Reasoning about the state change of authorization policie

Abstract

Reasoning about authorization policies has been a prominent issue in information security research. In a complex information sharing and exchange environment, a user’s request may initiate a sequence of executions of authorization commands in order to decide whether such request should be granted or denied. Becker and Nanz’s logic of State- Modifying Policies (SMP) is a formal system addressing such problem in access control. In this paper, we provide a declarative semantics for SMP through a translation from SMP to Answer Set Programming (ASP). We show that our translation is sound and complete for bounded SMP reasoning. With this translation, we are able not only to directly compute users’ authorization query answers, but also to specifically extract information of how users’ authorization states change in relation to the underlying query answering. In this way, we eventually avoid SMP’s tedious proof system and significantly simply the SMP reasoning process. Furthermore, we argue that the proposed ASP translation of SMP also provides a flexibility to enhance SMP’s capacity for accommodating more complex authorization reasoning problems that the current SMP lacks.