Abstract
In this paper, we propose a logic based approach to specify and to reason about transformation of authorization policies. The authorization policy is specified using a policy base which comprises a finite set of facts and access constraints. We define the structure of the policy transformation and employ a model-based semantics to perform the transformation under the principle of minimal change. Furthermore, we extend model-based semantics by introducing preference ordering to resolve possible conflicts during transformation of policies. We also discuss the implementation of the model-based transformation approach and analyse the complexity of the algorithms introduced. Our system is able to represent both implicit and incomplete authorization requirements and reason about nonmonotonic properties.
Original language | English |
---|---|
Pages (from-to) | 333-357 |
Number of pages | 25 |
Journal | Data and Knowledge Engineering |
Volume | 45 |
Issue number | 3 |
DOIs | |
Publication status | Published - Jun 2003 |