Distributed Access Control: A Logic-Based Approach - Computer Network Security

Information Technology Reference

In-Depth Information

For this policy, the APAs will include the following act U and act D rules in

SBAC ( ψ ):

act U ( E,A )

←

act ( E, depositing ) .

act D ( E,A )

←

act ( E, withdrawing ) .

act U ( E,A )

←

act ( E, joining ) .

act D ( E,A )

←

act ( E, leaving ) .

It is important to note that:

Any number of polices may be represented in the way that we have described

in Example 2, because any number of application-specific requirements may

be related to the general notions of events, acts, actors, objects, times, ... .

For example, for an on-line ordering system, we may have the act of purchas-

ing by customer actors of objects that include catalogue items with access

decisions being based on status levels that are defined in terms of credit

ratings, previous purchases, ...

APAs can modify policies by adding/deleting ECL I /ECL T

duals as re-

quired.

Major changes to an access policy may be effected by making minor changes

to the clauses in SBAC ( ψ ) (see [9]).

A specification of SBAC ( ψ ) defines the beliefs and knowledge of a mediating

agent

that may be used to evaluate access requests. A requester agent u m ∈U

may access an object o k ∈O

iff the mediator believes u m to be authorized to

exercise an access privilege a l

on o k

at the time of u m 's access request iff an

authorization

u m ,a l ,o k

is provable from SBAC ( ψ ) by an operational method.

Moreover,

is able to dynamically revise its beliefs about the status of u m

by learning about u m 's behaviours, and by reasoning about these behaviours 3 .

Our use of negation-as-failure in the sla clause enables the mediating agent

to withdraw beliefs when new information becomes available about a requester

agent's behaviours, and it makes it straightforward for new information to be

assimilated about a requester agent's status. What is more, negation-as-failure

may be used when information about a requester agent's status is incomplete; in

this case, default reasoning (by NAF) may be employed to determine a requester

agent's status.

Example 3. Consider the access policy that is described in Example 2, and sup-

pose that the ordinary agent Bob performs the following acts:

On 12/12/2002 , Bob deposits 1000 Euros in account a 1 to make the

current balance 1000 Euros. On 20/12/2002 , Bob withdraws 2000 Euros

from the account.

will believe that Bob is authorized to read and write object o 1

between 12/12/2002 and 19/12/2002 , as, during that period,

In this case,

believes Bob to

be a user with a status level l 1 . However, as of 20/12/2002 ,

revises its beliefs

3 The mediating agent is reactive and rational.

Computer Network Security

Search WWH ::

Custom Search

Home