Abstract
Constraints are an integral part of access control policies. Depending upon their time of enforcement, they are categorized as static or dynamic; static constraints are enforced during the policy compilation time, and the dynamic constraints are enforced during run time. While there are several logic-based access control policy frameworks, they have a limited power in expressing and enforcing constraints (especially the dynamic constraints). We propose dynFAF, a constraint logic programming based approach for expressing and enforcing constraints. To make it more concrete, we present our approach as an extension to the flexible authorization framework (FAF) of Jajodia et al. [17]. We show that dynFAF satisfies standard safety and liveliness properties of a safety conscious software system.
Chapter PDF
Similar content being viewed by others
References
Ahn, G., Sandhu, R.: Role-based authorization constraints specification. ACM Transactions on Information and Systems Security 3(4), 207–226 (2000)
Apt, K.R., Blair, H., Walker, A.: Towards a theory of declarative knowledge. In: Foundations of Deductive Databases and Logic Programming, pp. 89–148. Morgan Kaufmann, San Francisco (1988)
Baral, C., Subrahmanian, V.S.: Stable and extension class theory for logic programs and default theories. Journal of Automated Reasoning 8(3), 345–366 (1992)
Barker, S., Stuckey, P.: Flexible access control policy specification with constraint logic programming. ACM Transactions on Information and System Security 6(4), 501–546 (2004)
Bertino, E., Atluri, V.: The specification and enforcement of authorization constraints in workflow management. ACM Transactions on Information Systems Security 2(1), 65–104 (1999)
Bertino, E., Catania, B., Ferrari, E., Perlasca, P.: A logical framework for reasoning about access control models. ACM Transactions on Information and System Security 6(1), 71–127 (2003)
Chan, D.: Constructive negation based on the completed databases. In: Kowalski, R.A., Bowen, K.A. (eds.) Proc. International Conference on Logic Programming (ICLP), pp. 111–125. MIT Press, Cambridge (1988)
Chan, D.: An extension of constructive negation and its application in coroutining. In: Lusk, E., Overbeek, R. (eds.) Proc. North-American Conference on Logic Programming, pp. 477–489. MIT Press, Cambridge (1989)
Chen, S., Wijesekera, D., Jajodia, S.: Incorporating dynamic constraints in the flexible authorization framework. Technical Report CSIS-TR-04-01, Center for Secure Information Systems, George Mason University (June 2004)
Fages, F.: Constructive negation by pruning. Journal of Logic Programming 32(2), 85–118 (1997)
Fitting, M.: A kripke-kleene semantics for logic programs. Journal of Logic Programming 2(4), 295–312 (1985)
Fitting, M., Ben-Jacob, M.: Stratified, weak stratified, and three-valued semantics. Fundamenta Informaticae, Special issue on LOGIC PROGRAMMING 13(1), 19–33 (1990)
Francois, F., Roberta, G.: A hierarchy of semantics for normal constraint logic programs. In: Algebraic and Logic Programming, pp. 77–91 (1996)
Gelfond, M., Lifschitz, L.: The stable model semantics for logic programming. In: Proc. Fifth International Conference and Symposium on Logic Programming, pp. 1070–1080 (1988)
Jaeger, T.: On the increasing importance of constraints. In: Proc. of the Fourth Role Based Access Control, Fairfax, VA, pp. 33–42 (1999)
Jaeger, T., Prakash, A., Liedtke, J., Islam, N.: Flexible control of downloaded executable content. ACM Transactions on Information Systems Security 2(2), 177–228 (1999)
Jajodia, S., Samarati, P., Sapino, M.L., Subrahmanian, V.S.: Flexible support for multiple access control policies. ACM Transactions on Database Systems 26(2), 214–260 (2001)
Kunen, K.J.: Negation in logic programming. Journal of Logic Programming 4(4), 298–308 (1987)
Nayanchama, M., Osborn, S.: The role graph model and conflict of interest. ACM Transactions on Information and Systems Security 2(1), 3–33 (1999)
Osborn, S., Sandhu, R., Munawer, Q.: Configuring role-based access control to enforce mandatory and discretionary access control policies. ACM Transactions on Information and Systems 3(2), 85–106 (2000)
Sandhu, R., Coyne, E., Feinstein, H., Youman, C.: Role-based access control models. IEEE Computer 29(2), 38–47 (1996)
Stuckey, P.: Constructive negation for constraint logic programming. In: Logic in Computer Science, pp. 328–339 (1991)
Stuckey, P.: Negation and constraint logic programming. Information and Computation 118(1), 12–33 (1995)
van Gelder, A.: The alternating fixpoint of logic programs with negation. In: Proc. 8th ACM Symposium on Principles of Database Systems, pp. 1–10 (1989)
Woo, T.Y.C., Lam, S.S.: Authorizations in distributed systems: A new approach. Journal of Computer Security 2(2-3), 107–136 (1993)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Chen, S., Wijesekera, D., Jajodia, S. (2004). Incorporating Dynamic Constraints in the Flexible Authorization Framework. In: Samarati, P., Ryan, P., Gollmann, D., Molva, R. (eds) Computer Security – ESORICS 2004. ESORICS 2004. Lecture Notes in Computer Science, vol 3193. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30108-0_1
Download citation
DOI: https://doi.org/10.1007/978-3-540-30108-0_1
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-22987-2
Online ISBN: 978-3-540-30108-0
eBook Packages: Springer Book Archive