Fine-Grained Access Control via Policy-Carrying Data

Julian Padget; Wamberto Vasconcelos

doi:10.1145/3133324

Fine-Grained Access Control via Policy-Carrying Data

Julian Padget, Wamberto Vasconcelos

Research output: Contribution to journal › Article › peer-review

3 Citations (SciVal)

163 Downloads (Pure)

Abstract

We address the problem of associating access policies with datasets and how to monitor compliance via policy-carrying data. Our contributions are a formal model in first-order logic inspired by normative multiagent systems to regulate data access, and a computational model for the validation of specific use cases and the verification of policies against criteria. Existing work on access policy identifies roles as a key enabler, with which we concur, but much of the rest focusses on authentication and authorization technology. Our proposal aims to address the normative principles put forward in Berners-Lee's bill of rights for the internet, through human-readable but machine-processable access control policies.

Original language	English
Article number	31
Journal	ACM Transactions on Internet Technology
Volume	18
Issue number	3
DOIs	https://doi.org/10.1145/3133324
Publication status	Published - 1 Mar 2018

Keywords

Action language
Answer set programming
Data sharing
Deontic logic
Privacy policy

ASJC Scopus subject areas

Computer Networks and Communications

Access to Document

10.1145/3133324

fine-grained-access
© ACM, 2018. This is the author's version of the work. It is posted here by permission of ACM for your personal use. Not for redistribution. The definitive version was published in ACM Transactions on Internet Technology, Volume 18 Issue 3, (April 2018) http://doi.acm.org/10.1145/3133324
Accepted author manuscript, 524 KB

Cite this

@article{f55714562c1641eabe5a09dd182c879d,

title = "Fine-Grained Access Control via Policy-Carrying Data",

abstract = "We address the problem of associating access policies with datasets and how to monitor compliance via policy-carrying data. Our contributions are a formal model in first-order logic inspired by normative multiagent systems to regulate data access, and a computational model for the validation of specific use cases and the verification of policies against criteria. Existing work on access policy identifies roles as a key enabler, with which we concur, but much of the rest focusses on authentication and authorization technology. Our proposal aims to address the normative principles put forward in Berners-Lee's bill of rights for the internet, through human-readable but machine-processable access control policies.",

keywords = "Action language, Answer set programming, Data sharing, Deontic logic, Privacy policy",

author = "Julian Padget and Wamberto Vasconcelos",

year = "2018",

month = mar,

day = "1",

doi = "10.1145/3133324",

language = "English",

volume = "18",

journal = "ACM Transactions on Internet Technology",

issn = "1533-5399",

publisher = "Association for Computing Machinery",

number = "3",

}

TY - JOUR

T1 - Fine-Grained Access Control via Policy-Carrying Data

AU - Padget, Julian

AU - Vasconcelos, Wamberto

PY - 2018/3/1

Y1 - 2018/3/1

N2 - We address the problem of associating access policies with datasets and how to monitor compliance via policy-carrying data. Our contributions are a formal model in first-order logic inspired by normative multiagent systems to regulate data access, and a computational model for the validation of specific use cases and the verification of policies against criteria. Existing work on access policy identifies roles as a key enabler, with which we concur, but much of the rest focusses on authentication and authorization technology. Our proposal aims to address the normative principles put forward in Berners-Lee's bill of rights for the internet, through human-readable but machine-processable access control policies.

AB - We address the problem of associating access policies with datasets and how to monitor compliance via policy-carrying data. Our contributions are a formal model in first-order logic inspired by normative multiagent systems to regulate data access, and a computational model for the validation of specific use cases and the verification of policies against criteria. Existing work on access policy identifies roles as a key enabler, with which we concur, but much of the rest focusses on authentication and authorization technology. Our proposal aims to address the normative principles put forward in Berners-Lee's bill of rights for the internet, through human-readable but machine-processable access control policies.

KW - Action language

KW - Answer set programming

KW - Data sharing

KW - Deontic logic

KW - Privacy policy

UR - http://www.scopus.com/inward/record.url?scp=85041733339&partnerID=8YFLogxK

U2 - 10.1145/3133324

DO - 10.1145/3133324

M3 - Article

VL - 18

JO - ACM Transactions on Internet Technology

JF - ACM Transactions on Internet Technology

SN - 1533-5399

IS - 3

M1 - 31

ER -

Fine-Grained Access Control via Policy-Carrying Data

Abstract

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Julian Padget

Cite this

Fine-Grained Access Control via Policy-Carrying Data

Abstract

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Profiles

Julian Padget

Cite this