Sushil Jajodia, Pierangela Samarati, and V. S. Subrahmanian. A logical language for expressing authorizations. In SP '97: Proceedings of the 1997.  Home/Search   Document Details and Download   Summary   Related Articles   Check

....whether the type of access is allowed. In runtime system based approaches [12,13] a runtime system enforces specific controls over accesses to various objects. Each method first calls a resource monitor which checks to ensure that the method call is permitted. In language based techniques [14 18] access control policies are specified along with a program specification. A compiler not only generates code for the program but also code to enforce security policies. In this paper, we present an alternate approach for specifying and enforcing access control over mobile programs written in ....

Jajodia S, Pierangela S, Subrahmanian VS. A logical language for expressing authorizations. Proceedings of the 1997 Symposium on Security and Privacy, 1997; 31--42.

....(decideexpression always true) The second rule states that payment order approvals are only allowed if the author is not the owner of the payment order. The domain decide type of construction described above is simple, yet it is more powerful than the permission and prohibition construction [23], in which each rule is exclusively a permission or a prohibition. A permission prohibition rule just identifies the events that are allowed denied from others. It cannot identify simultaneously the events that are allowed, the events that are denied, and the events that are neither allowed nor ....

....policies are active only if instantiated and inserted into another policy, except for the master policy, which is activated implicitly by the security service. The result is a hierarchical tree of active policies with the master policy on top. This structure has several advantages over a flat one [4, 23, 39]. First, it clearly identifies which rules are related with each other, simplifying the global understanding of the policy. Second, it allows the dynamic activation and deactivation of policies, by inserting and removing them from other policies. Third, it partially solves the problem of ....

[Article contains additional citation context not shown here]

S. Jajodia, P. Samarati, and V. S. Subrahmanian. A logical language for expressing authorizations. In SympSecPr, Research in Security and Privacy, Oakland, CA, May 1997. IEEECSP.

....policies and credentials as a knowledge representation problem. We further adopt an approach that has been proved very successful in knowledge representation: the logicprogramming approach. Logic programming based languages for representing security policies have been studied before (e.g. [6, 40, 41]) but previous work focused on centralized environments and did not address the delegation aspect of distributed authorization. In this dissertation, we propose the logic programming based language Delegation Logic (DL) as a trust management language. Our approach in designing Delegation Logic ....

....or a piece of information in transmission. The label indicates the sensitivity level of the data. This mechanism is used to implement MAC. 15 Language based approaches to access control Recently, there has been considerable research interest in language based approaches to access control [6, 19, 40, 41, 66, 72, 73]. The goal is to provide a language that can support multiple access control policies and achieve separation of policies from mechanisms. Most work uses logic programming (LP) languages [6, 40, 41] some other work [66, 73] uses languages that can be easily translated to LP languages. One ....

[Article contains additional citation context not shown here]

Sushil Jajodia, Pierangela Samarati, and V. S. Subrahmanian, "A Logical Language for Expressing Authorizations," in Proceedings of the 1997.

....implementation and analyse appropriate protocols. The ideas expressed in [8] lie at a different level from ours, as the focus there is exclusively on access control. The theoretical work can be broadly divided in two main streams: logics, where the trust engine is responsible for constructing [5, 4, 12 14] or checking [1] a proof that the desired request is valid; and computational models [21, 7] like our approach. Burrows et al. propose the BAN logic [5] a language for expressing properties of and reasoning about the authentication process between two entities. The language is founded on ....

....encrypted statements, secrets, nonce freshness and statement jurisdiction. In [4] Abadi et al. enhance the language by introducing delegation and groups of principals: each principal can have a particular role in particular actions. The Authorisation Specification Language (ASL) by Jajodia et al. [12] separates explicitly policies and basic mechanisms, so as to allow a more flexible approach to the specification and implementation of trust systems. ASL supports under a common architectural framework both the closed policy model, whereby all allowable accesses must be specified, and the open ....

Sushil Jajodia, Pierangela Samarati, and V. S. Subrahmanian. A logical language for expressing authorizations. In Proc. of the 1997 IEEE Symposium on Security and Privacy, Oakland, CA, 1997.

....revocation speech act nullifies an existing right (whether policy based or delegation based) of an entity. An entity can request another entity for a right or to perform an action on its behalf and an entity can also cancel any previously made request. Though policy languages like Ponder [7] ASL [8], PolicyMaker [14] and KeyNote [5] support delegation of Root of Rei ontology Proposition Entity (Name,Location, Affliation,Owner Action (Assoc Policy) Permission Prohibition Obligation Agent Object Delegation Request Revocation Cancel Domain Action (Name,Target, PreCond,Effect) Speech ....

....without any conditions attached. This is not very practical and may cause security breeches. This approach also has no support for delegation of obligations. Jajodia et al. describe the specifications of a language based on stratified logic that tries to support different access control policies [8]. Their Authorization Specification Language (ASL) allows users to not only specify authorization policies, but also specify the way the decisions over these policies are made. ASL depends heavily on the authors understanding and interpretation of groups and roles, whereas in our policy language, ....

S. Jajodia, P. Samarati, and V. S. Subrahmanian. A Logical Language for Expressing Authorizations. In IEEE Symposium on Security and Privacy. Oakland, CA, 1997.

....the same time, it explicitly exhibits all needed operational details such as to allow for an e#cient and comprehensive formal analysis of administrative behavior. 1.1 Related Work Our Modular Authorization approach [14, 15] is based on, and extends, the work done by S. Jajodia, R. Sandhu et al. [2, 5, 6]. As mentioned above Modular Authorization features a multi layer formula structure as much as a distributed evaluation procedure, for both higher e#ciency and better availability of services. Like Sandhu et al. 10, 11] we utilize our modular access control concept for modeling and analyzing ....

....Manager Developer Prog. Customer Figure 2: Role Hierarchy 3. MODULAR AUTHORIZATION In order to overcome some drawbacks of a centralized security administration in a distributed system we presented the concept of Modular Authorization [14] This approach extended the research documented in [5, 6] for supporting a decentralized definition and administration of the security policies. 3.1 Roles and Units As in other models that are based on role based access control (RBAC) e.g. 2] a role is a job function or job title within the organization with some associated semantics regarding the ....

S. Jajodia, P. Samarati, and V. S. Subrahmanian. A logical language for expressing authorizations. In Proceedings of the IEEE Symp. on Research in Security and Privacy, pages 31--42, Oakland, CA, May 1997. IEEE Computer Society Press.

No context found.

Jajodia, S., Samarati, P., and Subrahmanian, V. 1997. A logical language for expressing authorizations. In Proc. IEEE Symp. on Security and Privacy (Oakland, CA, 1997), pp. 94--107.

....the requirements of the global enterprise, whereas authorizations on the instance may be the responsibility of the creator of the document. We also hypothesize that normal DTD authorizations are dominated by instance level ones (following the general principle that more speci c authorizations win [6, 9] and that an instance level authorization is more speci c than a DTD level one) but we also consider the need for an organization to have assurance that some of the DTD authorizations are not overruled. Thus, we permit the de nition of hard DTD authorizations, which dominate instance level ....

S. Jajodia, P. Samarati, and V. S. Subrahmanian. A Logical Language for Expressing Authorizations. In Proc. of the IEEE Symposium on Security and Privacy, pages 31-42, Oakland, CA, May 1997.

No context found.

Sushil Jajodia, Pierangela Samarati, and V. S. Subrahmanian. A logical language for expressing authorizations. In SP '97: Proceedings of the 1997.

No context found.

S. Jajodia, P. Samarati, and V.S. Subrahmanian. A Logical Language for Expressing Authorizations. In Proc. of the IEEE Symposium on Security and Privacy, pages 31--42, 1997.

No context found.

Sushil Jajodia, Pierangela Samarati, and V. S. Subrahmanian. A logical language for expressing authorizations. In SP '97: Proceedings of the 1997.

No context found.

S. Jajodia, P. Samarati, and V. S. Subrahmanian. A logical language for expressing authorizations. In IEEE Symposium on Security and Privacy. Oakland, CA, pages 31--42, 1997.

No context found.

S. Jajodia, P. Samarati, and V. Subrahmanian. A Logical Language for Expressing Authorizations. In Proceedings IEEE Symposium on Security and Privacy (S&P'97), 1997.

No context found.

S. Jajodia, P. Samarati, and V. S. Subrahmanian. A logical language for expressing authorizations. In Proc. of the 1997.

No context found.

S. Jajodia, P. Samarati, and V. S. Subrahmanian. A logical language for expressing authorizations. In Proc. of the IEEE Symposium on Security and Privacy, pages 31--42. IEEE Computer Society Press, 1997.

No context found.

S. Jajodia, P. Samarati, V. S. Subrahmanian, "A Logical Language for Expressing Authorizations", Proceedings of the IEEE Symposium on Security and Privacy, Oakland, California, USA, May 1997, IEEE Press.

No context found.

Sushil Jajodia, Pierangela Samarati, and V. S. Subrahmanian. A logical language for expressing authorizations. In Proceedings of the 1997.

No context found.

Jajodia, S., Samarati, P., and Subrahmanian, V. (1997a). A Logical Language for Expressing Authorizations. In IEEE Symposium on Security and Privacy, pages 31--43, Oakland, CA.

No context found.

S. Jajodia, P. Samarati, and V. S. Subrahmanian. A logical language for expressing authorizations. In Proc. of the 1997.

No context found.

Sushil Jajodia, Pierangela Samarati, and V. S. Subrahmanian. A logical language for expressing authorizations. In Proceedings of the IEEE Symp. on Research in Security and Privacy, pages 31--42, Oakland, CA, May 1997.

No context found.

S. Jajodia, P. Samarati, and V.S. Subrahmanian. A logical language for expressing authorizations. In Proc. IEEE Symposium on Security and Privacy, 1997.

No context found.

S. Jajodia, P. Samarati, and V. S. Subrahmanian. A Logical Language for Expressing Authorizations. In IEEE Symposium on Security and Privacy. Oakland, CA, 1997.

No context found.

S. Jajodia, P. Samarati, and V.S. Subrahmanian, "A Logical Language for Expressing Authorizations," Proc. IEEE Symp. Security and Privacy, pp. 31-42, 1997.

No context found.

S. Jajodia, P. Samarati, and V. S. Subrahmanian. A logical language for expressing authorizations. In Proc. of the 1997.

No context found.

S. Jajodia, P.Samarati and V.S.Subrahmanian. "A Logical Language for Expressing Authorizations" IEEE Symposium on Security and Privacy 1997, p31-42.

First 50 documents  Next 50

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC