Logic Program for Authorizations
Authors: Yun Bai
Abstract:
As a security mechanism, authorization is to provide access control to the system resources according to the polices and rules specified by the security strategies. Either by update or in the initial specification, conflicts in authorization is an issue needs to be solved. In this paper, we propose a new approach to solve conflict by using prioritized logic programs and discuss the uniqueness of its answer set. Addressing conflict resolution from logic programming viewpoint and the uniqueness analysis of the answer set provide a novel, efficient approach for authorization conflict resolution.
Keywords: authorization, formal specification, conflict resolution, prioritized logic program.
Digital Object Identifier (DOI): doi.org/10.5281/zenodo.1080139
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1477References:
[1] K.R. Apt and R.N. Bol, Logic programming and negation: A survey. Journal of Logic Programming, 19,20 (1994) 9-71.
[2] E. Bertino, F. Buccafurri, E. Ferrari and P. Rullo, "A Logic-based Approach for Enforcing Access Control". Computer Security, vol.8, No.2-2, pp109-140, 2000.
[3] E. Bertino, B. Catania, E. Ferrari and P. Perlasca, "A Logical Framework for Reasoning about Access Control Models". ACM Transactions on Information and System Security, Vol.6, No.1, pp71-127, 2003.
[4] J. Chomicki, J. Lobo and S. Naqvi, "A Logical Programming Approach to Conflict Resolution in Policy Management". Proceedings of International Conference on Principles of Knowledge Representation and Reasoning, pp121-132, 2000.
[5] V. Crescini and Y. Zhang, "A logic Based Approach for Dynamic Access Control". Proceedings of 17th Australian Joint Conference on Artifi cial Intelligence (AI 2004), pp623-635, 2004.
[6] M. Gelfond and V. Lifschitz, The stable model semantics for logic programming. In Proceedings of the Fifth Joint International Conference and Symposium, pp 1070-1080. MIT Press, 1988.
[7] M. Gelfond and V. Lifschitz, Classical negation in logic programs and disjunctive databases. New Generation Computing, 9 (1991) 365-386.
[8] S. Jajodia, P. Samarati, M.L. Sapino and V.S. Subrahmanian, "Flexible Support for Multiple Access Control Policies". ACM Transactions on Database Systems, Vol.29, No.2, pp214-260, 2001.
[9] N. Li, B. Grosof and J. Feigenbaum, "Delegation Logic: A Logicbased Approach to Distributed Authorization". ACM Transactions on Information and System Security, Vol.6, No.1, pp128-171, 2003.
[10] T.Y.C. Woo and S.S. Lam, "Authorization in Distributed systems: A Formal Approach". Proceedings of IEEE Symposium on Research in Security and Privacy, pp33-50, 1992.
[11] Y. Zhang and Y. Bai, "The Characterization on the Uniqueness of Answer Set for Prioritized Logic Programs". Proceedings of the International Symposium on methodologies on Intelligent Systems, pp349-356, 2003.
[12] Y. Zhang, C.M. Wu and Y. Bai Implementing Prioritized Logic Programming, AI Communications, Vol.14, No. 4, pp183-196, 2001.