On transformation of authorization policies

Yun Bai*, Vijay Varadharajan

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

7 Citations (Scopus)

Abstract

In this paper, we propose a logic based approach to specify and to reason about transformation of authorization policies. The authorization policy is specified using a policy base which comprises a finite set of facts and access constraints. We define the structure of the policy transformation and employ a model-based semantics to perform the transformation under the principle of minimal change. Furthermore, we extend model-based semantics by introducing preference ordering to resolve possible conflicts during transformation of policies. We also discuss the implementation of the model-based transformation approach and analyse the complexity of the algorithms introduced. Our system is able to represent both implicit and incomplete authorization requirements and reason about nonmonotonic properties.

Original languageEnglish
Pages (from-to)333-357
Number of pages25
JournalData and Knowledge Engineering
Volume45
Issue number3
DOIs
Publication statusPublished - Jun 2003

Fingerprint

Dive into the research topics of 'On transformation of authorization policies'. Together they form a unique fingerprint.

Cite this