摘要: We address the problem of authorization in large-scale, open, distributed systems. Authorization decisions are needed electronic commerce, mobile-code execution, remote resource sharing, privacy protection, and many other applications. adopt trust-management approach, which "authorization" is viewed as a "proof-of-compliance" problem: Does set credentials prove that request complies with policy?We develop logic-based language, called Delegation Logic (DL), to represent policies, credentials, requests authorization. In this paper, we describe D1LP, monotonic version DL. D1LP extends logic-programming (LP) language Datalog expressive delegation constructs feature depth wide variety complex principals (including, but not limited to, k-out-of-n thresholds). Our approach defining implementing based on tractably compiling programs into ordinary logic (OLPs). This compilation enables be implemented modularly top existing technologies for OLP, example, Prolog.As provides concept proof-of-compliance founded well-understood principles programming knowledge representation. also logical framework studying delegation.
acm.org
yale.edu 
stanford.edu 
columbia.edu 
sci-hub.se 参考文章(78)
J. W. Lloyd, Foundations of logic programming; (2nd extended ed.) Springer-Verlag New York, Inc.. ,(1987)
Konstantinos Sagonas, Terrance Swift, D Warren, None, The XSB Programming System. logic in databases. pp. 164- ,(1993)
Lee Naish, Types and the Intended Meaning of Logic Programs. Types in Logic Programming. pp. 189- 216 ,(1992)
Angelos D. Keromytis, John Ioannidis, Joan Feigenbaum, Matt Blaze, The KeyNote trust management system version2, IETF RFC 2704 ,(1999)
Benjamin N. Grosof, Prioritized Conflict Handling for Logic Programs. ILPS. pp. 197- 211 ,(1997)
Ueli Maurer, Modelling a Public-Key Infrastructure european symposium on research in computer security. pp. 325- 350 ,(1996) , 10.1007/3-540-61770-1_45
Ninghui Li, William H. Winsborough, John C. Mitchell, Distributed credential chain discovery in trust management Journal of Computer Security. ,vol. 11, pp. 35- 86 ,(2003) , 10.3233/JCS-2003-11102
Tuomas Aura, Fast Access Control Decisions from Delegation Certificate Databases australasian conference on information security and privacy. pp. 284- 295 ,(1998) , 10.1007/BFB0053741
Matt Blaze, Joan Feigenbaum, John Ioannidis, Angelos D. Keromytis, The role of trust management in distributed systems security Secure Internet programming. pp. 185- 210 ,(2001) , 10.1007/3-540-48749-2_8
James Gosling, David Colin Holmes, Ken Arnold, None, The Java Programming Language ,(1996)