As a security mechanism, authorization is to provide access control to the system resources according to the polices and rules specified by the security strategies. Either by update or in the initial specification, conflicts in authorization is an issue needs to be solved. In this paper, we propose a new approach to solve conflict by using prioritized logic programs and discuss the uniqueness of its answer set. Addressing conflict resolution from logic programming viewpoint and the uniqueness analysis of the answer set provide a novel, efficient approach for authorization conflict resolution.
[1] K.R. Apt and R.N. Bol, Logic programming and negation: A survey.
Journal of Logic Programming, 19,20 (1994) 9-71.
[2] E. Bertino, F. Buccafurri, E. Ferrari and P. Rullo, "A Logic-based
Approach for Enforcing Access Control". Computer Security, vol.8,
No.2-2, pp109-140, 2000.
[3] E. Bertino, B. Catania, E. Ferrari and P. Perlasca, "A Logical Framework
for Reasoning about Access Control Models". ACM Transactions on
Information and System Security, Vol.6, No.1, pp71-127, 2003.
[4] J. Chomicki, J. Lobo and S. Naqvi, "A Logical Programming Approach
to Conflict Resolution in Policy Management". Proceedings of International
Conference on Principles of Knowledge Representation and
Reasoning, pp121-132, 2000.
[5] V. Crescini and Y. Zhang, "A logic Based Approach for Dynamic Access
Control". Proceedings of 17th Australian Joint Conference on Artifi cial
Intelligence (AI 2004), pp623-635, 2004.
[6] M. Gelfond and V. Lifschitz, The stable model semantics for logic
programming. In Proceedings of the Fifth Joint International Conference
and Symposium, pp 1070-1080. MIT Press, 1988.
[7] M. Gelfond and V. Lifschitz, Classical negation in logic programs and
disjunctive databases. New Generation Computing, 9 (1991) 365-386.
[8] S. Jajodia, P. Samarati, M.L. Sapino and V.S. Subrahmanian, "Flexible
Support for Multiple Access Control Policies". ACM Transactions on
Database Systems, Vol.29, No.2, pp214-260, 2001.
[9] N. Li, B. Grosof and J. Feigenbaum, "Delegation Logic: A Logicbased
Approach to Distributed Authorization". ACM Transactions on
Information and System Security, Vol.6, No.1, pp128-171, 2003.
[10] T.Y.C. Woo and S.S. Lam, "Authorization in Distributed systems: A
Formal Approach". Proceedings of IEEE Symposium on Research in
Security and Privacy, pp33-50, 1992.
[11] Y. Zhang and Y. Bai, "The Characterization on the Uniqueness of
Answer Set for Prioritized Logic Programs". Proceedings of the International
Symposium on methodologies on Intelligent Systems, pp349-356,
2003.
[12] Y. Zhang, C.M. Wu and Y. Bai Implementing Prioritized Logic Programming,
AI Communications, Vol.14, No. 4, pp183-196, 2001.
[1] K.R. Apt and R.N. Bol, Logic programming and negation: A survey.
Journal of Logic Programming, 19,20 (1994) 9-71.
[2] E. Bertino, F. Buccafurri, E. Ferrari and P. Rullo, "A Logic-based
Approach for Enforcing Access Control". Computer Security, vol.8,
No.2-2, pp109-140, 2000.
[3] E. Bertino, B. Catania, E. Ferrari and P. Perlasca, "A Logical Framework
for Reasoning about Access Control Models". ACM Transactions on
Information and System Security, Vol.6, No.1, pp71-127, 2003.
[4] J. Chomicki, J. Lobo and S. Naqvi, "A Logical Programming Approach
to Conflict Resolution in Policy Management". Proceedings of International
Conference on Principles of Knowledge Representation and
Reasoning, pp121-132, 2000.
[5] V. Crescini and Y. Zhang, "A logic Based Approach for Dynamic Access
Control". Proceedings of 17th Australian Joint Conference on Artifi cial
Intelligence (AI 2004), pp623-635, 2004.
[6] M. Gelfond and V. Lifschitz, The stable model semantics for logic
programming. In Proceedings of the Fifth Joint International Conference
and Symposium, pp 1070-1080. MIT Press, 1988.
[7] M. Gelfond and V. Lifschitz, Classical negation in logic programs and
disjunctive databases. New Generation Computing, 9 (1991) 365-386.
[8] S. Jajodia, P. Samarati, M.L. Sapino and V.S. Subrahmanian, "Flexible
Support for Multiple Access Control Policies". ACM Transactions on
Database Systems, Vol.29, No.2, pp214-260, 2001.
[9] N. Li, B. Grosof and J. Feigenbaum, "Delegation Logic: A Logicbased
Approach to Distributed Authorization". ACM Transactions on
Information and System Security, Vol.6, No.1, pp128-171, 2003.
[10] T.Y.C. Woo and S.S. Lam, "Authorization in Distributed systems: A
Formal Approach". Proceedings of IEEE Symposium on Research in
Security and Privacy, pp33-50, 1992.
[11] Y. Zhang and Y. Bai, "The Characterization on the Uniqueness of
Answer Set for Prioritized Logic Programs". Proceedings of the International
Symposium on methodologies on Intelligent Systems, pp349-356,
2003.
[12] Y. Zhang, C.M. Wu and Y. Bai Implementing Prioritized Logic Programming,
AI Communications, Vol.14, No. 4, pp183-196, 2001.
@article{"International Journal of Engineering, Mathematical and Physical Sciences:61938", author = "Yun Bai", title = "Logic Program for Authorizations", abstract = "As a security mechanism, authorization is to provide access control to the system resources according to the polices and rules specified by the security strategies. Either by update or in the initial specification, conflicts in authorization is an issue needs to be solved. In this paper, we propose a new approach to solve conflict by using prioritized logic programs and discuss the uniqueness of its answer set. Addressing conflict resolution from logic programming viewpoint and the uniqueness analysis of the answer set provide a novel, efficient approach for authorization conflict resolution.
", keywords = "authorization, formal specification, conflict resolution, prioritized logic program.", volume = "1", number = "9", pages = "454-5", }
