Modeling adaptive access control policies using answer set programming

Sara Sartoli, Akbar Siami Namin

Research output: Contribution to journalArticle

2 Scopus citations

Abstract

Many of the existing management platforms such as pervasive computing systems implement policies that depend on dynamic operational environment changes. Existing formal approaches for automatically enforcing access control policies are primarily expressed in conventional logic programming, also known as monotonic logics, e.g., First Order Logic (FOL). The major issue with monotonic logics is that they are not devised to invalidate initial believes in the light of further observations. This limitation makes these traditional logical approaches less suitable for modeling and analyzing context-aware access control policies, where exceptional policies are introduced incrementally and adaptively during runtime. The inability to invalidate initial policies when an exception needs to be enforced might result in inconsistencies and violations that need to be resolved manually by human entities. To address the problems with conventional logical approaches and more importantly prevent such inconsistencies, this paper presents a non-monotonic logic-based reasoning scheme for modeling and analyzing adaptive access control policies. In the proposed formalism, unavailable context data and incomplete access control policies can be explicitly expressed. To do so, the paper distinguishes three kinds of policies: default, context-dependent and exception policies. The proposed formalism is based on Answer Set Programming (ASP), a non-monotonic logic programming language that allows elegant representation of unavailability of context data in adaptive systems. We devise non-monotonic policy inference rules such that, when exception policies are defined, they take precedence over default and context-dependent policies automatically. The results of two case studies are reported to demonstrate the feasibility of the proposed policy representation scheme compared to the Organizational-Based Access Control (OrBAC) model.

Original languageEnglish
Pages (from-to)49-63
Number of pages15
JournalJournal of Information Security and Applications
Volume44
DOIs
StatePublished - Feb 2019

Keywords

  • Access control
  • Answer set programming
  • Conflict
  • Exception handling
  • Inference mechanism
  • Policies

Fingerprint Dive into the research topics of 'Modeling adaptive access control policies using answer set programming'. Together they form a unique fingerprint.

  • Cite this