TY - GEN
T1 - Reasoning about the state change of authorization policies
AU - Bai, Yun
AU - Caprin, Edward
AU - Zhang, Yan
PY - 2015
Y1 - 2015
N2 - Reasoning about authorization policies has been a prominent issue in information security research. In a complex information sharing and exchange environment, a user's request may initiate a sequence of executions of authorization commands in order to decide whether such request should be granted or denied. Becker and Nanz's logic of State- Modifying Policies (SMP) is a formal system addressing such problem in access control. In this paper, we provide a declarative semantics for SMP through a translation from SMP to Answer Set Programming (ASP). We show that our translation is sound and complete for bounded SMP reasoning. With this translation, we are able not only to directly compute users' authorization query answers, but also to specifically extract information of how users' authorization states change in relation to the underlying query answering. In this way, we eventually avoid SMP's tedious proof system and significantly simply the SMP reasoning process. Furthermore, we argue that the proposed ASP translation of SMP also provides a flexibility to enhance SMP's capacity for accommodating more complex authorization reasoning problems that the current SMP lacks.
AB - Reasoning about authorization policies has been a prominent issue in information security research. In a complex information sharing and exchange environment, a user's request may initiate a sequence of executions of authorization commands in order to decide whether such request should be granted or denied. Becker and Nanz's logic of State- Modifying Policies (SMP) is a formal system addressing such problem in access control. In this paper, we provide a declarative semantics for SMP through a translation from SMP to Answer Set Programming (ASP). We show that our translation is sound and complete for bounded SMP reasoning. With this translation, we are able not only to directly compute users' authorization query answers, but also to specifically extract information of how users' authorization states change in relation to the underlying query answering. In this way, we eventually avoid SMP's tedious proof system and significantly simply the SMP reasoning process. Furthermore, we argue that the proposed ASP translation of SMP also provides a flexibility to enhance SMP's capacity for accommodating more complex authorization reasoning problems that the current SMP lacks.
KW - access control
KW - intelligent agents (computer software)
KW - knowledge representation (information theory)
KW - logic programming
KW - semantics
UR - http://handle.uws.edu.au:8081/1959.7/uws:33455
UR - http://www.ieaaie2015.org/main/default.asp
U2 - 10.1007/978-3-319-19066-2_11
DO - 10.1007/978-3-319-19066-2_11
M3 - Conference Paper
SN - 9783319190655
SP - 109
EP - 119
BT - Current Approaches in Applied Artificial Intelligence, 28th International Conference on Industrial, Engineering and Other Applications of Applied Intelligent Systems, IEA/AIE 2015, Seoul, South Korea, June 10-12, 2015: Proceedings
PB - Springer
T2 - International Conference on Industrial & Engineering Applications of Artificial Intelligence & Expert Systems
Y2 - 10 June 2015
ER -