Fine-grained access control via policy-carrying data

Julian A. Padget; Wamberto W. Vasconcelos

doi:10.1145/3133324

Fine-grained access control via policy-carrying data

Julian A. Padget, Wamberto W. Vasconcelos^*

^*Corresponding author for this work

Computing Science

Research output: Contribution to journal › Article › peer-review

4 Citations (Scopus)

10 Downloads (Pure)

Abstract

We address the problem of associating access policies with datasets and how to monitor compliance via policy-carrying data. Our contributions are a formal model in first-order logic inspired by normative multiagent systems to regulate data access, and a computational model for the validation of specific use cases and the verification of policies against criteria. Existing work on access policy identifies roles as a key enabler, with which we concur, but much of the rest focusses on authentication and authorization technology. Our proposal aims to address the normative principles put forward in Berners-Lee's bill of rights for the internet, through human-readable but machine-processable access control policies.

Original language	English
Article number	31
Journal	ACM Transactions on Internet Technology
Volume	18
Issue number	3
DOIs	https://doi.org/10.1145/3133324
Publication status	Published - 2017

Keywords

Action language
Answer set programming
Data sharing
Deontic logic
Privacy policy

Access to Document

10.1145/3133324Licence: Unspecified

Accepted Manuscript
© ACM, 2018. This is the author's version of the work. It is posted here by permission of ACM for your personal use. Not for redistribution. The definitive version was published in ACM Transactions on Internet Technology (TOIT), VOL 18, ISS 3, May 2017 http://doi.acm.org/10.1145/3133324
Accepted author manuscript, 587 KBLicence: Other

https://dl.acm.org/authorize?N43239Licence: Unspecified

Cite this

@article{2f5be5c11169426c8cc76e4fc350f89b,

title = "Fine-grained access control via policy-carrying data",

abstract = "We address the problem of associating access policies with datasets and how to monitor compliance via policy-carrying data. Our contributions are a formal model in first-order logic inspired by normative multiagent systems to regulate data access, and a computational model for the validation of specific use cases and the verification of policies against criteria. Existing work on access policy identifies roles as a key enabler, with which we concur, but much of the rest focusses on authentication and authorization technology. Our proposal aims to address the normative principles put forward in Berners-Lee's bill of rights for the internet, through human-readable but machine-processable access control policies.",

keywords = "Action language, Answer set programming, Data sharing, Deontic logic, Privacy policy",

author = "Padget, {Julian A.} and Vasconcelos, {Wamberto W.}",

note = "W. W. Vasconcelos acknowledges the support of the Engineering and Physical Sciences Research Council (EPSRC, UK) within the research project “Scrutable Autonomous Systems” (SAsSY, http://www.scrutable-systems.org, Grant ref. EP/J012084/1). Also in: Journal ACM Transactions on Reconfigurable Technology and Systems (TRETS) - Special Section on FCCM 2016 and Regular Papers TRETS Homepage archive Volume 11 Issue 1, March 2018 Article No. 31 ACM New York, NY, USA ",

year = "2017",

doi = "10.1145/3133324",

language = "English",

volume = "18",

journal = "ACM Transactions on Internet Technology",

issn = "1533-5399",

publisher = "Association for Computing Machinery (ACM)",

number = "3",

}

TY - JOUR

T1 - Fine-grained access control via policy-carrying data

AU - Padget, Julian A.

AU - Vasconcelos, Wamberto W.

N1 - W. W. Vasconcelos acknowledges the support of the Engineering and Physical Sciences Research Council (EPSRC, UK) within the research project “Scrutable Autonomous Systems” (SAsSY, http://www.scrutable-systems.org, Grant ref. EP/J012084/1). Also in: Journal ACM Transactions on Reconfigurable Technology and Systems (TRETS) - Special Section on FCCM 2016 and Regular Papers TRETS Homepage archive Volume 11 Issue 1, March 2018 Article No. 31 ACM New York, NY, USA

PY - 2017

Y1 - 2017

N2 - We address the problem of associating access policies with datasets and how to monitor compliance via policy-carrying data. Our contributions are a formal model in first-order logic inspired by normative multiagent systems to regulate data access, and a computational model for the validation of specific use cases and the verification of policies against criteria. Existing work on access policy identifies roles as a key enabler, with which we concur, but much of the rest focusses on authentication and authorization technology. Our proposal aims to address the normative principles put forward in Berners-Lee's bill of rights for the internet, through human-readable but machine-processable access control policies.

AB - We address the problem of associating access policies with datasets and how to monitor compliance via policy-carrying data. Our contributions are a formal model in first-order logic inspired by normative multiagent systems to regulate data access, and a computational model for the validation of specific use cases and the verification of policies against criteria. Existing work on access policy identifies roles as a key enabler, with which we concur, but much of the rest focusses on authentication and authorization technology. Our proposal aims to address the normative principles put forward in Berners-Lee's bill of rights for the internet, through human-readable but machine-processable access control policies.

KW - Action language

KW - Answer set programming

KW - Data sharing

KW - Deontic logic

KW - Privacy policy

UR - http://www.scopus.com/inward/record.url?scp=85041733339&partnerID=8YFLogxK

U2 - 10.1145/3133324

DO - 10.1145/3133324

M3 - Article

AN - SCOPUS:85041733339

VL - 18

JO - ACM Transactions on Internet Technology

JF - ACM Transactions on Internet Technology

SN - 1533-5399

IS - 3

M1 - 31

ER -

Fine-grained access control via policy-carrying data

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this