Logical Approaches to Authorization Policies

We show how core concepts in access control can be represented in axiomatic terms and how multiple access control models and policies can be uniformly represented as particular logical theories in the axiom system that we introduce. Authorization policies are represented in our framework by using a form of answer set programming. We describe the motivations for our approach and we consider how properties of policies can be proven in our scheme.

[1]  J. W. Lloyd,et al.  Foundations of logic programming; (2nd extended ed.) , 1987 .

[2]  T. Kuhn The structure of scientific revolutions, 3rd ed. , 1996 .

[3]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[4]  Michael Gelfond,et al.  Classical negation in logic programs and disjunctive databases , 1991, New Generation Computing.

[5]  B. Russell The Principles of Mathematics , 1938 .

[6]  Roshan K. Thomas,et al.  Team-based access control (TMAC): a primitive for applying role-based access controls in collaborative environments , 1997, RBAC '97.

[7]  Marek J. Sergot,et al.  A logic-based calculus of events , 1989, New Generation Computing.

[8]  Trevor Jim,et al.  SD3: a trust management system with certified evaluation , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[9]  Marek Sergot,et al.  Formal Specification of Security Requirements using the Theory of Normative Positions , 1992, ESORICS.

[10]  Chitta Baral,et al.  Knowledge Representation, Reasoning and Declarative Problem Solving , 2003 .

[11]  Sushil Jajodia,et al.  Flexible support for multiple access control policies , 2001, TODS.

[12]  Jorge Lobo,et al.  Expressive policy analysis with enhanced system dynamicity , 2009, ASIACCS '09.

[13]  Steve Barker,et al.  Secommunity: A Framework for Distributed Access Control , 2011, LPNMR.

[14]  Yan Zhang,et al.  Handling distributed authorization with delegation through answer set programming , 2006, International Journal of Information Security.

[15]  Martín Abadi,et al.  A calculus for access control in distributed systems , 1991, TOPL.

[16]  Jean-Jacques Quisquater,et al.  Computer Security — ESORICS 92 , 1992, Lecture Notes in Computer Science.

[17]  Peter J. Stuckey,et al.  Flexible access control policy specification with constraint logic programming , 2003, TSEC.

[18]  Teodor C. Przymusinski On the Declarative Semantics of Deductive Databases and Logic Programs , 1988, Foundations of Deductive Databases and Logic Programming..

[19]  Krzysztof R. Apt,et al.  Logic Programming , 1990, Handbook of Theoretical Computer Science, Volume B: Formal Models and Sematics.

[20]  Wolfgang Faber,et al.  Logic Programming and Nonmonotonic Reasoning , 2011, Lecture Notes in Computer Science.

[21]  Joseph Y. Halpern,et al.  Using First-Order Logic to Reason about Policies , 2008, TSEC.

[22]  Lujo Bauer,et al.  A General and Flexible Access-Control System for the Web , 2002, USENIX Security Symposium.

[23]  Andrew D. Gordon,et al.  SecPAL: Design and semantics of a decentralized authorization language , 2010, J. Comput. Secur..

[24]  John DeTreville,et al.  Binder, a logic-based security language , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[25]  Ninghui Li,et al.  Design of a role-based trust-management framework , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[26]  K J Biba,et al.  Integrity Considerations for Secure Computer Systems , 1977 .

[27]  Keith L. Clark,et al.  Negation as Failure , 1987, Logic and Data Bases.

[28]  T. Kuhn,et al.  The Structure of Scientific Revolutions , 1963 .

[29]  Jorge Lobo,et al.  Authorization and Obligation Policies in Dynamic Systems , 2008, ICLP.

[30]  Michael J. Nash,et al.  The Chinese Wall security policy , 1989, Proceedings. 1989 IEEE Symposium on Security and Privacy.

[31]  J. Lloyd Foundations of Logic Programming , 1984, Symbolic Computation.

[32]  Marek J. Sergot,et al.  A Formal Characterisation of Institutionalised Power , 1996, Log. J. IGPL.

[33]  Steve Barker The next 700 access control models or a unifying meta-model? , 2009, SACMAT '09.

[34]  Duminda Wijesekera,et al.  Status-Based Access Control , 2008, TSEC.

[35]  D. Elliott Bell,et al.  Secure Computer System: Unified Exposition and Multics Interpretation , 1976 .

[36]  Joan Feigenbaum,et al.  Delegation logic: A logic-based approach to distributed authorization , 2003, TSEC.

[37]  Howard A. Blair,et al.  The Complexity of Local Stratification , 1994, Fundam. Informaticae.