DocumentCode :
2994933
Title :
A logical framework for reasoning on data access control policies
Author :
Bertino, Elisa ; Buccafurri, Francesco ; Ferrari, Elena ; Rullo, Pasquale
Author_Institution :
Dipartimento di Sci. dell´´Inf., Milan Univ., Italy
fYear :
1999
fDate :
1999
Firstpage :
175
Lastpage :
189
Abstract :
We propose a logic formalism that naturally supports the encoding of complex security specifications. This formalism relies on a hierarchically structured domain made of subjects, objects and privileges. Authorizations are expressed by logic rules. The formalism supports both negation by failure (possibly unstratified) and true negation. The latter is used to express negative authorizations. It turns out that conflicts may result from a set of authorization rules. Dealing with such conflicts requires the knowledge of the domain structure, such as grantor priorities and object/subject hierarchies, which is used in the deductive process to determine which authorization prevails, if any, on the others. Often, however, conflicts are unsolvable, as they express intrinsic ambiguities. We have devised two semantics as an extension of the well-founded and the stable model semantics of logic programming. We have also defined a number of access policies, each based on two orthogonal choices: one is related to the way of how we cope with multiplicity of authorization sets in case of stable model semantics; the other is concerned with the open/closed assumption. A comparative analysis of the proposed authorization policies, based on their degree of permissivity shows that they form a complete lattice
Keywords :
authorisation; formal logic; inference mechanisms; logic programming; access policies; authorization; complex security specifications; data access control policies; hierarchically structured domain; logic programming; logic rules; logical framework; negation by failure; open closed assumption; reasoning; stable model semantics; true negation; well-founded semantics; Access control; Authorization; Collaborative software; Collaborative work; Cooperative systems; Electrical capacitance tomography; Prototypes; Read only memory; Security; Software libraries;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Computer Security Foundations Workshop, 1999. Proceedings of the 12th IEEE
Conference_Location :
Mordano
ISSN :
1063-6900
Print_ISBN :
0-7695-0201-6
Type :
conf
DOI :
10.1109/CSFW.1999.779772
Filename :
779772
Link To Document :
بازگشت