Provisional Authorizations

  • Sushil Jajodia
  • Michiharu Kudo
  • V. S. Subrahmanian
Part of the Advances in Information Security book series (ADIS, volume 2)


Past generations of access control systems, when faced with an access request, have issued a “yes” (resp. “no”) answer to the access request resulting in access being granted (resp. denied). In this chapter, we ar­gue that for the world’s rapidly proliferating business to business (B2B) applications and auctions, “yes/no” responses are just not enough. We propose the notion of a “provisional authorization” which intuitively says “You may perform the desired access provided you cause condition C to be satisfied.” For instance, a user accessing an online brokerage may receive some information if he fills out his name/address, but not otherwise. While a variety of such provisional authorization mecha­nisms exist on the web, they are all hardcoded on an application by application basis. We show that given (almost) any logic L, we may define a provisional authorization specification language pASLL. pASLL is based on the declarative, polynomially evaluable authorization spec­ification language ASL proposed by Jajodia et al [JSS97]. We define programs in pASLL, and specify how given any access request, we must find a “weakest” precondition under which the access can be granted (in the worst case, if this weakest precondition is “false” this amounts to a denial). We develop a model theoretic semantics for pASLL and show how it can be applied to online sealed-bid auction servers and online contracting.


Predicate Symbol Access Control Policy Access Request Derivation Rule Authorization Language 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [AEK+99]
    K. Arisha, T. Eiter, S. Kraus, F. Ozcan, R. Ross, and V. S. Subrahmanian. IMPACT: Interactive Maryland Platform for Agents Collaborating Together. IEEE Intelligent Systems, pages 64–72, March 1999.Google Scholar
  2. M. Blaze, J. Feigenbaum, J. Ioannidis, and A. Keromytis. The KeyNote trust management system (version 2). Technical report, In­ternet RFC,
  3. [BFL96]
    M. Blaze, J. Feigenbaum, and J. Lacy. Decentralized trust management. In Proc. IEEE Symp. on Security and Privacy, pages 164–173, May 1996.Google Scholar
  4. [BN89]
    D. F. C. Brewer and M. J. Nash. The Chinese wall security pol­icy. In Proc. Symp. on Security and Privacy, pages 215–228, Oakland, CA, May 1989.Google Scholar
  5. [CFMS94]
    Silvana Castano, Mariagrazia Fugini, Giancarlo Martella, and Pierangela Samarati. Database Security. Addison-Wesley, Read­ing, MA, 1994.Google Scholar
  6. [Den83]
    Dorothy E. Denning. Cryptography and Data Security. Addison-Wesley, Reading, MA, 1983.Google Scholar
  7. [FR96]
    M. K. Franklin and M. K. Reiter. The design and implementa­tion of a secure auction service. IEEE Trans. on Software Engineering,22(5):302–312, May 1996.CrossRefGoogle Scholar
  8. [JSS97]
    Sushil Jajodia, Pierangela Samarati, and V. S. Subrahmanian. A logical language for expressing authorizations. In Proc. IEEE Symp. on Security and Privacy, pages 31–42, Oakland, CA, May 1997.Google Scholar
  9. [JSSB97]
    [] Sushil Jajodia, Pierangela Samarati, V. S. Subrahmanian, and Elisa Bertino. A unified framework for enforcing multiple access con­trol policies. In Proc. ACM SIGMOD Int’l. Conf. on Management of Data, pages 474–485, Tucson, AZ, May 1997.Google Scholar
  10. [KF98]
    [] Manoj Kumar and Stuart I. Feldman. Internet auctions. In Third USENIX Workshop on Electronic Commerce, 1998.Google Scholar
  11. [KPS95]
    Charlie Kaufman, Radia Perlman, and Make Speciner. Network Security: Private Communication in a Public World. Prentice—Hall, Englewood Cliffs, NJ, 1995.Google Scholar
  12. Michiharu Kudo. Secure electronic sealed-bid auction protocol with public key cryptography. IEICE Transactions on Fundamentals of Electronics,Communications and Computer Sciences, E81-A(1), January 1998.Google Scholar
  13. [L1o87]
    J. W. Lloyd. Foundations of Logic Programming. Springer, 1987.Google Scholar
  14. Paul Milgrom. Auctions and bidding: A primer. Journal of Economic Perspectives, 3(3):3–22, Summer 1989.Google Scholar
  15. [MM87]
    R.P McAfee and John McMillan. Auctions and bidding. Jour­nal of Economic Literature, 25(2):699–738, June 1987.Google Scholar
  16. T. Przymusinski. On the declarative semantics of deductive databases and logic programs In J. Minker, editor, Foundations of deductive databases,pages 193–216. Morgan Kaufmann, San Mateo, 1988.Google Scholar
  17. [Sho67]
    [] J. Shoenfield. Mathematical Logic. Addison Wesly, 1967.Google Scholar
  18. [SNS88]
    J. G. Stener, B. C. Neuman, and J. I. Schiller. Kerberos: An authentication service for open network systems. In Proc. USENIX Conf., February 1988.Google Scholar
  19. [Vic61]
    David Vickrey. Counter speculation, auctions, and competitive sealed tenders. Journal of Finance, pages 9–37, March 1961.Google Scholar
  20. [WL93]
    Thomas Y. C. Woo and Simon S. Lam. Authorizations in dis­tributed systems: A new approach. Journal of Computer Security, 2(2,3):107–136, 1993.Google Scholar

Copyright information

© Springer Science+Business Media New York 2001

Authors and Affiliations

  • Sushil Jajodia
    • 1
  • Michiharu Kudo
    • 2
  • V. S. Subrahmanian
    • 3
  1. 1.Center for Secure Information SystemsGeorge Mason UniversityFairfax
  2. 2.Tokyo Research LaboratoryIBM Japan LtdShimotsuruma, Yamato-shiJapan
  3. 3.Institute for Advanced Computer Studies Institute for Systems Research and Department of Computer ScienceUniversity of MarylandMaryland

Personalised recommendations