Access control is a significant issue in any secure database system. In this paper, we develop a logic programming based approach for temporal decentralized authorization administration in which users can be delegated, granted or forbidden some access rights for restricted periods of time. Three major aspects are taken into consideration for the semantics of the program, the temporal authorization delegation correctness, temporal authorization propagation and temporal authorization conflict resolution. In particular, a conflict resolution method based on the underlying delegation relation and temporal relation is presented, which can support controlled temporal delegation, temporal authorization suspension or exception and the automatic authorization update. The approach provides users a useful way to express complex security policy with time constraints.
|Number of pages||10|
|Journal||Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)|
|Publication status||Published - 2003|