Advertisement

On the sequence of authorization policy transformations

  • Yun BaiEmail author
  • Yan Zhang
  • Vijay Varadharajan
Regular contribution
  • 42 Downloads

Abstract

In [2, 3], we proposed a model-based approach to specify the transformation of authorizations based on the principle of minimal change [10] and its application in database systems. Nevertheless, there were some limitations in this approach. Firstly, we could not represent a sequence of transformations. Secondly, default authorizations could not be expressed. In this paper, we propose two high-level formal languages, ℒs and ℒsd, to specify a sequence of authorization transformations and default authorizations. Our work starts with ℒs, a simple, but expressive, language to specify certain sequence of authorization transformations. Furthermore, ℒsd has more powerful expressiveness than ℒs in the sense that constraints, causal and inherited authorizations, and general default authorizations can be specified.

Keywords

Authorization policy Policy transformations Formal language Default logic 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Atluri V, Gal A (2002) An authorization model for temporal and derived data: securing information portals. ACM Trans Inf Syst Secur 5(1):62–94CrossRefGoogle Scholar
  2. 2.
    Bai Y, Varadharajan V (2002) Object oriented database with authorization policies. J Fundament Inf 53(3–4):229–250Google Scholar
  3. 3.
    Bai Y, Varadharajan V (2003) On transformation of authorization policies. Data Knowl Eng 45(3):333–357CrossRefGoogle Scholar
  4. 4.
    Bertino E, Buccafurri F, Ferrari E, Rullo P (2000) A logic-based approach for enforcing access control. Comput Secur 8(2–2):109–140Google Scholar
  5. 5.
    Bertino E, Catania B, Ferrari E, Perlasca P (2003) A logical framework for reasoning about access control models. ACM Trans Inf Syst Secur 6(1):71–127CrossRefGoogle Scholar
  6. 6.
    Bertino E, Jajodia S, Samarati P (1996) Supporting multiple access control policies in database systems. In: Proceedings of the IEEE symposium on research in security and privacy, pp 94–107Google Scholar
  7. 7.
    Bertino E, Mileo A, Provetti A (2003) Policy monitoring with user-preferences in PDL. In: Proceedings of the IJCAI-03 workshop for nonmonotonic reasoning, action and change, pp 37–44Google Scholar
  8. 8.
    Brewer DFC, Nash MJ (1989) The Chinese wall security policy. In: Proceedings of the IEEE symposium on research in security and privacy, pp 215–228Google Scholar
  9. 9.
    Chomicki J, Lobo J, Naqvi S (2000) A logical programming approach to conflict resolution in policy management. In: Proceedings of the international conference on principles of knowledge representation and reasoning, pp 121–132Google Scholar
  10. 10.
    Chou TSC, Winslett M (1991) Immortal: a model-based belief revision system. In: Proceedings of the international conference on principles of knowledge representation and reasoning, pp 99–110Google Scholar
  11. 11.
    Crescini V, Zhang Y (2004) Web server authorization with policy updater: a logical based access control system. In: Proceedings of the IADIS international conference on WWW/Internet (in press)Google Scholar
  12. 12.
    Crescini V, Zhang Y (2004) A logical based approach for dynamic access control. In: Proceedings of the 17th Australian joint conference on artificial intelligence, pp 623–635Google Scholar
  13. 13.
    Dacier M, Deswarte Y (1994) Privilege graph: an extension to the typed access matrix model. In: Proceedings of the European symposium on research in computer security, pp 319–334Google Scholar
  14. 14.
    Denning DE (1976) A lattice model of secure information flow. Commun ACM 19:236–243MathSciNetCrossRefGoogle Scholar
  15. 15.
    Fernandez EB, Gudes E, Song H (1989) A security model for object-oriented databases. In: Proceedings of the IEEE symposium on research in security and privacy, pp 110–115Google Scholar
  16. 16.
    Fernandez EB, France RB, Wei D (1995) A formal specification of an authorization model for object-oriented databases. In: Database Security, IX: Status and Prospects, pp 95–109Google Scholar
  17. 17.
    Gelfond M, Lifschitz V (1991) Classical negation in logic programs and disjunctive databases. New Generat Comput 9:365–385CrossRefGoogle Scholar
  18. 18.
    Gong L (1989) A secure identity based capability system. In: Proceedings of the IEEE symposium on research in security and privacy, pp 56–63Google Scholar
  19. 19.
    Jajodia S, Samarati P, Sapino ML, Subrahmanian VS (2001) Flexible support for multiple access control policies. ACM Trans Database Syst 29(2):214–260CrossRefGoogle Scholar
  20. 20.
    Jajodia S, Samarati P, Subrahmanian VS (1997) A logical language for expressing authorizations. In: Proceedings of the IEEE symposium on research in security and privacy, pp 31–42Google Scholar
  21. 21.
    Li N, Grosof B, Feigenbaum J (2003) Delegation logic: a logic-based approach to distributed authorization. ACM Trans Inf Syst Secur 6(1):128–171CrossRefGoogle Scholar
  22. 22.
    Meadows C (1991) Policies for dynamic upgrading. In: Database Security, IV: Status and Prospects, pp 241–250Google Scholar
  23. 23.
    Reiter R (1980) A logic for default reasoning. Artif Intell 13:81–132MathSciNetCrossRefGoogle Scholar
  24. 24.
    Sandhu RS, Ganta S (1994) On the minimality of testing for rights in transformation models. In: Proceedings of the IEEE symposium on research in security and privacy, pp 230–241Google Scholar
  25. 25.
    Woo TYC, Lam SS (1992) Authorization in distributed systems: a formal approach. In: Proceedings of the IEEE symposium on research in security and privacy, pp 33–50Google Scholar
  26. 26.
    Zhang Y, Wu CM, Bai Y (2001) Implementing prioritized logic programming. AI Commun 14(4):183–196Google Scholar

Copyright information

© Springer-Verlag 2005

Authors and Affiliations

  1. 1.School of Computing and Information TechnologyUniversity of Western SydneyPenrith South DCAustralia
  2. 2.Department of ComputingMacquarie UniversityNorth RydeAustralia

Personalised recommendations