• DocumentCode
    2509658
  • Title

    A logic for state transformations in authorization policies

  • Author

    Bai, Yun ; Varadharajan, Vijay

  • Author_Institution
    Dept. of Comput., West Sydney Univ., Australia
  • fYear
    1997
  • fDate
    10-12 Jun 1997
  • Firstpage
    173
  • Lastpage
    182
  • Abstract
    In a multi-user information-sharing system, an authorization policy provides the ability to limit and control access to system, applications and information. In the real world, an authorization policy has temporal properties. That is, it needs to be updated to capture the changing requirements of applications, systems and users. These updates are implemented via transformations of the authorization policies. In this paper, we propose a logic-based approach to specify and to reason about state transformations in authorization policies. An authorization policy is specified using a policy base which comprises a finite set of facts and access constraints. We define the structure of the policy transformation and employ a model-based semantics to perform the transformation under the principle of minimal change. Furthermore, we extend the model-based semantics by introducing preference ordering to resolve possible conflicts during the transformation of policies. We also discuss the implementation of the model-based transformation approach and outline the relevant algorithms
  • Keywords
    authorisation; multi-access systems; security of data; temporal logic; access constraints; access control; authorization policies; changing requirements; conflict resolution; logic; minimal change; model-based semantics; multi-user information-sharing system; policy base; policy transformation; preference ordering; state transformations; temporal properties; updating; Australia; Authorization; Computer networks; Control systems; Distributed computing; Information security; Intelligent networks; Logic; Mechanical factors; Permission;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Computer Security Foundations Workshop, 1997. Proceedings., 10th
  • Conference_Location
    Rockport, MA
  • ISSN
    1063-6900
  • Print_ISBN
    0-8186-7990-5
  • Type

    conf

  • DOI
    10.1109/CSFW.1997.596810
  • Filename
    596810