A logical view of nonmonotonicity in access control

Classical logics have already been proposed as a means to specify and implement access control systems. In this paper, we first show that some facets of access control render these logics inadequate. In particular, when used as an inference engine, they are insufficient for decision making on the basis of imperfect information, a situation that occurs frequently in new computing paradigms. In addition, it is sometimes required to annihilate former derivable authorizations when new rules are added to security policies. Then, we demonstrate how the existing formalisms of nonmonotonic reasoning can be deployed to address such aspects of access control. Finally, we justify the use of modal nonmonotonic logics for access control in open environments and propose their required features.

[1]  Floris Roelofsen,et al.  Minimal and Absent Information in Contexts , 2005, IJCAI.

[2]  Simon S. Lam,et al.  Authorizations in Distributed Systems: A New Approach , 1993, J. Comput. Secur..

[3]  Francesco M. Donini,et al.  Ground Nonmonotonic Modal Logics , 1997, J. Log. Comput..

[4]  Lujo Bauer,et al.  Consumable Credentials in Linear-Logic-Based Access-Control Systems , 2007, NDSS.

[5]  Francesco M. Donini,et al.  Is Intractability of Non-Monotonic Reasoning a Real Drawback? , 1994, AAAI.

[6]  Ruonan Rao,et al.  A Formal Logic for Shared Resource Access Control in the Grid , 2004, GCC Workshops.

[7]  Raymond Reiter,et al.  A Logic for Default Reasoning , 1987, Artif. Intell..

[8]  Grigoris Antoniou,et al.  Nonmonotonic reasoning , 1997 .

[9]  Peter Gärdenfors,et al.  Belief Revision and Nonmonotonic Logic: Two Sides of the Same Coin? (Abstract) , 1990, JELIA.

[10]  Michael J. Maher,et al.  Defeasible Logic versus Logic Programming without Negation as Failure , 2000, J. Log. Program..

[11]  Martín Abadi Variations in Access Control Logic , 2008, DEON.

[12]  Vijay Varadharajan,et al.  A Logic Model for Temporal Authorization Delegation with Negation , 2003, ISC.

[13]  Anthony Hunter,et al.  Paraconsistent logics , 1998 .

[14]  Martín Abadi,et al.  A Modal Deconstruction of Access Control Logics , 2008, FoSSaCS.

[15]  Yan Zhang,et al.  Specifying Distributed Authorization with Delegation Using Logic Programming , 2005, KES.

[16]  Donald Nute,et al.  Defeasible Logic , 1994, INAP.

[17]  Drew McDermott,et al.  Nonmonotonic Logic II: Nonmonotonic Modal Theories , 1982, JACM.

[18]  Yoav Shoham,et al.  A semantical approach to nonmonotonic logics , 1987, LICS 1987.

[19]  Jack Minker,et al.  An Overview of Nonmonotonic Reasoning and Logic Programming , 1993, J. Log. Program..

[20]  Ian T. Foster,et al.  The anatomy of the grid: enabling scalable virtual organizations , 2001, Proceedings First IEEE/ACM International Symposium on Cluster Computing and the Grid.

[21]  Sushil Jajodia,et al.  Flexible support for multiple access control policies , 2001, TODS.

[22]  Carl A. Gunter,et al.  Defeasible security policy composition for web services , 2006, FMSE '06.

[23]  Michael J. Maher Under consideration for publication in Theory and Practice of Logic Programming 1 Propositional Defeasible Logic has Linear Complexity , 2004 .

[24]  Diego Calvanese,et al.  Inconsistency Tolerance in P2P Data Integration: An Epistemic Logic Approach , 2005, DBPL.

[25]  Robert H. Deng,et al.  A novel privacy preserving authentication and access control scheme for pervasive computing environments , 2006, IEEE Transactions on Vehicular Technology.

[26]  Michael Leuschel,et al.  Efficient and flexible access control via logic program specialisation , 2004, PEPM '04.

[27]  Matthew L. Ginsberg,et al.  Readings in Nonmonotonic Reasoning , 1987, AAAI 1987.

[28]  Peter Steenkiste,et al.  Access Control to Information in Pervasive Computing Environments , 2003, HotOS.

[29]  Alexander Bochman,et al.  Explanatory Nonmonotonic Reasoning , 2005, Advances in Logic.

[30]  Dov M. Gabbay,et al.  Theoretical Foundations for Non-Monotonic Reasoning in Expert Systems , 1989, Logics and Models of Concurrent Systems.

[31]  Martín Abadi,et al.  A calculus for access control in distributed systems , 1991, TOPL.

[32]  Grigori Schwarz Bounding Introspection in Nonmonotonic Logic , 1992, KR.

[33]  Michael P. Wellman,et al.  Automated Negotiation from Declarative Contract Descriptions , 2002, Comput. Intell..

[34]  Floris Roelofsen,et al.  Contextual Default Reasoning , 2007, IJCAI.

[35]  PETER GÄRDENFORS,et al.  Belief Revision: Belief revision: An introduction , 2003 .