Declarative authorization languages promise to simplify the administration of access control systems by allowing the authorization policy to be factored out of the implementation of the resource guard. However, writing a correct policy is an error-prone task by itself, and little attention has been given to tools and techniques facilitating the analysis of complex policies, especially in the context of access denials. We propose the use of abduction for policy analysis, for explaining access denials and for automated delegation. We show how a deductive policy evaluation algorithm can be conservatively extended to perform abduction on Datalog-based authorization policies, and present soundness, completeness and termination results. © Springer-Verlag Berlin Heidelberg 2008.
CITATION STYLE
Becker, M. Y., & Nanz, S. (2007). The role of abduction in declarative authorization policies. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 4902 LNCS, pp. 84–99). https://doi.org/10.1007/978-3-540-77442-6_7
Mendeley helps you to discover research relevant for your work.