Designing and evaluating weighted delegatable authorizations

    Research output: Contribution to journalArticlepeer-review

    1 Citation (Scopus)

    Abstract

    This paper studies logic-based methods for representing and evaluating complex access control policies needed by modern applications. In our framework, authorization and delegation rules are specified in a weighted delegatable authorization program, which is an extended logic program. We show how extended logic programs can be used to specify complex security policies, which support weighted administrative privilege delegation, weighted positive and negative authorizations, and weighted authorization propagations. We also present a conflict resolution method that enables flexible delegation control by considering priorities of authorization grantors and weights of authorizations. We show how this method can be specialized to achieve many of the current existing conflict resolution methods. A number of rules are provided to achieve delegation depth control, conflict resolution, and authorization and delegation propagations. We also show how to use SMODELS to implement weighted delegatable authorization program.
    Original languageEnglish
    Pages (from-to)3877-3891
    Number of pages15
    JournalConcurrency and Computation
    Volume27
    Issue number15
    DOIs
    Publication statusPublished - 2015

    Keywords

    • access control
    • logic programming

    Fingerprint

    Dive into the research topics of 'Designing and evaluating weighted delegatable authorizations'. Together they form a unique fingerprint.

    Cite this