A General Logic-Based Authorization Model

نویسنده

  • W. R. Cook
چکیده

The system-security literature contains numerous papers on authorization which are written according to the following scheme. The authors select a specific situation commonly occurring in a business setting and then describe a formalization of a specific policy that allows for solving the problem of the access to information (in varying granularity: collections of objects, tables, records or even specific fields in records). We discuss several such policies and show how a first-order logic and its extension by means of the fixpoint operation can be used to formalize all these policies.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Authorization models for secure information sharing: a survey and research agenda

This article presents a survey of authorization models and considers their 'fitness-for-purpose' in facilitating information sharing. Network-supported information sharing is an important technical capability that underpins collaboration in support of dynamic and unpredictable activities such as emergency response, national security, infrastructure protection, supply chain integration and emerg...

متن کامل

Logic Based Authorization Policy Engineering

This paper presents an engineering process for authorization policy development. This process includes formal specification, verification, testing and integration. A general architecture along with supporting toolset is described. In addition, a practical solution based on logic programming is further discussed. Finally, an example demonstrating the application of the methodology is provided.

متن کامل

A Logic Model for Temporal Authorization Delegation with Negation

In this paper, we present a logic based approach to temporal decentralized authorization administration that supports time constrained authorization delegations, both positive and negative authorizations, and implicit authorizations. A set of domain-independent rules are given to capture the features of temporal delegation correctness, temporal conflict resolution and temporal authorization pro...

متن کامل

Access control in ultra-large-scale systems using a data-centric middleware

  The primary characteristic of an Ultra-Large-Scale (ULS) system is ultra-large size on any related dimension. A ULS system is generally considered as a system-of-systems with heterogeneous nodes and autonomous domains. As the size of a system-of-systems grows, and interoperability demand between sub-systems is increased, achieving more scalable and dynamic access control system becomes an im...

متن کامل

Satisfiability and Feasibility in a Relationship-Based Workflow Authorization Model

A workflow authorization model is defined in the framework of Relationship-Based Access Control (ReBAC), in which the protection state is a social network. Armed with this model, we study a new decision problem called workflow feasibility. The goal is to ensure that the space of protection states contains at least one member in which the workflow specification can be executed to completion. We ...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2011