Results 1 -
8 of
8
A logic-based framework for attribute based access control
- In Workshop on Formal Methods in Security Engineering
, 2004
"... Attribute based access control (ABAC) grants accesses to services based on the attributes possessed by the requester. Thus, ABAC differs from the traditional discretionary ac-cess control model by replacing the subject by a set of at-tributes and the object by a set of services in the access control ..."
Abstract
-
Cited by 71 (3 self)
- Add to MetaCart
Attribute based access control (ABAC) grants accesses to services based on the attributes possessed by the requester. Thus, ABAC differs from the traditional discretionary ac-cess control model by replacing the subject by a set of at-tributes and the object by a set of services in the access control matrix. The former is appropriate in an identity-less system like the Internet where subjects are identified by their characteristics, such as those substantiated by certifi-cates. These can be modeled as attribute sets. The latter is appropriate because most Internet users are not privy to method names residing on remote servers. These can be modeled as sets of service options. We present a frame-work that models this aspect of access control using logic programming with set constraints of a computable set the-ory [DPPR00]. Our framework specifies policies as stratified constraint flounder-free logic programs that admit primitive recursion. The design of the policy specification framework ensures that they are consistent and complete. Our ABAC policies can be transformed to ensure faster runtimes.
Uniform Closures: Order-Theoretically Reconstructing Logic Program Semantics and Abstract Domain Refinement
- Inform. and Comput
, 1998
"... Domain Refinements Roberto Giacobazzi Dipartimento di Informatica Universit`a di Pisa Corso Italia 40, 56125 Pisa, Italy giaco@di.unipi.it Francesco Ranzato Dipartimento di Matematica Pura ed Applicata Universit`a di Padova Via Belzoni 7, 35131 Padova, Italy franz@math.unipd.it Abstract The no ..."
Abstract
-
Cited by 9 (6 self)
- Add to MetaCart
(Show Context)
Domain Refinements Roberto Giacobazzi Dipartimento di Informatica Universit`a di Pisa Corso Italia 40, 56125 Pisa, Italy giaco@di.unipi.it Francesco Ranzato Dipartimento di Matematica Pura ed Applicata Universit`a di Padova Via Belzoni 7, 35131 Padova, Italy franz@math.unipd.it Abstract The notion of uniform closure operator is introduced, and it is shown how this concept surfaces in two different areas of application of abstract interpretation, notably in semantics design for logic programs and in the theory of abstract domain refinements. In logic programming, uniform closures permit to generalize, from an order-theoretic perspective, the standard hierarchy of declarative semantics. In particular, we show how to reconstruct the modeltheoretic characterization of the well-known s-semantics using pure order-theoretic concepts only. As far as the systematic refinement operators on abstract domains are concerned, we show that uniform closures capture precisely the property of a ref...
Stable Generated Models of Generalized Constraint Logic Programs
- In Proc. WFLP 2001
, 2001
"... We present a declarative semantics of generalized constraint logic programs based on stable generated models. Generalized logic programs contain arbitrary quantifier free formulas in the bodies and heads of their rules. Up to now the only declarative semantics for this program class is defined i ..."
Abstract
-
Cited by 1 (0 self)
- Add to MetaCart
(Show Context)
We present a declarative semantics of generalized constraint logic programs based on stable generated models. Generalized logic programs contain arbitrary quantifier free formulas in the bodies and heads of their rules. Up to now the only declarative semantics for this program class is defined in terms of stable generated models introduced by Herre and Wagner.
Security policy cognizant module composition,” Available at http://cs.gmu.edu
, 2010
"... Component-based software development and deploy-ment is based on developing individual software mod-ules that are composed on an as needed basis. Such modules expose the computations they provide and their dependencies on providing these computations- that re-sults in a well known requires-provides ..."
Abstract
-
Cited by 1 (1 self)
- Add to MetaCart
(Show Context)
Component-based software development and deploy-ment is based on developing individual software mod-ules that are composed on an as needed basis. Such modules expose the computations they provide and their dependencies on providing these computations- that re-sults in a well known requires-provides specifications for modules. This paper provides a framework to com-bine modules that specify their requires-provides inter-faces in a policy dependent way. Our framework specify policies as combinations of Constraint Logic Program-ming (CLP) based rules and our policies can cover mul-tiple aspects associated of compositions, such as secu-rity and quality of service. We apply our framework to specify Quality of Protection (QoP) and Quality of Ser-vice (QoP) policies. An example shows the applicability of our policy language to a teleconferencing application with multiple security and resource usage policies. 1
Analysis of Normal Logic Programs
"... In this paper we present a dataflow analysis method for normal logic programs interpreted with negation as failure or constructive negation. We apply our method to a well known analysis for logic programs: the depth(k) analysis for approximating the set of computed answers. The analysis is correct w ..."
Abstract
- Add to MetaCart
In this paper we present a dataflow analysis method for normal logic programs interpreted with negation as failure or constructive negation. We apply our method to a well known analysis for logic programs: the depth(k) analysis for approximating the set of computed answers. The analysis is correct w.r.t. SLDNF resolution and optimal w.r.t. constructive negation.
Motivation Partial Stable Generated Models of Generalized Logic Programs with Constraints
"... Logic programs are an important knowledge representation tool. In many cases, definite logic programs are too restricted to formalize problems intuitively. Therefore definite logic programs have been extended in several ways by additional syntactic constructs such as negation and disjunction. A very ..."
Abstract
- Add to MetaCart
Logic programs are an important knowledge representation tool. In many cases, definite logic programs are too restricted to formalize problems intuitively. Therefore definite logic programs have been extended in several ways by additional syntactic constructs such as negation and disjunction. A very expressive program class are generalized logic programs. Their rules may contain any quantifier free formula in both their body and head. Definite, normal and disjunctive logic programs are special cases of generalized logic programs. Constraint logic programming, defined in [4], extends definite logic programs by constraints: logical expressions that describe special properties of the problem domain. The combination of these two extensions defines the syntax of generalized logic programs with constraints (�ÄÈ �). Declarative semantics provides a mathematically precise
Stable Generated Models of Generalized Constraint Logic Programs
"... t n ) is an atom of L(\Sigma R ; \Sigma F ; V; F ) iff p 2 \Sigma R with arity n and all t i are terms in Term(\Sigma F ; V ). Literals are elements of Lit P;C = L(\Sigma R ; \Sigma F ; V; fnotg). Given a (purely relational) program signature \Sigma R P and a constraint signature \Sig ..."
Abstract
- Add to MetaCart
t n ) is an atom of L(\Sigma R ; \Sigma F ; V; F ) iff p 2 \Sigma R with arity n and all t i are terms in Term(\Sigma F ; V ). Literals are elements of Lit P;C = L(\Sigma R ; \Sigma F ; V; fnotg). Given a (purely relational) program signature \Sigma R P and a constraint signature \Sigma C = (\Sigma R C ; \Sigma F C ) we define the constraint language L C = L(\Sigma R C ; \Sigma F C ; V; F ) (using constraint predicates only) and the program language<F
QoP and QoS Policy Cognizant Module Composition
"... Abstract—Component-based software engineering is generally recognized as one of the best methods to develop, deploy, and manage increasingly complex software systems. To enable the dynamic composition of software modules, it is often required to expose their functionality dependencies. This results ..."
Abstract
- Add to MetaCart
(Show Context)
Abstract—Component-based software engineering is generally recognized as one of the best methods to develop, deploy, and manage increasingly complex software systems. To enable the dynamic composition of software modules, it is often required to expose their functionality dependencies. This results the a well-known requires-provides specifications ’ model. In this paper, we introduce a framework that enables individual software components to specify their requires-provides interfaces in a policy dependent way. Our framework specifies policies as combinations of Constraint Logic Programming (CLP) based rules. Moreover, our policies are flexible and expressive, allowing the enforcement of multiple aspects for the requested composition including security and quality of service. We apply our framework to specify Quality of Protection (QoP) and Quality of Service (QoS) policies. We demonstrate the applicability of our policy language using as an example a teleconferencing application with diverse requirements for the specification of security and resource policies. Keywords-Policy-based software composition; Policies for software interfaces; Policies for aspect-oriented software I.
