A logical framework for reasoning about access control models

ACM Transactions on Information and System Security

Volumn 6, Issue 1, 2003, Pages 71-127

  Bertino, Elisa ^a   Catania, Barbara ^b   Ferrari, Elena ^c   Perlasca, Paolo ^a  

^a UNIVERSITY OF MILAN   (Italy)

^b UNIVERSITY OF GENOA   (Italy)

^c UNIVERSITY OF INSUBRIA   (Italy)

Author keywords

Access control framework; Access control models analysis; Logic programming

Indexed keywords

ACCESS CONTROL MODELS; DATABASE ADMINISTRATION; MODEL SPECIFICATION;

C (PROGRAMMING LANGUAGE); COMPUTER SOFTWARE; DATA PRIVACY; DATABASE SYSTEMS; SEMANTICS;

SECURITY OF DATA;

EID: 0041524664     PISSN: 10949224     EISSN: None     Source Type: Journal    
DOI: 10.1145/605434.605437     Document Type: Article

References (43)

1. ADAM, N., ATLURT, V., BERTINO, B., AND FERRARI, E. 2002. A Content-Based Authorization Model for Digital Libraries. IEEE Trans. Knowl. Data Eng. 14, 2 (March/April), 296-315.
2. AGG. See http://tfs.cs.tu-berlin.de/agg/docu.html.
3. AMMANN, P. AND SANDHU, R. 1991. Safety Analysis for the Extended Schematic Protection Model. In Proceedings of the IEEE Symposium on Security and Privacy. Oakland, California, 87-97.
4. ATLURI, V. AND HUANG, W. 2000. A Petri Net Based Safety Analysis of Workflow Authorization Models. J. Comput. Secu. 8, 2&3.
5. BELL, D. AND PADULA, L. L. 1975. Secure Computer Systems: Unified Exposition and Multics Interpretation. Tech. Rep. ESD-TR-75-306, Hanscom Air Force Base, Bedford, MA.
6. BERTINO, E., BETTINI, C., FERRARI, E., AND SAMARATI, P. 1998. An Access Control Mechanism Supporting Periodicity Constraints and Temporal Reasoning. ACM Trans. Database Syst. 23, 3, 231-285.
7. BERTINO, E., BUCCAFURRI, F., FERRARI, E., AND RULLO, P. 2000. A Logic-Based Approach for Enforcing Access Control. J. Comput. Secu. 8, 2&3.
8. BERTINO, E., CATANIA, B., FERRARI, E., AND PERLASCA, P. 2002. A System to Specify and Manage Multipolicy Access Control Models. In Proceedings of the IEEE 3rd International Workshop on Policies for Distributed Systems and Networks.
9. BERTINO, E., FERRARI, E., AND ATLURI, V. 1999. The Specification and Enforcement of Authorization Constraints in Workflow Managenent Systems. ACM Trans. Inform. Syst. Secu. 2, 1, 65-104.
10. BERTINO, E., SAMARATI, P., AND JAJODIA, S. 1997. An Extended Authorization Model. IEEE Trans. Knowl. Data Engi. 9, 1 (January/February).
11. CASTANO, S., FUGINI, M., MARTELLA, G., AND SAMARATI, P. 1995. Database Security. Addison-Wesley.
12. CORAL. See ftp.cs.wisc.edu/coral/.
13. ECLiPSe. See http://www-icparc.doc.ic.ac.uk/eclipse/.
14. EHRIG, H., KREOWSKI, H., MONTANARI, U., AND ROZENBERG, G., Eds. 1999. Handbook of Graph Grammars and Computing by Graph Transformation, vol. 2 (Applications, Languages, and Tools). World Scientific.
15. FERNANDEZ, E., GUDES, E., AND SONG, H. 1994. A Model for Evaluation and Administration of Security in Object-Oriented Databases. IEEE Trans. Knowl. Data Eng. 6, 275-292.
16. FERRARI, E. AND THURAISINGHAM, B. 2000. Secure Database Systems. In Advanced Databases: Technology and Design, O. Diaz and M. Piattini, Eds. Artech House, London.
17. GAIFMAN, H., MAIRSON, H., SAGIV, Y., AND VARDI, M. 1987. Undeoidable Optimization Problems in Database Logic Programs. In Proceedings of the 2nd IEEE Symposium on Logic in Computer. 106-115.
18. GLAUERT, J., KENNAWAY, R., AND SLEEP, R. 1991. DACTL: An Experimental Graph Rewriting Language. In Proceedings of the 4th. International Workshop on Graph Grammars and their Application to Computer Science, Springer-Verlag, Ed. vol. 532. 378-395.
19. GRECO, S., LEONE, N., AND RULLO, P. 1992. COMPLEX: An Object-Oriented Logic Programming System. IEEE Trans. Knowl. Data Eng. 4, 72-87.
20. HAAS, L., CHANG, W., AND LOHMAN, G. 1990. Starbust Mid-Flight: As the Dust Clears. IEEE Trans. Knowl. Data Eng. 2, 33-54.
21. JAEGER, T. AND TIDSWELL, J. 2001. Practical Safety in Flexible Access Control Models. ACM Trans. Inform. Syst. Secu. 4, 2 (May), 158-190.
22. JAJODIA, S., SAMARATT, P., SAPINO, M., AND SUBHAHMANIAN, V. 2001. Flexible Support for Multiple Access Control Policies. ACM Trans. Database Syst. 26, 2 (June), 214-260.
23. JAJODIA, S., SAMARATI, P., SUBRAHMANIAN, V., AND BERTINO, E. 1997. A Unified Framework for Enforcing Multiple Access Control Policies. In Proceedings of the ACM SIGMOD International Conference on Management of Data. 474-485.
24. KOCH, M., MANCINI, L., AND PARISI-PRESTCCE, F. 2000. A Formal Model for Role-Based Access Control Using Graph Transformation. In Proceedings of the 6th European Symposium on Research in Computer Security. 122-139.
25. KOCH, M., MANCINI, L., AND PARISI-PRESICCE, F. 2001. On the Specification and Evolution of Access Control Policies. In Proceedings of the 6th ACM Symposium on Access Control Models and Technologies (SACMAT-01). Chantilly, Virginia, USA, 121-130.
26. LEVY, A., MUMICK, I., SAGIV, Y., AND SHMUELI, O. 1993. Equivalence, Query-Reachability, and Satisfiability in Datalog Extensions. In Proceedings of the 12th ACM SIGACT-SIGMOD-SIGART Symposium on Principles of Database Systems. 109-122.
27. LLOYD, J. 1987. Foundations of Logic Programming. Springer-Verlag.
28. MILLEN, J. AND LUNT, T. 1992. Security for Object-Oriented Database Systems. In Proceedings of the IEEE Symposium on Security and Privacy. Oakland (Ca), USA, 260-272.
29. RABITTI, F., BERTINO, E., KIM, W., AND WOELK, D. 1991. A Model of Authorization for Next-Generation Database Systems. ACM Trans. Database Syst. 16, 1 (March), 88-131.
30. ROZENBERG, G., Ed. 1997. Handbook of Graph Grammars and Computing by Graph Transformation, vol. 1 (Foundations). World Scientific, Singapore.
31. SAMARATI, P., BERTINO, E., AND JAJODIA, S. 1996. An Authorization Model for a Distributed Hypertext System. IEEE Trans. Knowl. Data Eng. 8, 4 (August), 555-562.
32. SANDHU, R. 1992a. Expressive Power of the Schematic Protection Model. J. Comput. Secu. 1, 1.
33. SANDHU, R. 1992b. The Typed Access Matrix Model. In Proceedings of the IEEE Symposium on Security and Privacy. 122-136.
34. SANDHU, R. 1996. Role Hierarchies and Constraints for Lattice-based Access Controls. In Computer Security - Esorics'96, E. Bertino, H. Kurth, G. Martella, and E. Montolivo, Eds. Number 1146 in Lecture Notes in Computer Science. Rome, Italy, 65-79.
35. SANDHU, R., COYNE, E., FEINSTEIN, H., AND YOUMAN, C. 1996. Role-Based Access Control Models. IEEE Comput. 29, 2 (February), 38-47.
36. SANDHU, R., FERRAIOLO, D., AND KUHN, R. 2000. The NIST Model for Role-Based Access Control: Towards a Unified Standard. In Proceedings of the 5th ACM Workshop on Role-Based Access Control. Berlin, Germany, 47-63.
37. SANDHU, R. AND GANTA, S. 1993. Expressive Power of the Single-Object Typed Access Matrix Model. In. Proceedings of the 9th Annual Computer Security Applications Conference.
38. SCHURR, A. 1991. PROGRES: A VHL-language based on Graph Grammars. In Proceedings of the 4th International Workshop on Graph Grammars and their Application to Computer Science. Lecture Notes in Computer Science, vol. 532. Springer-Verlag, 641-659.
39. STRAWBERRY PROLOG. See http://www.dobrev.coin/index.html.
40. THOMAS, R. AND SANDHU, R. 1997. Task-Based Authorization Controls (TBAC): Models for Active and Enterprise-Oriented Authorization Management. In Proceedings of the 11th IFIP Working Conference on Database Security. Lake Tahoe (CA), 136-151.
41. ULLMAN, J. 1989. Principles of Database and Knowledge Base Systems, vol. 1& 2. Computer Science Press.
42. WINSLETT, M., CHING, N., JONES, V., AND SLEPCHIN, I. 1997. Using Digital Credentials on the World Wide Web. J. Comput. Secu. 5, 3.
43. XSB. See http://xsb.sourceforge.net/.