Reasoning on weighted delegatable authorizations

Chun Ruan, Vijay Varadharajan

    Research output: Contribution to journalArticle

    2 Citations (Scopus)

    Abstract

    This paper studies logic based methods for representing and evaluating complex access control policies needed by modern database applications. In our framework, authorization and delegation rules are specified in a Weighted Delegatable Authorization Program (WDAP) which is an extended logic program. We show how extended logic programs can be used to specify complex security policies which support weighted administrative privilege delegation, weighted positive and negative authorizations, and weighted authorization propagations. We also propose a conflict resolution method that enables flexible delegation control by considering priorities of authorization grantors and weights of authorizations. A number of rules are provided to achieve delegation depth control, conflict resolution, and authorization and delegation propagations.
    Original languageEnglish
    Pages (from-to)279-286
    Number of pages8
    JournalLecture Notes in Computer Science
    Volume5690
    Publication statusPublished - 2009

    Keywords

    • Weighted Delegatable Authorization Program
    • access control
    • authorization
    • authorization delegation
    • databases
    • logic programming
    • security measures

    Fingerprint

    Dive into the research topics of 'Reasoning on weighted delegatable authorizations'. Together they form a unique fingerprint.

    Cite this