Abstract
Authorization policies for an administrative domain or a composition of multiple domains in multi-domain environments are determined by either one administrator or multiple administrators’ cooperation. Several logic-based models for multi-domain environments’ authorization have been proposed; however, they have not considered administrators and administrative domains in policies’ representation. In this paper, we propose the syntax, proof theory, and semantics of a logic for multi-domain authorization policies including administrators and administrative domains. Considering administrators in policies provides the possibility of presenting composite administration having applicability in many collaborative applications. Indeed, administrators and administrative domains stated in policies can be used in authorization. The presented logic is based on modal logic and utilizes two calculi named the calculus of administrative domains and the calculus of administrators. It is also proved that the logic is sound. A case study is presented signifying the logic application in practical projects.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Li, N., Grosof, B.N., Feigenbaum, J.: A Logic-based Knowledge Representation for Authorization with Delegation. In: Proceedings of the 12th IEEE workshop on Computer Security Foundations, p. 162. IEEE Computer Society, USA (1999)
Ortalo, R.: Using Deontic Logic for Security Policy Specification. Report, Toulouse (FR): LAAS (1996)
Bonatti, P., Vimercati, S.D.C.D., Samarati, P.: An Algebra for Composing Access Control Policies. ACM Transactions on Information and System Security, 1–35 (2002)
Zhang, X., Parisi-Presicce, F., Sandhu, R., Park, J.: Formal Model and Policy Specification of Usage Control. ACM Transactions on Information and System Security, 351–387 (2005)
Abadi, M., Burrows, M., Lampson, B., Plotkin, G.: A Calculus for Access Control in Distributed Systems. ACM Transactions on Programming Languages and Systems, 706–734 (1993)
Jajodia, S., Samarati, P., Subrahmanian, V.S.: A logical language for expressing authorizations. In: IEEE Symposium on Security and Privacy, USA, pp. 31–42 (1997)
Kagal, L., Finin, T., Joshi, A.: Trust-based security in pervasive computing environments. IEEE Computer, 154–157 (2001)
Pearlman, L., Welch, V., Foster, I., Kesselman, C., Tuecke, S.: A community authorization service for group collaboration. In: The 3rd IEEE International Workshop on Policies for Distributed Systems and Networks (Policy 2002), pp. 50–59. IEEE Computer Society Press, Monterey (2002)
Au, R., Looi, M., Ashley, P.: Cross-domain one-shot authorization using smart cards. In: The 7th ACM Conference on Computer and Communications Security (CCS 2000), pp. 220–227. ACM Press, Athens (2000)
Au, R., Looi, M., Ashley, P., Tang Seet, L.: Secure authorization agent for cross-domain access control in a mobile computing environment. In: Kim, K.-c. (ed.) ICISC 2001. LNCS, vol. 2288, pp. 343–359. Springer, Heidelberg (2002)
Joshi, J.B.D., Bhatti, R., Bertino, E., Ghafoor, A.: Access-control language for multidomain environments. IEEE Internet Computing, 40–50 (2004)
Demchenko, Y., de Laat, C., Gommans, L., van Buuren, R.: Domain based access control model for distributed collaborative applications. In: The Second IEEE International Conference on e-Science and Grid Computing, IEEE Computer Society Press, Amsterdam (2006)
Howell, J., Kotz, D.: A formal semantics for SPKI. In: The 6th European Symposium on Research in Computer Security, pp. 140–158 (2000)
Lampson, B., Abadi, M., Burrows, M., Wobber, E.: Authentication in distributed systems: Theory and practice. ACM Transactions on Computer Systems, 265–310 (1992)
Abadi, M.: On SDSI’s linked local name spaces. Journal of Computer Security, 3–21 (1998)
Bowers, K.D., Bauer, L., Garg, D., Pfenning, F., Reiter, M.K.: Consumable Credentials in Logic-Based Access-Control Systems. In: The 2007 Network and Distributed Systems Security Symposium, pp. 143–157 (2007)
Halpern, J.Y., van der Meyden, R.: A logic for SDSI’s linked local name spaces. In: The 12th IEEE Computer Security Foundations Workshop, pp. 111–122 (1999)
Halpern, J.Y., van der Meyden, R.: A logical reconstruction of SPKI. In: The 14th IEEE Computer Security Foundations Workshop, pp. 59–70 (2001)
Li, N., Mitchell, J.C.: Understanding SPKI/SDSI using first-order logic. In: The 16th IEEE Computer Security Foundations Workshop, pp. 89–103 (2003)
Woo, T.Y.C., Lam, S.S.: Authorization in Distributed Systems: A New Approach. Journal of Computer Security, 107–136 (1993)
Li, N., Mitchell, J.C., Winsboroug, W.H.: Design of a role-based trust management framework. In: The 2002 IEEE Symposium on Security and Privacy, pp. 114–130 (2002)
Cederquist, J.G., Corin, R.J., Dekker, M.A.C., Etalle, S., den Hartog, J.I., Lenzini, G.: The audit logic: Policy compliance in distributed systems. Technical Report TR-CTIT- 06-33, Centre for Telematics and Information Technology, University of Twente (2006)
Garg, D., Pfenning, F.: Non-interference in constructive authorization logic. In: The 19th IEEE Computer Security Foundations Workshop, pp. 283–296 (2006)
Freudenthal, E., Pesin, T., Port, L., Keenan, E., Karamcheti, V.: dRBAC: Distributed Role-based Access Control for Dynamic Coalition Environments. In: 22nd International Conference on Distributed Computing Systems, pp. 411–420 (2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Iranmanesh, Z., Amini, M., Jalili, R. (2008). A Logic for Inclusion of Administrative Domains and Administrators in Multi-domain Authorization. In: Jahankhani, H., Revett, K., Palmer-Brown, D. (eds) Global E-Security. ICGeS 2008. Communications in Computer and Information Science, vol 12. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-69403-8_23
Download citation
DOI: https://doi.org/10.1007/978-3-540-69403-8_23
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-69402-1
Online ISBN: 978-3-540-69403-8
eBook Packages: Computer ScienceComputer Science (R0)