Belnap’s Logic in Sharing Protected Web Resources

  • Sylvia Encheva
  • Sharil Tumin
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4693)


In this paper we present a model that can prevent conflict situations caused by applying both positive and negative authorizations for access to a resource. Such conflict situations may occur if an organization has decentralized administration, and/or several collaborating organizations have access to one resource and some of them apply positive authorizations while others apply negative authorizations. The proposed solution involves Belnap’s logic.


Collaboration positive and negative authorization 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Al-Kahtani, M., Sandhu, R.: Rule-based RBAC with negative authorization. In: 20th Annual Computer Security Applications Conference, Arizona (2004)Google Scholar
  2. 2.
    Belnap, N.J.: How a computer should think. In: Contemporary Aspects of Philosophy. Proceedings of the Oxford International Symposia, Oxford, GB, pp. 30–56 (1975)Google Scholar
  3. 3.
    Belnap, N.J.: A useful four valued logic. In: Dunn, J.M., Epstain, G. (eds.) Modern uses of multiple-valued logic, pp. 8–37. D. Reidel Publishing Co., Dordrecht (1977)Google Scholar
  4. 4.
    Bertino, E., Bonatti, P.A., Ferrari, E.: TRBAC: A temporal Role-Based Access Control model. ACM Tr. on ISS 3(3), 191–223 (2001)Google Scholar
  5. 5.
    Bertino, E., Jajodia, S., Samarati, P.: A Flexible Authorization Mechanism for Relational Data Management System. ACM Transactions on Information Systems 17(2), 101–140 (1999)CrossRefGoogle Scholar
  6. 6.
    Bhatti, R., Bertino, E., Ghafoor, A., Joshi, J.B.D.: XML-based specification for Web services document security. IEEE Computer 37(4) (2004)Google Scholar
  7. 7.
    Davey, B.A., Priestley, H.A.: Introduction to lattices and order. Cambridge University Press, Cambridge (2005)zbMATHGoogle Scholar
  8. 8.
    Ferraiolo, D., Cugini, J., Kuhn, D.R.: Role-Based Access Control (RBAC): Features and motivations. In: 1995 Computer Security Applications Conference, pp. 241–248 (1995)Google Scholar
  9. 9.
    Ferraiolo, D., Kuhn, D.R., Chandramouli, R.: Role-Based Access Control. Artech House, Computer Security Series (2003)Google Scholar
  10. 10.
    Schwoon, S., Jha, S., Reps, T., Stubblebine, S.: On generalized authorization problems. In: Proc. 16th IEEE Computer Security Foundations Workshop, Asilomar, Pacific Grove, CA, June 30-July 2, 2003, pp. 202–218. IEEE Computer Society Press, Los Alamitos (2003)Google Scholar
  11. 11.

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Sylvia Encheva
    • 1
  • Sharil Tumin
    • 2
  1. 1.Stord/Haugesund University College, Bjørnsonsg. 45, 5528 HaugesundNorway
  2. 2.University of Bergen, IT-Dept., P.O. Box 7800, 5020 BergenNorway

Personalised recommendations