Efficient and flexible access control via logic program specialisation

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Efficient and flexible access control via logic program specialisation

Full text

Pdf (303 KB)

Source

ACM/SIGPLAN Workshop Partial Evaluation and Semantics-Based Program Manipulation archive
Proceedings of the 2004 ACM SIGPLAN symposium on Partial evaluation and semantics-based program manipulation table of contents

Verona, Italy

Pages: 190 - 199

Year of Publication: 2004

ISBN:1-58113-835-0

Authors

Steve Barker	King's College, The Strand, UK
Michael Leuschel	University of Southampton, Highfield, UK
Mauricio Varea	University of Southampton, Highfield, UK

Sponsors

SIGPLAN: ACM Special Interest Group on Programming Languages
ACM: Association for Computing Machinery

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 0, Downloads (12 Months): 18, Citation Count: 4

Additional Information:

abstract references cited by index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1014007.1014026 What is a DOI?

ABSTRACT

We describe the use of a flexible meta-interpreter for performing access control checks on deductive databases. The meta-program is implemented in Prolog and takes as input a database and an access policy specification. We then proceed to specialise the meta-program for a given access policy and intensional database by using the logen partial evaluation system. In addition to describing the programs involved in our approach, we give a number of performance measures for our implementation of an access control checker, and we discuss the implications of using this approach for access control on deductive databases. In particular, we show that by using our approach we get flexible access control with virtually zero overhead.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Steve Barker, Protecting deductive databases from unauthorized retrieval and update requests, Data & Knowledge Engineering, v.43 n.3, p.293-315, December 2002 [doi>10.1016/S0169-023X(02)00126-X]
	2	S. Barker. Web usage control in rsclp. In Proc. 18th IFIP WG Conf. on Database Security, 2004.
	3	Steve Barker , Peter J. Stuckey, Flexible access control policy specification with constraint logic programming, ACM Transactions on Information and System Security (TISSEC), v.6 n.4, p.501-546, November 2003 [doi>10.1145/950191.950194]
	4	Elisa Bertino , Claudio Bettini , Elena Ferrari , Pierangela Samarati, An access control model supporting periodicity constraints and temporal reasoning, ACM Transactions on Database Systems (TODS), v.23 n.3, p.231-285, Sept. 1998 [doi>10.1145/293910.293151]
	5	E. Bertino , B. Catania , E. Ferrari , P. Perlasca, A System to Specify and Manage Multipolicy Access Control Models, Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02), p.116, June 05-07, 2002
	6	A. Briney. Information security 2000. Information Security, pages 40--68, 2000.
	7	K. Clark. Negation as failure. In H. Gallaire and J. Minker, editors, Logic and Databases, pages 293--322. Plenum, 1978.
	8	C.J. Date, An Introduction to Database Systems, Addison-Wesley Longman Publishing Co., Inc., Boston, MA, 2003
	9	D. Ferraiolo, J. Cugini, and R. Kuhn. Role-based access control (RBAC): Features and motivations. In Proc. of the 11th Annual Computer Security Applications Conf., pages 241--248, 1995.
	10	Y. Futamura. Partial evaluation of a computation process --- an approach to a compiler-compiler. Systems, Computers, Controls, 2(5):45--50, 1971.
	11	Benjamin N. Grosof , Terrence C. Poon, SweetDeal: representing agent contracts with exceptions using XML rules, ontologies, and process descriptions, Proceedings of the 12th international conference on World Wide Web, May 20-24, 2003, Budapest, Hungary [doi>10.1145/775152.775200]
	12	Sushil Jajodia , Pierangela Samarati , Maria Luisa Sapino , V. S. Subrahmanian, Flexible support for multiple access control policies, ACM Transactions on Database Systems (TODS), v.26 n.2, p.214-260, June 2001 [doi>10.1145/383891.383894]
	13	Neil D. Jones, Partial Evaluation, Self-Application and Types, Proceedings of the 17th International Colloquium on Automata, Languages and Programming, p.639-659, July 16-20, 1990
	14	Neil D. Jones , Carsten K. Gomard , Peter Sestoft, Partial evaluation and automatic program generation, Prentice-Hall, Inc., Upper Saddle River, NJ, 1993
	15	M. Leuschel, S. Craig, M. Bruynooghe, and W. Vanhoof. Specializing interpreters using offline partial deduction. In M. Bruynooghe and K.-K. Lau, editors, Program Development in Computational Logic, LNCS 3049, pages 341--376. Springer-Verlag, 2004.
	16	Michael Leuschel , Jesper Jørgensen , Wim Vanhoof , Maurice Bruynooghe, Offline specialisation in Prolog using a hand-written compiler generator, Theory and Practice of Logic Programming, v.4 n.2, p.139-191, January 2004 [doi>10.1017/S1471068403001662]
	17	M. Leuschel and D. D. Schreye. Creating specialised integrity checks through partial evaluation of meta-interpreters. JLP, 36(1):149--193, 1998.
	18	Henning Makholm, On Jones-Optimal Specialization for Strongly Typed Languages, Proceedings of the International Workshop on Semantics, Applications, and Implementation of Program Generation, p.129-148, September 20, 2000
	19	K. Marriott and P. Stuckey. Programming with Constraints: an Introduction. MIT Press, 1998.
	20	T. C. Przymusinski, On the declarative semantics of deductive databases and logic programs, Foundations of deductive databases and logic programming, Morgan Kaufmann Publishers Inc., San Francisco, CA, 1988
	21	K. Sagonas, T. Swift, D. Warren, J. Freire, and P. Rao. The XSB System Version 2.0, Programmer's Manual, 1999.
	22	Konstantinos Sagonas , Terrance Swift , David S. Warren, XSB as an efficient deductive database engine, Proceedings of the 1994 ACM SIGMOD international conference on Management of data, p.442-453, May 24-27, 1994, Minneapolis, Minnesota, United States
	23	Ravi Sandhu , David Ferraiolo , Richard Kuhn, The NIST model for role-based access control: towards a unified standard, Proceedings of the fifth ACM workshop on Role-based access control, p.47-63, July 26-28, 2000, Berlin, Germany [doi>10.1145/344287.344301]

CITED BY 4

	Michael Leuschel , Dan Elphick , Mauricio Varea , Stephen-John Craig , Marc Fontaine, The Ecce and Logen partial evaluators and their web interfaces, Proceedings of the 2006 ACM SIGPLAN symposium on Partial evaluation and semantics-based program manipulation, January 09-10, 2006, Charleston, South Carolina
	Radha Jagadeesan , Will Marrero , Corin Pitcher , Vijay Saraswat, Timed constraint programming: a declarative approach to usage control, Proceedings of the 7th ACM SIGPLAN international conference on Principles and practice of declarative programming, p.164-175, July 11-13, 2005, Lisbon, Portugal
	Steve Barker , Michael Leuschel , Mauricio Varea, Efficient and flexible access control via Jones-optimal logic program specialisation, Higher-Order and Symbolic Computation, v.21 n.1-2, p.5-35, June 2008
	Steve Barker , Marek J. Sergot , Duminda Wijesekera, Status-Based Access Control, ACM Transactions on Information and System Security (TISSEC), v.12 n.1, p.1-47, October 2008