PAES: Policy-Based Authority Evaluation Scheme
Proceedings of the 23rd Annual IFIP WG 11.3 Working Conference on Data and Applications Security XXIII
Operational Semantics for DKAL: Application and Analysis
TrustBus '09 Proceedings of the 6th International Conference on Trust, Privacy and Security in Digital Business
Applying differential privacy to search queries in a policy based interactive framework
Proceedings of the ACM first international workshop on Privacy and anonymity for very large databases
Inferring privacy policies for social networking services
Proceedings of the 2nd ACM workshop on Security and artificial intelligence
Paralocks: role-based information flow control and beyond
Proceedings of the 37th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A logic for authorization provenance
ASIACCS '10 Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security
Policy-based access control for weakly consistent replication
Proceedings of the 5th European conference on Computer systems
The role of abduction in declarative authorization policies
PADL'08 Proceedings of the 10th international conference on Practical aspects of declarative languages
A modal deconstruction of access control logics
FOSSACS'08/ETAPS'08 Proceedings of the Theory and practice of software, 11th international conference on Foundations of software science and computational structures
A logic for state-modifying authorization policies
ACM Transactions on Information and System Security (TISSEC)
A card requirements language enabling privacy-preserving access control
Proceedings of the 15th ACM symposium on Access control models and technologies
Abductive authorization credential gathering
POLICY'09 Proceedings of the 10th IEEE international conference on Policies for distributed systems and networks
PCAL: language support for proof-carrying authorization systems
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
SecPAL: Design and semantics of a decentralized authorization language
Journal of Computer Security - Digital Identity Management (DIM 2007)
An administrative model for UCONABC
AISC '10 Proceedings of the Eighth Australasian Conference on Information Security - Volume 105
Modelling dynamic access control policies for web-based collaborative systems
DBSec'10 Proceedings of the 24th annual IFIP WG 11.3 working conference on Data and applications security and privacy
Logic of infons: The propositional case
ACM Transactions on Computational Logic (TOCL)
Model checking of location and mobility related security policy specifications in ambient calculus
MMM-ACNS'10 Proceedings of the 5th international conference on Mathematical methods, models and architectures for computer network security
A practical generic privacy language
ICISS'10 Proceedings of the 6th international conference on Information systems security
DES: A Deductive Database System
Electronic Notes in Theoretical Computer Science (ENTCS)
Nexus authorization logic (NAL): Design rationale and applications
ACM Transactions on Information and System Security (TISSEC)
Confidentiality-preserving proof theories for distributed proof systems
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
Journal of Systems Architecture: the EUROMICRO Journal
A conditional constructive logic for access control and its sequent calculus
TABLEAUX'11 Proceedings of the 20th international conference on Automated reasoning with analytic tableaux and related methods
STM'10 Proceedings of the 6th international conference on Security and trust management
Aggregating trust using triangular norms in the keynote trust management system
STM'10 Proceedings of the 6th international conference on Security and trust management
Stateful authorization logic: proof theory and a case study
STM'10 Proceedings of the 6th international conference on Security and trust management
Opacity analysis in trust management systems
ISC'11 Proceedings of the 14th international conference on Information security
Privacy-aware proof-carrying authorization
Proceedings of the ACM SIGPLAN 6th Workshop on Programming Languages and Analysis for Security
A deductive database with datalog and SQL query languages
APLAS'11 Proceedings of the 9th Asian conference on Programming Languages and Systems
Outer Joins in a Deductive Database System
Electronic Notes in Theoretical Computer Science (ENTCS)
Decentralized semantic threat graphs
DBSec'12 Proceedings of the 26th Annual IFIP WG 11.3 conference on Data and Applications Security and Privacy
A logic for state-modifying authorization policies
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
Modelling Access Propagation in Dynamic Systems
ACM Transactions on Information and System Security (TISSEC)
Stateful authorization logic --Proof theory and a case study
Journal of Computer Security - STM'10
Information flow in trust management systems
Journal of Computer Security - CSF 2010
| Hi-index | 0.00 |
We present a declarative authorization language that strikes a careful balance between syntactic and semantic simplicity, policy expressiveness, and execution efficiency. The syntax is close to natural language, and the semantics consists of just three deduction rules. The language can express many common policy idioms using constraints, controlled delegation, recursive predicates, and negated queries. We describe an execution strategy based on translation to Datalog with Constraints, and table-based resolution. We show that this execution strategy is sound, complete, and always terminates, despite recursion and negation, as long as simple syntactic conditions are met.