Logic for state transformations in authorization policies

Yun Bai*, Vijay Varadharajan

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

18 Citations (Scopus)


In a multi-user, information-sharing system, authorization policy provides the ability to limit and control access to system, applications and information. In the real world, an authorization policy has temporal properties. That is, it needs to be updated to capture the changing requirements of applications, systems and users. These updates are implemented via transformation of authorization policies. In this paper, we propose a logic based approach to specify and to reason about state transformations in authorization policies. The authorization policy is specified using a policy base which comprises a finite set of facts and access constraints. We define the structure of the policy transformation and employ a model-based semantics to perform the transformation under the principle of minimal change. Furthermore, we extend model-based semantics by introducing preference ordering to resolve possible conflicts during transformation of policies. We also discuss the implementation of the model based transformation approach and outline the relevant algorithms.

Original languageEnglish
Pages (from-to)173-182
Number of pages10
JournalProceedings of the Computer Security Foundations Workshop
Publication statusPublished - 1997
Externally publishedYes


Dive into the research topics of 'Logic for state transformations in authorization policies'. Together they form a unique fingerprint.

Cite this