On Formal Languages for Sequences of Authorization Transformations

Bai, Yun; Varadharajan, Vijay

doi:10.1007/3-540-48249-0_32

Yun Bai⁷ &
Vijay Varadharajan⁷

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 1698))

Included in the following conference series:

International Conference on Computer Safety, Reliability, and Security

842 Accesses
1 Citations

Abstract

In a multi-user, information-sharing computer systems, authorization policy is needed to ensure that the information flows in the desired way and to prevent illegal access to the system resource. Usually such policy has a temporal property. That is, it needs to be updated to capture the changing requirements of applications, systems and users. These updates are implemented via transformation of authorization policies. In this paper, we propose two high-level formal languages L and L ^d to specify the transformation of authorizations in secure computer systems. L is a simple language that can be used to specify a sequence of authorization transformations. Though it has a simple syntax and semantics, we show that L is expressive enough to specify some well-known examples of authorization transformations. Language L ^d is an augmentation of L which includes default propositions within the domain description of authorization policies. However, the semantics of L ^d is not just a simple extension of the semantics of L. We show that L ^d is more expressive than L in that constraints, causal and inherited authorizations, and general default authorizations can be specified.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Y. Bai and V. Varadharajan, A logic for state transformations in authorization policies. the Proceedings of the 10th IEEE Computer Security Foundations Workshop, pp 173–182, Massachusetts, June, 1997.
Google Scholar
D. F. C. Brewer and M. J. Nash, The Chinese wall security policy. Proceedings of IEEE Symposium on Security and Privacy, pp 215–228, Oakland, May 1989.
Google Scholar
T. S-C. Chou, M. Winslett, Immortal: a Model-based Belief Revision System, The 2nd International Conference on Principles of Knowledge Representation and Reasoning, Morgan Kaufman Publishers Inc. pp 99–110, 1991.
Google Scholar
M. Gelfond and V. Lifschitz, Classical negation in logic programs and disjunctive databases. New Generation Computing, 9:365–385, 1991.
Article Google Scholar

Download references

Author information

Authors and Affiliations

School of Computing and Information Technology, University of Western Sydney Nepean, Australia
Yun Bai & Vijay Varadharajan

Authors

Yun Bai
View author publications
You can also search for this author in PubMed Google Scholar
Vijay Varadharajan
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

ENEA (sp 088), Via Anguillarese, 301, I-00060, Roma, Italy
Massimo Felici
LAAS-CNRS, 7, Avenue du Colonel Roche, F-31077, Toulouse Cedex 4, France
Karama Kanoun

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Bai, Y., Varadharajan, V. (1999). On Formal Languages for Sequences of Authorization Transformations. In: Felici, M., Kanoun, K. (eds) Computer Safety, Reliability and Security. SAFECOMP 1999. Lecture Notes in Computer Science, vol 1698. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-48249-0_32

Download citation

DOI: https://doi.org/10.1007/3-540-48249-0_32
Published: 14 October 1999
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-66488-8
Online ISBN: 978-3-540-48249-9
eBook Packages: Springer Book Archive

Publish with us

Policies and ethics