Compiled Labelled Deductive Systems for Access Control
نویسندگان
چکیده
This paper proposes a Compiled Labelled Deductive System, called ACCLDS, for reasoning about role-based access control in distributed systems, which builds upon Massacci’s tableau system for role-based access control. The ACCLDS system overcomes some of the limitations of Massaci’s approach by combining its multi-modal propositional language with a labelling algebra that allows reasoning explicitly about dynamic properties of the accessibility relations. This combined feature, which is typical of the Compiled Labelled Deductive framework, facilitates a sound and complete, and more natural ACCLDS reasoning mechanism than Massacci’s sound and only partially complete tableau system. Limitations of the usefulness of Massacci’s multi-modal logic in formalising access control systems are also discussed, showing that they relate to the initial formulation of Abadi’s calculus for access control. Solutions for overcoming these limitations are briefly proposed within the context of the ACCLDS system.
منابع مشابه
A Tableau Compiled Labelled Deductive System for Hybrid Logic
Compiled Labelled Deductive Systems (CLDS) provide a uniform logical framework where families of different logics can be given a uniform proof system and semantics. A variety of applications of this framework have been proposed so far ranging from extensions of classical logics (e.g. normal modal logics and multi-modal logics) to non-classical logics such as resource and substructural loogics. ...
متن کاملSecurity Policy Analysis using Deductive Spreadsheets1
As security policies get larger and more complex, analysis tools that help users understand and validate security policies are becoming more important. This paper explores the use of deductive spreadsheets for security policy analysis. Deductive spreadsheets combine the power of deductive rules (for specifying policies and analyses) with the usability of spreadsheets. This approach is introduce...
متن کاملDeriving Incremental Production Rules for Deductive Data
We show that the production rule mechanism provided by active database systems can be used to quickly and easily implement the logic rule interface of deductive database systems. Deductive rules specify derived relations using Datalog with built-in predicates and strati ed negation; the deductive rules are compiled automatically into production rules. We present a materialized approach, in whic...
متن کاملReasoning with limited resources: An LDS-based approach
Reasoning with limited computational resources (such as time or memory) is an important problem, in particular in knowledge-intensive embedded systems. Classical logic is usually considered inapropriate for this purpose as no guarantees regarding deadlines can be made. One of the more interesting approaches to address this problem is built around the concept of active logics. Although a step in...
متن کاملSpeech Acts and Tokens for Access Control and Provenance Tracking
In many applications, ontology-based technologies will be only only be successful if they support access control and provenance tracking. In this paper we present a novel approach to implementation of both access control and provenance in deductive information systems. A key feature of our approach is the explicit representation of speech acts as well as sentence tokens that are used to encode ...
متن کامل