Abstract
Data protection is a significant issue in any secure information system. In this paper, we develop a decentralized authorization delegation model in which users can be delegated, granted or forbidden some access rights. This security model is formulated as an extended logic program which allows both negation as failure and classical negation. The stable model semantics is used to decide the users' access rights on data items. Under the proposed framework, conflicting problem is addressed and a promising resolution method is presented based on the underlying delegation relations and hierarchical structures of subjects, objects and access rights. The authorization inheritance are also supported in our model. Finally, as an application, we show how this framework can support different electronic consent models within the context of health care.
Original language | English |
---|---|
Title of host publication | Proceedings of the International Conference on Security and Management, SAM 2003 |
Editors | H.R. Arabnia, Y. Mun |
Place of Publication | Berlin Heidelberg |
Pages | 267-273 |
Number of pages | 7 |
Volume | 1 |
Publication status | Published - 2003 |
Externally published | Yes |
Event | Proceedings of the International Conference on Security and Management, SAM 2003 - Las vegas, NV, United States Duration: 23 Jun 2004 → 26 Jun 2004 |
Other
Other | Proceedings of the International Conference on Security and Management, SAM 2003 |
---|---|
Country/Territory | United States |
City | Las vegas, NV |
Period | 23/06/04 → 26/06/04 |
Keywords
- Access control
- Authorization
- Information security
- Logic programming