Fine-grained access control via policy-carrying data

Julian A. Padget, Wamberto W. Vasconcelos*

*Corresponding author for this work

Research output: Contribution to journalArticle

1 Citation (Scopus)
7 Downloads (Pure)

Abstract

We address the problem of associating access policies with datasets and how to monitor compliance via policy-carrying data. Our contributions are a formal model in first-order logic inspired by normative multiagent systems to regulate data access, and a computational model for the validation of specific use cases and the verification of policies against criteria. Existing work on access policy identifies roles as a key enabler, with which we concur, but much of the rest focusses on authentication and authorization technology. Our proposal aims to address the normative principles put forward in Berners-Lee's bill of rights for the internet, through human-readable but machine-processable access control policies.

Original languageEnglish
Article number31
JournalACM Transactions on Internet Technology
Volume18
Issue number3
DOIs
Publication statusPublished - 2017

Fingerprint

Access control
Multi agent systems
Authentication
Internet
Compliance

Keywords

  • Action language
  • Answer set programming
  • Data sharing
  • Deontic logic
  • Privacy policy

ASJC Scopus subject areas

  • Computer Networks and Communications

Cite this

Fine-grained access control via policy-carrying data. / Padget, Julian A.; Vasconcelos, Wamberto W.

In: ACM Transactions on Internet Technology, Vol. 18, No. 3, 31, 2017.

Research output: Contribution to journalArticle

@article{2f5be5c11169426c8cc76e4fc350f89b,
title = "Fine-grained access control via policy-carrying data",
abstract = "We address the problem of associating access policies with datasets and how to monitor compliance via policy-carrying data. Our contributions are a formal model in first-order logic inspired by normative multiagent systems to regulate data access, and a computational model for the validation of specific use cases and the verification of policies against criteria. Existing work on access policy identifies roles as a key enabler, with which we concur, but much of the rest focusses on authentication and authorization technology. Our proposal aims to address the normative principles put forward in Berners-Lee's bill of rights for the internet, through human-readable but machine-processable access control policies.",
keywords = "Action language, Answer set programming, Data sharing, Deontic logic, Privacy policy",
author = "Padget, {Julian A.} and Vasconcelos, {Wamberto W.}",
note = "W. W. Vasconcelos acknowledges the support of the Engineering and Physical Sciences Research Council (EPSRC, UK) within the research project “Scrutable Autonomous Systems” (SAsSY, http://www.scrutable-systems.org, Grant ref. EP/J012084/1). Also in: Journal ACM Transactions on Reconfigurable Technology and Systems (TRETS) - Special Section on FCCM 2016 and Regular Papers TRETS Homepage archive Volume 11 Issue 1, March 2018 Article No. 31 ACM New York, NY, USA",
year = "2017",
doi = "10.1145/3133324",
language = "English",
volume = "18",
journal = "ACM Transactions on Internet Technology",
issn = "1533-5399",
publisher = "Association for Computing Machinery (ACM)",
number = "3",

}

TY - JOUR

T1 - Fine-grained access control via policy-carrying data

AU - Padget, Julian A.

AU - Vasconcelos, Wamberto W.

N1 - W. W. Vasconcelos acknowledges the support of the Engineering and Physical Sciences Research Council (EPSRC, UK) within the research project “Scrutable Autonomous Systems” (SAsSY, http://www.scrutable-systems.org, Grant ref. EP/J012084/1). Also in: Journal ACM Transactions on Reconfigurable Technology and Systems (TRETS) - Special Section on FCCM 2016 and Regular Papers TRETS Homepage archive Volume 11 Issue 1, March 2018 Article No. 31 ACM New York, NY, USA

PY - 2017

Y1 - 2017

N2 - We address the problem of associating access policies with datasets and how to monitor compliance via policy-carrying data. Our contributions are a formal model in first-order logic inspired by normative multiagent systems to regulate data access, and a computational model for the validation of specific use cases and the verification of policies against criteria. Existing work on access policy identifies roles as a key enabler, with which we concur, but much of the rest focusses on authentication and authorization technology. Our proposal aims to address the normative principles put forward in Berners-Lee's bill of rights for the internet, through human-readable but machine-processable access control policies.

AB - We address the problem of associating access policies with datasets and how to monitor compliance via policy-carrying data. Our contributions are a formal model in first-order logic inspired by normative multiagent systems to regulate data access, and a computational model for the validation of specific use cases and the verification of policies against criteria. Existing work on access policy identifies roles as a key enabler, with which we concur, but much of the rest focusses on authentication and authorization technology. Our proposal aims to address the normative principles put forward in Berners-Lee's bill of rights for the internet, through human-readable but machine-processable access control policies.

KW - Action language

KW - Answer set programming

KW - Data sharing

KW - Deontic logic

KW - Privacy policy

UR - http://www.scopus.com/inward/record.url?scp=85041733339&partnerID=8YFLogxK

U2 - 10.1145/3133324

DO - 10.1145/3133324

M3 - Article

AN - SCOPUS:85041733339

VL - 18

JO - ACM Transactions on Internet Technology

JF - ACM Transactions on Internet Technology

SN - 1533-5399

IS - 3

M1 - 31

ER -