where DB is a conjunction of literals DB 1 ,...,DB m such that DB i ( i =(1 ..m ) )

is a literal with a predicate symbol that is a database predicate, and EV is a

conjunction of literals EV 1 ,...,EV n such that EV j

( j =(1 ..n ) ) is expressed in

terms of the evaluable predicates.

Definition 16.

For each ECL I ( E,U,l i ) clause

C 1 that defines the initiation of

U 's assignment to the status level l i ∈L

there is an ECL T ( E,U,l i ) clause

C 2 that

defines the termination of U 's assignment to l i

C 2 differ only

in terms of the conjunctions of the evaluable predicates that appear in the bodies

of

such that

C 1 and

C 2 . The pair of clauses defining ECL I ( E,U,l i ) and ECL T ( E,U,l i )

are called an initiation/termination dual for level l i .

The ECL I ( E,U,l i ) clause of a dual for l i ∈L

C 1 and

defines the initiation of an

agent's assignment to a status level l i , and the ECL T ( E,U,l i ) clause of the dual

for l i defines the termination of an agent's assignment to a status level l i .

Definition 17.

A permission-level association is expressed in SBAC ( ψ ) by us-

ing a clause of the form

pla ( P, O, L )

←

DB 1 ,...,DB m ,EV 1 ,...,EV n .

A denial-level association is expressed in SBAC ( ψ ) by using a

clause of the form

Definition 18.

dla ( P, O, L )

←

DB 1 ,...,DB m ,EV 1 ,...,EV n .

Definition 19.

are defined by a set

of clauses in SBAC ( ψ ) with the head authorized ( U, P, O ) . This set of clauses

is called the authorizations clauses for SBAC ( ψ ) .

The set of authorization triples

u i ,p j ,o k

4

SBAC

Policy Formulation

In this section, we present an example SBAC policy Π 1 , a closed access policy.

Definition 20.

The authorizations clause for Π 1 is as follows:

authorized ( U, P, O )

←

sla ( U, L 1) , subsumes L ( L 1 ,L 2) ,pla ( P 1 ,O 1 ,L 2) .

Example 2. Consider an e-banking system where a requester agent's status de-

pends on the agent's payment and withdrawal history, and the current state

of the requester agent's account. There are two upgrading actions joining and

depositing , and two downgrading actions leaving and withdrawing . On join-

ing as a customer of the bank, a requester agent is assigned to the lowest

status level; on leaving the bank as a customer, the user is terminated from

the lowest status level - equivalent to the user having no status level. Sup-

pose also that there are three status levels supported, l 1 , l 2 , and l 3 , and that

WFM ( SBAC ( ψ )) | = ds L ( l 1 ,l 2 ) and WFM ( SBAC ( ψ )) | = ds L ( l 2 ,l 3 ). There are

two types of requester agents: ordinary agents and Goldcard agents.