ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Flexible access control policy specification with constraint logic programming
Full text PdfPdf (422 KB)
Source ACM Transactions on Information and System Security (TISSEC) archive
Volume 6 ,  Issue 4  (November 2003) table of contents
Pages: 501 - 546  
Year of Publication: 2003
ISSN:1094-9224
Authors
Steve Barker  King's College, University of London, Strand, London
Peter J. Stuckey  University of Melbourne, Melbourne, Australia
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 11,   Downloads (12 Months): 118,   Citation Count: 20
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/950191.950194
What is a DOI?

ABSTRACT

We show how a range of role-based access control (RBAC) models may be usefully represented as constraint logic programs, executable logical specifications. The RBAC models that we define extend the "standard" RBAC models that are described by Sandhu et al., and enable security administrators to define a range of access policies that may include features, like denials of access and temporal authorizations, that are often useful in practice, but which are not widely supported in existing access control models. Representing access policies as constraint logic programs makes it possible to support certain policy options, constraint checks, and administrator queries that cannot be represented by using related methods (like logic programs). Representing an access control policy as a constraint logic program also enables access requests and constraint checks to be efficiently evaluated.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

1
Gail-Joon Ahn , Ravi Sandhu, Role-based authorization constraints specification, ACM Transactions on Information and System Security (TISSEC), v.3 n.4, p.207-226, Nov. 2000  [doi>10.1145/382912.382913]
 
2
Vijayalakshmi Atluri , Wei-kuang Huang, An Authorization Model for Workflows, Proceedings of the 4th European Symposium on Research in Computer Security: Computer Security, p.44-64, September 25-27, 1996
 
3
Steve Barker, Data Protection by Logic Programming, Proceedings of the First International Conference on Computational Logic, p.1300-1314, July 01, 2000
 
4
Steve Barker, Protecting Deductive Databases from Unauthorized Retrievals, Proceedings of the IFIP TC11/ WG11.3 Fourteenth Annual Working Conference on Database Security: Data and Application Security, Development and Directions, p.185-196, August 21-23, 2000
 
5
Steve Barker, TRBAC: A Temporal Authorization Model, Proceedings of the International Workshop on Information Assurance in Computer Networks: Methods, Models, and Architectures for Network Security, p.178-188, May 21-23, 2001
 
6
Steve Barker , Arnon Rosenthal, Flexible security policies in SQL, Proceedings of the fifteenth annual working conference on Database and application security, p.167-180, July 15-18, 2001, Niagara, Ontario, Canada
7
Elisa Bertino , Claudio Bettini , Elena Ferrari , Pierangela Samarati, An access control model supporting periodicity constraints and temporal reasoning, ACM Transactions on Database Systems (TODS), v.23 n.3, p.231-285, Sept. 1998  [doi>10.1145/293910.293151]
8
Elisa Bertino , Piero Andrea Bonatti , Elena Ferrari, TRBAC: a temporal role-based access control model, Proceedings of the fifth ACM workshop on Role-based access control, p.21-30, July 26-28, 2000, Berlin, Germany  [doi>10.1145/344287.344298]
 
9
E. Bertino , B. Catania , E. Ferrari , P. Perlasca, A System to Specify and Manage Multipolicy Access Control Models, Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02), p.116, June 05-07, 2002
 
10
Silvana Castano , Maria Grazia Fugini , Giancarlo Martella , Pierangela Samarati, Database security, ACM Press/Addison-Wesley Publishing Co., New York, NY, 1995
 
11
L. Cavedon , J. W. Lloyd, A completeness theorem for SLDNF resolution, Journal of Logic Programming, v.7 n.3, p.177-191, Nov. 1989  [doi>10.1016/0743-1066(89)90020-4]
 
12
C. J. Date, An introduction to database systems (7th ed.), Addison-Wesley Longman Publishing Co., Inc., Boston, MA, 1999
 
13
Ferraiolo, D., Cugini, J., and Kuhn, R. 1995. Role-based access control (RBAC): Features and motivations. In Proceedings of the 11th Annual Computer Security Applications Conference, 241--248.
 
14
Gelfond, M. and Lifschitz, V. 1988. The stable model semantics for logic programming. In Proceedings of 5th International Conference and Symposium on Logic Programming. R. Kowalski and K. Bowen, Eds. MIT Press, Cambridge, MA, 1070--1080.
 
15
Samir Genaim , Michael Codish, Inferring Termination Conditions for Logic Programs Using Backwards Analysis, Proceedings of the Artificial Intelligence on Logic for Programming, p.685-694, December 03-07, 2001
 
16
S. Greco , N. Leone , P. Rullo, COMPLEX: An Object-Oriented Logic Programming System, IEEE Transactions on Knowledge and Data Engineering, v.4 n.4, p.344-359, August 1992  [doi>10.1109/69.149930]
17
Joxan Jaffar , Spiro Michaylov , Peter J. Stuckey , Roland H. C. Yap, The CLP( R ) language and system, ACM Transactions on Programming Languages and Systems (TOPLAS), v.14 n.3, p.339-395, July 1992  [doi>10.1145/129393.129398]
18
Sushil Jajodia , Pierangela Samarati , Maria Luisa Sapino , V. S. Subrahmanian, Flexible support for multiple access control policies, ACM Transactions on Database Systems (TODS), v.26 n.2, p.214-260, June 2001  [doi>10.1145/383891.383894]
19
Andrew D. Kelly , Kim Marriott , Andrew MacDonald , Peter J. Stuckey , Roland Yap, Optimizing compilation of CLP( R ), ACM Transactions on Programming Languages and Systems (TOPLAS), v.20 n.6, p.1223-1250, Nov. 1998  [doi>10.1145/295656.295661]
 
20
Robert A. Kowalski, Logic for Problem Solving, Prentice Hall PTR, Upper Saddle River, NJ, 1979
 
21
J. W. Lloyd, Foundations of logic programming; (2nd extended ed.), Springer-Verlag New York, Inc., New York, NY, 1987
 
22
Kim Marriott , Harald Søndergaard , Philip Dart, A characterization of non-floundering logic programs, Proceedings of the 1990 North American conference on Logic programming, p.661-680, January 1990, Austin, Texas, United States
 
23
Marriott, K. and Stuckey, P. 1998. Programming with Constraints: An Introduction. MIT Press, Cambridge, MA.
 
24
T. C. Przymusinski, On the declarative semantics of deductive databases and logic programs, Foundations of deductive databases and logic programming, Morgan Kaufmann Publishers Inc., San Francisco, CA, 1988
 
25
Reiter, R. 1980. A logic for default reasoning. Artificial Intelligence 13, 81--132.
26
Ravi Sandhu , Venkata Bhamidipati , Edward Coyne , Srinivas Ganta , Charles Youman, The ARBAC97 model for role-based administration of roles: preliminary description and outline, Proceedings of the second ACM workshop on Role-based access control, p.41-50, November 06-07, 1997, Fairfax, Virginia, United States  [doi>10.1145/266741.266752]
 
27
Ravi S. Sandhu , Edward J. Coyne , Hal L. Feinstein , Charles E. Youman, Role-Based Access Control Models, Computer, v.29 n.2, p.38-47, February 1996  [doi>10.1109/2.485845]
28
Ravi Sandhu , David Ferraiolo , Richard Kuhn, The NIST model for role-based access control: towards a unified standard, Proceedings of the fifth ACM workshop on Role-based access control, p.47-63, July 26-28, 2000, Berlin, Germany  [doi>10.1145/344287.344301]
 
29
SICStus 1999. Sicstus prolog home page. http://www.sics.se/sicstus/.
 
30
Chris Speirs , Zoltan Somogyi , Harald Søndergaard, Termination Analysis for Mercury, Proceedings of the 4th International Symposium on Static Analysis, p.160-171, September 08-10, 1997
 
31
Sterling, L. and Shapiro, E. 1994. The Art of PROLOG. MIT Press, Cambridge, MA.
 
32
Peter J. Stuckey, Negation and constraint logic programming, Information and Computation, v.118 n.1, p.12-33, April 1995  [doi>10.1006/inco.1995.1048]
 
33
Woo, T. and Lam, S. 1993. Authorizations in distributed systems: A new approach. Journal of Computer Security 2, 2/3, 107--136.

CITED BY  20
Steve Barker , Michael Leuschel , Mauricio Varea, Efficient and flexible access control via logic program specialisation, Proceedings of the 2004 ACM SIGPLAN symposium on Partial evaluation and semantics-based program manipulation, p.190-199, August 24-25, 2004, Verona, Italy
Lingyu Wang , Duminda Wijesekera , Sushil Jajodia, A logic-based framework for attribute based access control, Proceedings of the 2004 ACM workshop on Formal methods in security engineering, October 29-29, 2004, Washington DC, USA
Radha Jagadeesan , Will Marrero , Corin Pitcher , Vijay Saraswat, Timed constraint programming: a declarative approach to usage control, Proceedings of the 7th ACM SIGPLAN international conference on Principles and practice of declarative programming, p.164-175, July 11-13, 2005, Lisbon, Portugal
Steve Barker, Action-status access control, Proceedings of the 12th ACM symposium on Access control models and technologies, June 20-22, 2007, Sophia Antipolis, France
Petros Belsis , Stefanos Gritzalis , Sokratis K. Katsikas, Partial and Fuzzy Constraint Satisfaction to Support Coalition Formation, Electronic Notes in Theoretical Computer Science (ENTCS), 179, p.75-86, July, 2007
Michael LeMay , Omid Fatemieh , Carl A. Gunter, PolicyMorph: interactive policy transformations for a logical attribute-based access control framework, Proceedings of the 12th ACM symposium on Access control models and technologies, June 20-22, 2007, Sophia Antipolis, France
Jong P. Yoon, Presto Authorization: A Bitmap Indexing Scheme for High-Speed Access Control to XML Documents, IEEE Transactions on Knowledge and Data Engineering, v.18 n.7, p.971-987, July 2006
Clara Bertolissi , Maribel Fernández, A rewriting framework for the composition of access control policies, Proceedings of the 10th international ACM SIGPLAN conference on Principles and practice of declarative programming, July 15-17, 2008, Valencia, Spain
Tsung-Yi Chen, Knowledge sharing in virtual enterprises via an ontology-based access control approach, Computers in Industry, v.59 n.5, p.502-519, May, 2008
Joachim Biskup , Julia Hielscher , Sandra Wortmann, A Trust- and Property-based Access Control Model, Electronic Notes in Theoretical Computer Science (ENTCS), v.197 n.2, p.169-177, February, 2008
Wiliam H. Winsborough , Anna C. Squicciarini , Elisa Bertino, Information carrying identity proof trees, Proceedings of the 2007 ACM workshop on Privacy in electronic society, October 29-29, 2007, Alexandria, Virginia, USA
Steve Barker , Michael Leuschel , Mauricio Varea, Efficient and flexible access control via Jones-optimal logic program specialisation, Higher-Order and Symbolic Computation, v.21 n.1-2, p.5-35, June 2008
Steve Barker, Access control by action control, Proceedings of the 13th ACM symposium on Access control models and technologies, June 11-13, 2008, Estes Park, CO, USA
Ji-Won Byun , Ninghui Li, Purpose based access control for privacy protection in relational database systems, The VLDB Journal — The International Journal on Very Large Data Bases, v.17 n.4, p.603-619, July 2008
Steve Barker , Marek J. Sergot , Duminda Wijesekera, Status-Based Access Control, ACM Transactions on Information and System Security (TISSEC), v.12 n.1, p.1-47, October 2008
Zhengping Wu , Alfred C. Weaver, Requirements of federated trust management for service-oriented architectures, Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services, October 30-November 01, 2006, Markham, Ontario, Canada
Steve Barker, The next 700 access control models or a unifying meta-model?, Proceedings of the 14th ACM symposium on Access control models and technologies, June 03-05, 2009, Stresa, Italy
Steve Barker , Gill Lowen, Event-oriented Web-based E-trading, Electronic Notes in Theoretical Computer Science (ENTCS), 235, p.35-53, April, 2009
Steve Barker , Clara Bertolissi , Maribel Fernández, Action Control by Term Rewriting, Electronic Notes in Theoretical Computer Science (ENTCS), 234, p.19-36, March, 2009
Claude Kirchner , Hélène Kirchner , Anderson Santana de Oliveira, Analysis of Rewrite-Based Access Control Policies, Electronic Notes in Theoretical Computer Science (ENTCS), 234, p.55-75, March, 2009

INDEX TERMS

Primary Classification:
  H. Information Systems
  H.2 DATABASE MANAGEMENT
      H.2.7 Database Administration
          Subjects: Security, integrity, and protection

Additional Classification:
  D. Software
  D.3 PROGRAMMING LANGUAGES
      D.3.2 Language Classifications
          Subjects: Constraint and logic languages

  K. Computing Milieux
  K.6 MANAGEMENT OF COMPUTING AND INFORMATION SYSTEMS
      K.6.5 Security and Protection (D.4.6, K.4.2)


General Terms:
Security


Keywords:
Role-based access control, constraint logic programming

Collaborative Colleagues:
Steve Barker: colleagues
Peter J. Stuckey: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player