2003 | OriginalPaper | Buchkapitel
A Logic Programming View of Authorization in Distributed Systems
verfasst von : William H. Winsborough
Erschienen in: Logic Programming
Verlag: Springer Berlin Heidelberg
Enthalten in: Professional Book Archive
Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.
Wählen Sie Textabschnitte aus um mit Künstlicher Intelligenz passenden Patente zu finden. powered by
Markieren Sie Textabschnitte, um KI-gestützt weitere passende Inhalte zu finden. powered by
An approach to authorization that is based on attributes of the resource requester provides flexibility and scalability that is essential in the context of large distributed systems. Logic programming provides an elegant, expressive, and well-understood framework in which to work with attribute-based authorization policy. We summarize one specific attribute-based authorization framework built on logic programming: RT, a family of Role-based Trust-management languages. RT’s logic programming foundation has facilitated the conception and specification of several extensions that greatly enhance its expressivity with respect to important security concepts such as parameterized roles, thresholds, and separation of duties. After examining language design issues, we consider the problem of assessing authorization policies with respect to vulnerability of resource owners to a variety of security risks due to delegations to other principals, risks such as undesired authorizations and unavailability of critical resources. We summarize analysis techniques for assessing such vulnerabilities.