Modeling adaptive access control policies using answer set programming

作     者：Sartoli, Sara Namin, Akbar Siami 

作者机构：Univ North Georgia Dept Comp Sci & Informat Syst Dahlonega GA USA Texas Tech Univ Comp Sci Dept Lubbock TX 79409 USA 

出 版 物：《JOURNAL OF INFORMATION SECURITY AND APPLICATIONS》 (J. Inf. Secur. Appl.)

年 卷 期：2019年第44卷第Feb.期

页      面：49-63页

核心收录：

学科分类：08[工学] 0812[工学-计算机科学与技术（可授工学、理学学位）] 

基　　金：National Science Foundation [1516636, 1723765] Direct For Education and Human Resources Division Of Graduate Education Funding Source: National Science Foundation Division Of Graduate Education Direct For Education and Human Resources Funding Source: National Science Foundation 

主　　题：Access control Inference mechanism Answer set programming Policies Exception handling Conflict 

摘      要：Many of the existing management platforms such as pervasive computing systems implement policies that depend on dynamic operational environment changes. Existing formal approaches for automatically enforcing access control policies are primarily expressed in conventional logic programming, also known as monotonic logics, e.g., First Order Logic (FOL). The major issue with monotonic logics is that they are not devised to invalidate initial believes in the light of further observations. This limitation makes these traditional logical approaches less suitable for modeling and analyzing context-aware access control policies, where exceptional policies are introduced incrementally and adaptively during runtime. The inability to invalidate initial policies when an exception needs to be enforced might result in inconsistencies and violations that need to be resolved manually by human entities. To address the problems with conventional logical approaches and more importantly prevent such inconsistencies, this paper presents a non-monotonic logic-based reasoning scheme for modeling and analyzing adaptive access control policies. In the proposed formalism, unavailable context data and incomplete access control policies can be explicitly expressed. To do so, the paper distinguishes three kinds of policies: default, context-dependent and exception policies. The proposed formalism is based on Answer Set Programming (ASP), a non-monotonic logic programming language that allows elegant representation of unavailability of context data in adaptive systems. We devise non-monotonic policy inference rules such that, when exception policies are defined, they take precedence over default and context-dependent policies automatically. The results of two case studies are reported to demonstrate the feasibility of the proposed policy representation scheme compared to the Organizational-Based Access Control (OrBAC) model. (C) 2018 Elsevier Ltd. All rights reserved.