References of "van Hertum, Pieter"
     in
Bookmark and Share    
Full Text
Peer Reviewed
See detailDistributed Autoepistemic Logic and its Application to Access Control
Van Hertum, Pieter; Cramer, Marcos UL; Bogaerts, Bart et al

in Proceedings of the Twenty-Fifth International Joint Conference on Artificial Intelligence (2016)

In this paper we define and study an extension of autoepistemic logic (AEL) called distributed autoepistemic logic (dAEL) with multiple agents that have full introspection in their own knowledge as well ... [more ▼]

In this paper we define and study an extension of autoepistemic logic (AEL) called distributed autoepistemic logic (dAEL) with multiple agents that have full introspection in their own knowledge as well as in that of others. This mutual full introspection between agents is motivated by an application of dAEL in access control. We define 2- and 3-valued semantic operators for dAEL. Using these operators, approximation fixpoint theory, an abstract algebraic framework that unifies different knowledge representation formalisms, immediately yields us a family of semantics for dAEL, each based on different intuitions that are well-studied in the context of AEL. The application in access control also motivates an extension of dAEL with inductive definitions (dAEL(ID)). We explain a use-case from access control to demonstrate how dAEL(ID) can be fruitfully applied to this domain and discuss how well-suited the different semantics are for the application in access control. [less ▲]

Detailed reference viewed: 26 (0 UL)
Full Text
Peer Reviewed
See detailResilient Delegation Revocation with Precedence for Predecessors is NP-Complete
Cramer, Marcos UL; Van Hertum, Pieter; Lapauw, Ruben et al

in IEEE 29th Computer Security Foundations Symposium (2016)

In ownership-based access control frameworks with the possibility of delegating permissions and administrative rights, chains of delegated accesses will form. There are different ways to treat these ... [more ▼]

In ownership-based access control frameworks with the possibility of delegating permissions and administrative rights, chains of delegated accesses will form. There are different ways to treat these delegation chains when revoking rights, which give rise to different revocation schemes. One possibility studied in the literature is to revoke rights by issuing negative authorizations, meant to ensure that the revocation is resilient to a later reissuing of the rights, and to resolve conflicts between principals by giving precedence to predecessors, i.e.\ principals that come earlier in the delegation chain. However, the effects of negative authorizations have been defined differently by different authors. Having identified three definitions of this effect from the literature, the first contribution of this paper is to point out that two of these three definitions pose a security threat. However, avoiding this security threat comes at a price: We prove that with the safe definition of the effect of negative authorizations, deciding whether a principal does have access to a resource is an NP-complete decision problem. We discuss two limitations that can be imposed on an access-control system in order to reduce the complexity of the problem back to a polynomial complexity: Limiting the length of delegation chains to an integer m reduces the runtime complexity of determining access to O(n^m), and requiring that principals form a hierarchy that graph-theoretically forms a rooted tree makes this decision problem solvable in quadratic runtime. Finally we discuss an approach that can mitigate the complexity problem in practice without fully getting rid of NP-completeness. [less ▲]

Detailed reference viewed: 48 (0 UL)
Full Text
Peer Reviewed
See detailA Logic of Trust for Reasoning about Delegation and Revocation
Cramer, Marcos UL; Ambrossio, Diego Agustin UL; van Hertum, Pieter

in Proceedings of the 20th ACM Symposium on Access Control Models and Technologies (2015)

Detailed reference viewed: 64 (7 UL)