![]() ; ; Gabbay, Dov M. ![]() in J. Log. Comput. (2014), 24(1), 89--116 Detailed reference viewed: 93 (0 UL)![]() ; Genovese, Valerio ![]() in Computer Security – ESORICS 2011 (2011) We describe an approach for distributed access control that is based on the idea of using a community-constructed repository of expressions of propositional attitudes. We call this repository an oracle ... [more ▼] We describe an approach for distributed access control that is based on the idea of using a community-constructed repository of expressions of propositional attitudes. We call this repository an oracle. Members of a community may consult the oracle and use the expressions of belief and disbelief in propositions that are expressed by community members about requesters for access to resources. Our conceptual model and access control policies are described in terms of a computational logic and we describe an implementation of the approach that we advocate. [less ▲] Detailed reference viewed: 68 (0 UL)![]() ; Genovese, Valerio ![]() in Logic Programming and Nonmonotonic Reasoning (2011) We describe an approach for distributed access control policies that is based on a nonmonotonic semantics and the use of logic programming for policy specification and the evaluation of access requests ... [more ▼] We describe an approach for distributed access control policies that is based on a nonmonotonic semantics and the use of logic programming for policy specification and the evaluation of access requests. Our approach allows assertions of relevance to access control to be made by individual agents or on a community-based level and different strengths of testimonial warrant may be distinguished by using various logical operators. We describe a form of ASP that allows for remote access request evaluation and we discuss a DLV-based implementation of our approach. [less ▲] Detailed reference viewed: 87 (0 UL)![]() Aucher, Guillaume ![]() ![]() in DBSec (2011) In this paper we first introduce a logic for describing formally a family of delegation and revocation models that are based on the work in Hagström et al.. We then extend our logic to accommodate an ... [more ▼] In this paper we first introduce a logic for describing formally a family of delegation and revocation models that are based on the work in Hagström et al.. We then extend our logic to accommodate an epistemic interpretation of trust within the framework that we define. What emerges from this work is a rich framework of formally well-defined delegation and revocation schemes that accommodates an important trust component. [less ▲] Detailed reference viewed: 109 (1 UL)![]() ; Genovese, Valerio ![]() in Data and Applications Security and Privacy XXIV (2010) We consider the problem of developing an abstract meta-model of access control in terms of which policies for protecting a principal’s private information may be specified. Our concern is with developing ... [more ▼] We consider the problem of developing an abstract meta-model of access control in terms of which policies for protecting a principal’s private information may be specified. Our concern is with developing the formal foundations of our conceptual model. For both the specific access control models and privacy policies, which may be defined in terms of the meta-model, we adopt a combining approach: we combine access control concepts to form the meta-model and we use a fibred logic for the formal foundations. Our approach enables data subjects to specify flexibly what access controls they wish to apply on their personal data and it provides a formal foundation for policies that are defined in terms of the meta-model. [less ▲] Detailed reference viewed: 27 (0 UL)![]() ; ; Gabbay, Dov M. ![]() in Studia Logica (2009), 92(3), 437-477 The issue of representing access control requirements continues to demand significant attention. The focus of researchers has traditionally been on developing particular access control models and policy ... [more ▼] The issue of representing access control requirements continues to demand significant attention. The focus of researchers has traditionally been on developing particular access control models and policy specification languages for particular applications. However, this approach has resulted in an unnecessary surfeit of models and languages. In contrast, we describe a general access control model and a logic-based specification language from which both existing and novel access control models may be derived as particular cases and from which several approaches can be developed for domain-specific applications. We will argue that our general framework has a number of specific attractions and an implication of our work is to encourage a methodological shift from a study of the particulars of access control to its generalities. [less ▲] Detailed reference viewed: 112 (0 UL) |
||