Action-status access control

We introduce a generalization of Role-based Access Control that we call the Action-Status Access Control (ASAC) model. The ASAC model addresses certain shortcomings with RBAC models when applied in distributed computing contexts. The ASAC model is based on the notion of status, and a nonmonotonic theory of access control that is founded upon the notions of events, actions and times. The approach allows automatic changes to be made to policy requirements and agent authorizations that may be based, in part, on an agent's intentional behaviors.

[1]  Sushil Jajodia,et al.  Obligation monitoring in policy management , 2002, Proceedings Third International Workshop on Policies for Distributed Systems and Networks.

[2]  Andreas Matheus,et al.  How to Declare Access Control Policies for XML Structured Information Objects using OASIS' eXtensible Access Control Markup Language (XACML) , 2005, Proceedings of the 38th Annual Hawaii International Conference on System Sciences.

[3]  Michael Leuschel,et al.  Efficient and flexible access control via Jones-optimal logic program specialisation , 2008, High. Order Symb. Comput..

[4]  Peter J. Stuckey,et al.  Flexible access control policy specification with constraint logic programming , 2003, TSEC.

[5]  Jean Bacon,et al.  A model of OASIS role-based access control and its support for active security , 2002, ACM Trans. Inf. Syst. Secur..

[6]  K. A. Ross,et al.  Tabled Evaluation with Delaying for General Logic Programs , 1996 .

[7]  SandhuRavi,et al.  The UCONABC usage control model , 2004 .

[8]  Jeffrey M. Bradshaw,et al.  Kaos Semantic Policy and Domain Services , 2004 .

[9]  Chitta Baral,et al.  Logic Programming and Knowledge Representation , 1994, J. Log. Program..

[10]  Joan Feigenbaum,et al.  Delegation logic: A logic-based approach to distributed authorization , 2003, TSEC.

[11]  Max Bramer Logic Programming with Prolog , 2005, Springer London.

[12]  Simon S. Lam,et al.  Authorizations in Distributed Systems: A New Approach , 1993, J. Comput. Secur..

[13]  Elisa Bertino,et al.  Intelligent Database Systems , 2000 .

[14]  Audun Jøsang,et al.  Technologies for Trust in Electronic Commerce , 2004, Electron. Commer. Res..

[15]  Phan Minh Dung,et al.  Trust Negotiation with Nonmonotonic Access Policies , 2004, INTELLCOMM.

[16]  Donald M. Borchert Encyclopedia of Philosophy , 1967 .

[17]  J. Lloyd Foundations of Logic Programming , 1984, Symbolic Computation.

[18]  Antonio Brogi,et al.  Modular logic programming , 1994, TOPL.

[19]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[20]  Elisa Bertino,et al.  Traceable and Automatic Compliance of Privacy Policies in Federated Digital Identity Management , 2006, Privacy Enhancing Technologies.

[21]  Sushil Jajodia,et al.  Flexible support for multiple access control policies , 2001, TODS.

[22]  John DeTreville,et al.  Binder, a logic-based security language , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[23]  Christian S. Jensen,et al.  On the semantics of “now” in databases , 1996, TODS.

[24]  Timothy W. Finin,et al.  A policy language for a pervasive computing environment , 2003, Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks.

[25]  Elisa Bertino,et al.  TRBAC , 2001, ACM Trans. Inf. Syst. Secur..

[26]  Emil C. Lupu,et al.  The Ponder Policy Specification Language , 2001, POLICY.

[27]  J. W. Lloyd,et al.  Foundations of logic programming; (2nd extended ed.) , 1987 .

[28]  Allen Van Gelder,et al.  The Alternating Fixpoint of Logic Programs with Negation , 1993, J. Comput. Syst. Sci..

[29]  Amir Herzberg,et al.  Access control meets public key infrastructure, or: assigning roles to strangers , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[30]  James A. Hendler,et al.  Semantic Web Architecture: Stack or Two Towers? , 2005, PPSWR.

[31]  Peter Sewell,et al.  Cassandra: distributed access control policies with tunable expressiveness , 2004, Proceedings. Fifth IEEE International Workshop on Policies for Distributed Systems and Networks, 2004. POLICY 2004..

[32]  Jaehong Park,et al.  The UCONABC usage control model , 2004, TSEC.

[33]  Trevor Jim,et al.  SD3: a trust management system with certified evaluation , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[34]  Jerry den Hartog,et al.  Nonmonotonic Trust Management for P2P Applications , 2005, STM.