Abstract
A policy describes the conditions under which an action is permitted or forbidden. We show that a fragment of (multi-sorted) first-order logic can be used to represent and reason about policies. Because we use first-order logic, policies have a clear syntax and semantics. We show that further restricting the fragment results in a language that is still quite expressive yet is also tractable. More precisely, questions about entailment, such as “May Alice access the file?”, can be answered in time that is a low-order polynomial (indeed, almost linear in some cases), as can questions about the consistency of policy sets.
Funder
National Science Foundation
Air Force Office of Scientific Research
Office of Naval Research
Publisher
Association for Computing Machinery (ACM)
Subject
Safety, Risk, Reliability and Quality,General Computer Science
Reference48 articles.
1. A calculus for access control in distributed systems
2. Proof-carrying authentication
3. Apple Computer I. 2004. iTunes: Terms of sale. Available at http://www.apple.com/support/ itunes/legal/policies.html.]] Apple Computer I. 2004. iTunes: Terms of sale. Available at http://www.apple.com/support/ itunes/legal/policies.html.]]
4. An access control model supporting periodicity constraints and temporal reasoning
Cited by
41 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献
1. ProFact: A Provenance-Based Analytics Framework for Access Control Policies;IEEE Transactions on Services Computing;2021-11-01
2. eFLINT: a domain-specific language for executable norm specifications;Proceedings of the 19th ACM SIGPLAN International Conference on Generative Programming: Concepts and Experiences;2020-11-16
3. Methods and Tools for Policy Analysis;ACM Computing Surveys;2019-11-30
4. Efficiently Characterizing the Undefined Requests of a Rule-Based System;Lecture Notes in Computer Science;2018
5. A Probabilistic Logic of Cyber Deception;IEEE Transactions on Information Forensics and Security;2017-11