Abstract
We describe the use of a flexible meta-interpreter for performing access control checks on deductive databases. The meta-program is implemented in Prolog and takes as input a database and an access policy specification. For processing access control requests we specialise the meta-program for a given access policy and database by using the logen partial evaluation system. The resulting specialised control checking program is dependent solely upon dynamic information that can only be known at the time of actual access request evaluation. In addition to describing our approach, we give a number of performance measures for our implementation of an access control checker. In particular, we show that by using our approach we get flexible access control with virtually no overhead, satisfying the Jones optimality criterion. The paper also shows how to satisfy the Jones optimality criterion more generally for interpreters written in the non-ground representation.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Apt, K.R., Turini, F.: Meta-logics and Logic Programming. MIT Press, Cambridge (1995)
Baral, C., Gelfond, M.: Logic programming and knowledge representation. JLP 19/20, 73–148 (1994)
Barker, S.: Web usage control in RSCLP. In: Proc. 18th IFIP WG Conf. on Database Security (2004)
Barker, S., Stuckey, P.: Flexible access control policy specification with constraint logic programming. ACM TISSEC 6(4), 501–546 (2003)
Barker, S., Leuschel, M., Varea, M.: Efficient and flexible access control via logic program specialisation. In: PEPM’04: Proceedings of the 2004 ACM SIGPLAN Symposium on Partial Evaluation and Semantics-based Program Manipulation, New York, NY, USA, 2004, pp. 190–199. ACM Press, New York (2004)
Bertino, E., Bettini, C., Ferrari, E., Samarati, P.: An access control model supporting periodicity constraints and temporal reasoning. ACM TODS 23(3), 231–285 (1998)
Bertino, E., Catania, B., Ferrari, E., Perlasca, P.: A system to specify and manage multipolicy access control models. In: Proc. IEEE 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY 2002) (2002)
Bondorf, A., Palsberg, J.: Generating action compilers by partial evaluation. J. Funct. Program. 6(2) (1996)
Briney, A.: Information security 2000. In: Information Security, pp. 40–68 (2000)
Clark, K.: Negation as failure. In: Gallaire, H., Minker, J. (eds.) Logic and Databases, pp. 293–322. Plenum, New York (1978)
Date, C.: An Introduction to Database Systems. Addison–Wesley, Reading (2003)
Ferraiolo, D., Cugini, J., Kuhn, R.: Role-based access control (RBAC): features and motivations. In: Proc. of the 11th Annual Computer Security Applications Conf., pp. 241–248 (1995)
Futamura, Y.: Partial evaluation of computation process—an approach to a compiler-compiler. Higher-Order Symb. Comput. 12(4), 381–391 (1999). Reprinted from Systems ⋅ Computers ⋅ Controls 2(5), 1971, with a foreword
Gallagher, J.: Tutorial on specialisation of logic programs. In: Proceedings of PEPM’93, the ACM Sigplan Symposium on Partial Evaluation and Semantics-Based Program Manipulation, pp. 88–98. ACM Press, New York (1993)
Gallagher, J., Bruynooghe, M.: Some low-level transformations for logic programs. In: Bruynooghe, M. (ed.) Proceedings of Meta90 Workshop on Meta Programming in Logic, Leuven, Belgium, pp. 229–244 (1990)
Grosof, B., Poon, T.: Representing agent contracts with exceptions using XML rules, ontologies and process descriptions. In: WWW 2003, pp. 340–349 (2003)
Hill, P., Gallagher, J.: Meta-programming in logic programming. In: Gabbay, D.M., Hogger, C.J., Robinson, J.A. (eds.) Handbook of Logic in Artificial Intelligence and Logic Programming. Oxford Science Publications, vol. 5, pp. 421–497. Oxford University Press, London (1998)
Jajodia, S., Samarati, P., Sapino, M., Subrahmanian, V.: Flexible support for multiple access control policies. ACM TODS 26(2), 214–260 (2001)
Jones, N.D.: Partial evaluation, self-application and types. In: Paterson, M.S. (ed.) Automata, Languages and Programming. LNCS, vol. 443, pp. 639–659. Springer, Berlin (1990)
Jones, N.D., Gomard, C.K., Sestoft, P.: Partial Evaluation and Automatic Program Generation. Prentice Hall, New York (1993)
Kunen, K.: Signed data dependencies in logic programs. J. Log. Program. 7(3), 231–245 (1989)
Lakhotia, A., Sterling, L.: How to control unfolding when specializing interpreters. New Gener. Comput. 8, 61–70 (1990)
Leuschel, M.: Homeomorphic embedding for online termination of symbolic methods. In: Mogensen, T.Æ., Schmidt, D., Sudborough, I.H. (eds.) The Essence of Computation—Essays Dedicated to Neil Jones. LNCS, vol. 2566, pp. 379–403. Springer, Berlin (2002)
Leuschel, M., Bruynooghe, M.: Logic program specialisation through partial deduction: Control issues. Theory Practice Log. Program. 2(4–5), 461–515 (2002)
Leuschel, M., Schreye, D.D.: Creating specialised integrity checks through partial evaluation of meta-interpreters. JLP 36(1), 149–193 (1998)
Leuschel, M., Martens, B., De Schreye, D.: Controlling generalisation and polyvariance in partial deduction of normal logic programs. ACM Trans. Program. Lang. Syst. 20(1), 208–258 (1998)
Leuschel, M., Craig, S., Bruynooghe, M., Vanhoof, W.: Specializing interpreters using offline partial deduction. In: Bruynooghe, M., Lau, K.-K. (eds.) Program Development in Computational Logic. LNCS, vol. 3049, pp. 341–376. Springer, Berlin (2004)
Leuschel, M., Jørgensen, J., VanHoof, W., Bruynooghe, M.: Offline specialisation in Prolog using a hand-written compiler generator. TPLP 4(1), 139–191 (2004)
Lloyd, J.W.: Foundations of Logic Programming. Springer, Berlin (1987)
Makholm, H.: On Jones-optimal specialization for strongly typed languages. In: Taha, W. (ed.) Semantics, Applications, and Implementation of Program Generation. LNCS, vol. 1924, pp. 129–148. Springer, Berlin (2000)
Martens, B.: On the semantics of meta-programming and the control of partial deduction in logic programming. PhD thesis, K.U. Leuven (February 1994)
Martens, B., Gallagher, J.: Ensuring global termination of partial deduction while allowing flexible polyvariance. In: Sterling, L. (ed.) Proceedings ICLP’95, Kanagawa Japan, June 1995, pp. 597–613. MIT Press, Cambridge (1995)
NIST: The economic impact of role-based access control. NIST Planning Report 02-01 (2002)
Przymusinski, T.: On the declarative semantics of deductive databases and logic programming. In: Minker, J. (ed.) Foundations of Deductive Databases and Logic Programming, pp. 193–216. Morgan Kaufmann, San Mateo (1988)
Sagonas, K., Swift, T., Warren, D.S.: XSB as an efficient deductive database engine. In: Proceedings of the ACM SIGMOD International Conference on the Management of Data, Minneapolis, Minnesota, May 1994, pp. 442–453. ACM Press, New York (1994)
Sahlin, D.: Mixtus: an automatic partial evaluator for full prolog. New Gener. Comput. 12(1), 7–51 (1993)
Sandhu, R., Ferraiolo, D., Kuhn, R.: The NIST model for role-based access control: towards a unified standard. In: Proc. 4th ACM Workshop on Role-Based Access Control, pp. 47–61 (2000)
SETA: A marketing survey of civil federal government organizations to determine the need for RBAC security product. SETA Corporation (1996)
Vanhoof, W., Martens, B.: To parse or not to parse. In: Fuchs, N. (ed.) Logic Program Synthesis and Transformation, Proceedings of LOPSTR’97, Leuven, Belgium, July 1997. LNCS, vol. 1463, pp. 322–342. Springer, Berlin (1997)
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Barker, S., Leuschel, M. & Varea, M. Efficient and flexible access control via Jones-optimal logic program specialisation. Higher-Order Symb Comput 21, 5–35 (2008). https://doi.org/10.1007/s10990-008-9030-8
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10990-008-9030-8