Skip to main content
SpringerLink
Log in

A Logic for Inclusion of Administrative Domains and Administrators in Multi-domain Authorization

  • Conference paper
Book cover Global E-Security (ICGeS 2008)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 12))

Included in the following conference series:

  • 671 Accesses

Abstract

Authorization policies for an administrative domain or a composition of multiple domains in multi-domain environments are determined by either one administrator or multiple administrators’ cooperation. Several logic-based models for multi-domain environments’ authorization have been proposed; however, they have not considered administrators and administrative domains in policies’ representation. In this paper, we propose the syntax, proof theory, and semantics of a logic for multi-domain authorization policies including administrators and administrative domains. Considering administrators in policies provides the possibility of presenting composite administration having applicability in many collaborative applications. Indeed, administrators and administrative domains stated in policies can be used in authorization. The presented logic is based on modal logic and utilizes two calculi named the calculus of administrative domains and the calculus of administrators. It is also proved that the logic is sound. A case study is presented signifying the logic application in practical projects.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Li, N., Grosof, B.N., Feigenbaum, J.: A Logic-based Knowledge Representation for Authorization with Delegation. In: Proceedings of the 12th IEEE workshop on Computer Security Foundations, p. 162. IEEE Computer Society, USA (1999)

    Google Scholar 

  2. Ortalo, R.: Using Deontic Logic for Security Policy Specification. Report, Toulouse (FR): LAAS (1996)

    Google Scholar 

  3. Bonatti, P., Vimercati, S.D.C.D., Samarati, P.: An Algebra for Composing Access Control Policies. ACM Transactions on Information and System Security, 1–35 (2002)

    Google Scholar 

  4. Zhang, X., Parisi-Presicce, F., Sandhu, R., Park, J.: Formal Model and Policy Specification of Usage Control. ACM Transactions on Information and System Security, 351–387 (2005)

    Google Scholar 

  5. Abadi, M., Burrows, M., Lampson, B., Plotkin, G.: A Calculus for Access Control in Distributed Systems. ACM Transactions on Programming Languages and Systems, 706–734 (1993)

    Google Scholar 

  6. Jajodia, S., Samarati, P., Subrahmanian, V.S.: A logical language for expressing authorizations. In: IEEE Symposium on Security and Privacy, USA, pp. 31–42 (1997)

    Google Scholar 

  7. Kagal, L., Finin, T., Joshi, A.: Trust-based security in pervasive computing environments. IEEE Computer, 154–157 (2001)

    Google Scholar 

  8. Pearlman, L., Welch, V., Foster, I., Kesselman, C., Tuecke, S.: A community authorization service for group collaboration. In: The 3rd IEEE International Workshop on Policies for Distributed Systems and Networks (Policy 2002), pp. 50–59. IEEE Computer Society Press, Monterey (2002)

    Google Scholar 

  9. Au, R., Looi, M., Ashley, P.: Cross-domain one-shot authorization using smart cards. In: The 7th ACM Conference on Computer and Communications Security (CCS 2000), pp. 220–227. ACM Press, Athens (2000)

    Google Scholar 

  10. Au, R., Looi, M., Ashley, P., Tang Seet, L.: Secure authorization agent for cross-domain access control in a mobile computing environment. In: Kim, K.-c. (ed.) ICISC 2001. LNCS, vol. 2288, pp. 343–359. Springer, Heidelberg (2002)

    Google Scholar 

  11. Joshi, J.B.D., Bhatti, R., Bertino, E., Ghafoor, A.: Access-control language for multidomain environments. IEEE Internet Computing, 40–50 (2004)

    Google Scholar 

  12. Demchenko, Y., de Laat, C., Gommans, L., van Buuren, R.: Domain based access control model for distributed collaborative applications. In: The Second IEEE International Conference on e-Science and Grid Computing, IEEE Computer Society Press, Amsterdam (2006)

    Google Scholar 

  13. Howell, J., Kotz, D.: A formal semantics for SPKI. In: The 6th European Symposium on Research in Computer Security, pp. 140–158 (2000)

    Google Scholar 

  14. Lampson, B., Abadi, M., Burrows, M., Wobber, E.: Authentication in distributed systems: Theory and practice. ACM Transactions on Computer Systems, 265–310 (1992)

    Google Scholar 

  15. Abadi, M.: On SDSI’s linked local name spaces. Journal of Computer Security, 3–21 (1998)

    Google Scholar 

  16. Bowers, K.D., Bauer, L., Garg, D., Pfenning, F., Reiter, M.K.: Consumable Credentials in Logic-Based Access-Control Systems. In: The 2007 Network and Distributed Systems Security Symposium, pp. 143–157 (2007)

    Google Scholar 

  17. Halpern, J.Y., van der Meyden, R.: A logic for SDSI’s linked local name spaces. In: The 12th IEEE Computer Security Foundations Workshop, pp. 111–122 (1999)

    Google Scholar 

  18. Halpern, J.Y., van der Meyden, R.: A logical reconstruction of SPKI. In: The 14th IEEE Computer Security Foundations Workshop, pp. 59–70 (2001)

    Google Scholar 

  19. Li, N., Mitchell, J.C.: Understanding SPKI/SDSI using first-order logic. In: The 16th IEEE Computer Security Foundations Workshop, pp. 89–103 (2003)

    Google Scholar 

  20. Woo, T.Y.C., Lam, S.S.: Authorization in Distributed Systems: A New Approach. Journal of Computer Security, 107–136 (1993)

    Google Scholar 

  21. Li, N., Mitchell, J.C., Winsboroug, W.H.: Design of a role-based trust management framework. In: The 2002 IEEE Symposium on Security and Privacy, pp. 114–130 (2002)

    Google Scholar 

  22. Cederquist, J.G., Corin, R.J., Dekker, M.A.C., Etalle, S., den Hartog, J.I., Lenzini, G.: The audit logic: Policy compliance in distributed systems. Technical Report TR-CTIT- 06-33, Centre for Telematics and Information Technology, University of Twente (2006)

    Google Scholar 

  23. Garg, D., Pfenning, F.: Non-interference in constructive authorization logic. In: The 19th IEEE Computer Security Foundations Workshop, pp. 283–296 (2006)

    Google Scholar 

  24. Freudenthal, E., Pesin, T., Port, L., Keenan, E., Karamcheti, V.: dRBAC: Distributed Role-based Access Control for Dynamic Coalition Environments. In: 22nd International Conference on Distributed Computing Systems, pp. 411–420 (2002)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Network Security Center, Department of Computer Engineering, Sharif University of Technology, Tehran, Iran

    Zeinab Iranmanesh, Morteza Amini & Rasool Jalili

Authors
  1. Zeinab Iranmanesh
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Morteza Amini
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Rasool Jalili
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of Computing Science, The Burroughs, Middlesex University, NW4 4BT, London, UK

    Hamid Jahankhani

  2. Harrow School of Computer Science, University of Westminster, Watford Road, HA1 3TP, Harrow, UK

    Kenneth Revett

  3. School of Computing and Technology, University of East London, University Way, E16 2RD, London, UK

    Dominic Palmer-Brown

Rights and permissions

Reprints and permissions

Copyright information

© 2008 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Iranmanesh, Z., Amini, M., Jalili, R. (2008). A Logic for Inclusion of Administrative Domains and Administrators in Multi-domain Authorization. In: Jahankhani, H., Revett, K., Palmer-Brown, D. (eds) Global E-Security. ICGeS 2008. Communications in Computer and Information Science, vol 12. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-69403-8_23

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-69403-8_23

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-69402-1

  • Online ISBN: 978-3-540-69403-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation