Affiliation:
1. King's College, University of London, Strand, London
2. University of Melbourne, Melbourne, Australia
Abstract
We show how a range of role-based access control (RBAC) models may be usefully represented as constraint logic programs, executable logical specifications. The RBAC models that we define extend the "standard" RBAC models that are described by Sandhu et al., and enable security administrators to define a range of access policies that may include features, like denials of access and temporal authorizations, that are often useful in practice, but which are not widely supported in existing access control models. Representing access policies as constraint logic programs makes it possible to support certain policy options, constraint checks, and administrator queries that cannot be represented by using related methods (like logic programs). Representing an access control policy as a constraint logic program also enables access requests and constraint checks to be efficiently evaluated.
Publisher
Association for Computing Machinery (ACM)
Subject
Safety, Risk, Reliability and Quality,General Computer Science
Cited by
64 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献
1. Semantic Rule Based RBAC Extension Model for Flexible Resource Allocation;2019 12th International Symposium on Computational Intelligence and Design (ISCID);2019-12
2. CMCAP;Proceedings of the 24th ACM Symposium on Access Control Models and Technologies;2019-05-28
3. The specification and design of secure context-aware workflows;Expert Systems with Applications;2017-11
4. A Framework for Secure Data Collection and Management for Internet of Things;Proceedings of the 2nd Annual Industrial Control System Security Workshop on - ICSS '16;2016
5. Computational approaches to finding and measuring inconsistency in arbitrary knowledge bases;International Journal of Approximate Reasoning;2014-11