{"title":"A logic-based knowledge representation for authorization with delegation","authors":"Ninghui Li, J. Feigenbaum, Benjamin N. Grosof","doi":"10.1109/CSFW.1999.779771","DOIUrl":null,"url":null,"abstract":"We introduce Delegation Logic (DL), a logic-based knowledge representation (i.e., language) that deals with authorization in large-scale, open distributed systems. Of central importance in any system for deciding whether requests should be authorized in such a system are delegation of authority, negation of authority, and conflicts between authorities. DL's approach to these issues and to the interplay among them borrows from previous work on delegation and trust management in the computer security literature and previous work on negation and conflict handling in the logic programming and nonmonotonic reasoning literature, but it departs from previous work in some crucial ways. We present the syntax and semantics of DL and explain our novel design choices. We focus on delegation, including explicit treatment of delegation depth and delegation to complex principles. Compared to previous logic-based approaches to authorization, DL provides a novel combination of features: it is based on logic programs, expresses delegation depth explicitly, and supports a wide variety of complex principles (including but not limited to k-out-of-n thresholds). Compared to previous approaches to trust management, DL provides another novel feature: a concept of proof-of-compliance that is not entirely ad-hoc and that is based on model theoretic semantics (just as usual logic programs have a model-theoretic semantics).","PeriodicalId":374159,"journal":{"name":"Proceedings of the 12th IEEE Computer Security Foundations Workshop","volume":"32 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1999-06-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"122","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 12th IEEE Computer Security Foundations Workshop","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CSFW.1999.779771","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 122
Abstract
We introduce Delegation Logic (DL), a logic-based knowledge representation (i.e., language) that deals with authorization in large-scale, open distributed systems. Of central importance in any system for deciding whether requests should be authorized in such a system are delegation of authority, negation of authority, and conflicts between authorities. DL's approach to these issues and to the interplay among them borrows from previous work on delegation and trust management in the computer security literature and previous work on negation and conflict handling in the logic programming and nonmonotonic reasoning literature, but it departs from previous work in some crucial ways. We present the syntax and semantics of DL and explain our novel design choices. We focus on delegation, including explicit treatment of delegation depth and delegation to complex principles. Compared to previous logic-based approaches to authorization, DL provides a novel combination of features: it is based on logic programs, expresses delegation depth explicitly, and supports a wide variety of complex principles (including but not limited to k-out-of-n thresholds). Compared to previous approaches to trust management, DL provides another novel feature: a concept of proof-of-compliance that is not entirely ad-hoc and that is based on model theoretic semantics (just as usual logic programs have a model-theoretic semantics).
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
