Flexible access control policy specification with constraint logic programming

Steve Barker; Peter J. Stuckey

doi:10.1145/950191.950194

Flexible access control policy specification with constraint logic programming

Steve Barker, Peter J. Stuckey

Research output: Contribution to journal › Article › Research › peer-review

94 Citations (Scopus)

Abstract

We show how a range of role-based access control (RBAC) models may be usefully represented as constraint logic programs, executable logical specifications. The RBAC models that we define extend the "standardμ RBAC models that are described by Sandhu et al., and enable security administrators to define a range of access policies that may include features, like denials of access and temporal authorizations, that are often useful in practice, but which are not widely supported in existing access control models. Representing access policies as constraint logic programs makes it possible to support certain policy options, constraint checks, and administrator queries that cannot be represented by using related methods (like logic programs). Representing an access control policy as a constraint logic program also enables access requests and constraint checks to be efficiently evaluated.

Original language	English
Pages (from-to)	501-546
Number of pages	46
Journal	ACM Transactions on Information and System Security
Volume	6
Issue number	4
DOIs	https://doi.org/10.1145/950191.950194
Publication status	Published - 1 Nov 2003
Externally published	Yes

Keywords

Constraint logic programming
Role-based access control

Access to Document

10.1145/950191.950194

Link to publication in Scopus

Cite this

@article{fb574d192ded41c98c44e69f57dc9c71,

title = "Flexible access control policy specification with constraint logic programming",

abstract = "We show how a range of role-based access control (RBAC) models may be usefully represented as constraint logic programs, executable logical specifications. The RBAC models that we define extend the {"}standardμ RBAC models that are described by Sandhu et al., and enable security administrators to define a range of access policies that may include features, like denials of access and temporal authorizations, that are often useful in practice, but which are not widely supported in existing access control models. Representing access policies as constraint logic programs makes it possible to support certain policy options, constraint checks, and administrator queries that cannot be represented by using related methods (like logic programs). Representing an access control policy as a constraint logic program also enables access requests and constraint checks to be efficiently evaluated.",

keywords = "Constraint logic programming, Role-based access control",

author = "Steve Barker and Stuckey, {Peter J.}",

year = "2003",

month = nov,

day = "1",

doi = "10.1145/950191.950194",

language = "English",

volume = "6",

pages = "501--546",

journal = "ACM Transactions on Privacy and Security",

issn = "2471-2566",

publisher = "Association for Computing Machinery (ACM)",

number = "4",

}

TY - JOUR

T1 - Flexible access control policy specification with constraint logic programming

AU - Barker, Steve

AU - Stuckey, Peter J.

PY - 2003/11/1

Y1 - 2003/11/1

N2 - We show how a range of role-based access control (RBAC) models may be usefully represented as constraint logic programs, executable logical specifications. The RBAC models that we define extend the "standardμ RBAC models that are described by Sandhu et al., and enable security administrators to define a range of access policies that may include features, like denials of access and temporal authorizations, that are often useful in practice, but which are not widely supported in existing access control models. Representing access policies as constraint logic programs makes it possible to support certain policy options, constraint checks, and administrator queries that cannot be represented by using related methods (like logic programs). Representing an access control policy as a constraint logic program also enables access requests and constraint checks to be efficiently evaluated.

AB - We show how a range of role-based access control (RBAC) models may be usefully represented as constraint logic programs, executable logical specifications. The RBAC models that we define extend the "standardμ RBAC models that are described by Sandhu et al., and enable security administrators to define a range of access policies that may include features, like denials of access and temporal authorizations, that are often useful in practice, but which are not widely supported in existing access control models. Representing access policies as constraint logic programs makes it possible to support certain policy options, constraint checks, and administrator queries that cannot be represented by using related methods (like logic programs). Representing an access control policy as a constraint logic program also enables access requests and constraint checks to be efficiently evaluated.

KW - Constraint logic programming

KW - Role-based access control

UR - http://www.scopus.com/inward/record.url?scp=3042584122&partnerID=8YFLogxK

U2 - 10.1145/950191.950194

DO - 10.1145/950191.950194

M3 - Article

AN - SCOPUS:3042584122

VL - 6

SP - 501

EP - 546

JO - ACM Transactions on Privacy and Security

JF - ACM Transactions on Privacy and Security

SN - 2471-2566

IS - 4

ER -