Logic-based reasoning on delegatable authorizations

Chun Ruan, Vijay Varadharajan, Yan Zhang

Research output: Chapter in Book/Report/Conference proceedingConference proceeding contributionpeer-review

7 Citations (Scopus)

Abstract

In this paper, we propose a logic program based formulation that supports delegatable authorizations, where negation as failure, classical negation and rules inheritance are allowable. A conflict resolution policy has been developed in our approach that can be used to support the controlled delegation and exception. In our framework, authorization rules are specified in a Delegatable Authorization Program (DAP) which is an extended logic program associated with different types of partial orderings on the domain, and these orderings specify various inheritance relationships among subjects, objects and access rights in the domain. The semantics of a DAP is defined based on the well-known stable model and the conflict resolution is achieved in the process of model generation for the underlying DAP. Our framework provides users a feasible way to express complex security policies.

Original languageEnglish
Title of host publicationFoundations of Intelligent Systems - 13th International Symposium, ISMIS 2002, Proceedings
EditorsMohand-Saïd Hacid
Place of PublicationBerlin; New York
PublisherSpringer, Springer Nature
Pages185-193
Number of pages9
Volume2366 LNAI
ISBN (Print)3540437851, 9783540437857
Publication statusPublished - 2002
Externally publishedYes
Event13th International Symposium on Methodologies for Intelligent Systems, ISMIS 2002 - Lyon, France
Duration: 27 Jun 200229 Jun 2002

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume2366 LNAI
ISSN (Print)03029743
ISSN (Electronic)16113349

Other

Other13th International Symposium on Methodologies for Intelligent Systems, ISMIS 2002
CountryFrance
CityLyon
Period27/06/0229/06/02

Fingerprint Dive into the research topics of 'Logic-based reasoning on delegatable authorizations'. Together they form a unique fingerprint.

Cite this