Reasoning on weighted delegatable authorizations

Chun Ruan*, Vijay Varadharajan

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference proceeding contributionpeer-review

2 Citations (Scopus)


This paper studies logic based methods for representing and evaluating complex access control policies needed by modern database applications. In our framework, authorization and delegation rules are specified in a Weighted Delegatable Authorization Program (WDAP) which is an extended logic program. We show how extended logic programs can be used to specify complex security policies which support weighted administrative privilege delegation, weighted positive and negative authorizations, and weighted authorization propagations. We also propose a conflict resolution method that enables flexible delegation control by considering priorities of authorization grantors and weights of authorizations. A number of rules are provided to achieve delegation depth control, conflict resolution, and authorization and delegation propagations.

Original languageEnglish
Title of host publicationDatabase and Expert Systems Applications - 20th International Conference, DEXA 2009, Proceedings
Place of PublicationBerlin, Heidelberg
Number of pages8
Volume5690 LNCS
Publication statusPublished - 2009
Event20th International Conference on Database and Expert Systems Applications, DEXA 2009 - Linz, Austria
Duration: 31 Aug 20094 Sep 2009

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume5690 LNCS
ISSN (Print)03029743
ISSN (Electronic)16113349


Other20th International Conference on Database and Expert Systems Applications, DEXA 2009


Dive into the research topics of 'Reasoning on weighted delegatable authorizations'. Together they form a unique fingerprint.

Cite this