a School of Computing and Information Technology, University of Western Sydney, Locked Bag 1797, Penrith South DC, NSW 1797, Australia
b Department of Computing, Macquarie University, North Ryde, NSW 2109, Australia
Abstract:
In this paper, we propose a logic based approach to specify and to reason about transformation of authorization policies. The authorization policy is specified using a policy base which comprises a finite set of facts and access constraints. We define the structure of the policy transformation and employ a model-based semantics to perform the transformation under the principle of minimal change. Furthermore, we extend model-based semantics by introducing preference ordering to resolve possible conflicts during transformation of policies. We also discuss the implementation of the model-based transformation approach and analyse the complexity of the algorithms introduced. Our system is able to represent both implicit and incomplete authorization requirements and reason about nonmonotonic properties.