Abstract
In this paper, we propose a logic based approach to specify and to reason about transformation of authorization policies. The authorization policy is specified using a policy base which comprises a finite set of facts and access constraints. We define the structure of the policy transformation and employ a model-based semantics to perform the transformation under the principle of minimal change. Furthermore, we extend model-based semantics by introducing preference ordering to resolve possible conflicts during transformation of policies. We also discuss the implementation of the model-based transformation approach and analyse the complexity of the algorithms introduced. Our system is able to represent both implicit and incomplete authorization requirements and reason about nonmonotonic properties.
| Original language | English |
|---|---|
| Pages (from-to) | 333-357 |
| Number of pages | 25 |
| Journal | Data and Knowledge Engineering |
| Volume | 45 |
| Issue number | 3 |
| DOIs | |
| Publication status | Published - Jun 2003 |
Keywords
- Authorization policy
- Logic based specification
- Security
- Transformations