Abstract
In this paper, we propose a logic program based formulation that supports delegatable authorizations, where negation as failure, classical negation and rules inheritance are allowable. A conflict resolution policy has been developed in our approach that can be used to support the controlled delegation and exception. In our framework, authorization rules are specified in a Delegatable Authorization Program (DAP) which is an extended logic program associated with different types of partial orderings on the domain, and these orderings specify various inheritance relationships among subjects, objects and access rights in the domain. The semantics of a DAP is defined based on the well-known stable model and the conflict resolution is achieved in the process of model generation for the underlying DAP. Our framework provides users a feasible way to express complex security policies.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
E. Bertino, F. buccafurri, E. Ferrari, P. Rullo, A logical framework for reasoning on data access control policies. proceedings of the 12th IEEE Computer Society Foundations Workshop, pp. 175–189, 1999.
J. Crampton, G. Loizou, G. O’Shea A logic of access control. The Computer Journal, vol. 44, pp. 54–66, 2001.
M. Gelfond and V. Lifschitz, Classical negation in logic programs and disjunctive databases. New Generation Computing, 9:pp365–385, 1991.
S. Jajodia, P. Samarati, and V.S. Subrahmanian, A logical language for expressing authorizations. Proc. of the 1997 IEEE Symposium on Security and Privacy, pp 31–42, 1997.
C. Ruan and V. Varadharajan, Resolving conflicts in authorization delegations. Submitted, 2002.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Ruan, C., Varadharajan, V., Zhang, Y. (2002). Logic-Based Reasoning on Delegatable Authorizations. In: Hacid, MS., Raś, Z.W., Zighed, D.A., Kodratoff, Y. (eds) Foundations of Intelligent Systems. ISMIS 2002. Lecture Notes in Computer Science(), vol 2366. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-48050-1_22
Download citation
DOI: https://doi.org/10.1007/3-540-48050-1_22
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-43785-7
Online ISBN: 978-3-540-48050-1
eBook Packages: Springer Book Archive