Imperial College London
Portrait Picture

ProfessorMorrisSloman

Faculty of EngineeringDepartment of Computing

Emeritus Professor of Distributed Systems Management
 
 
 
//

Contact

 

m.sloman Website

 
 
//

Location

 

Huxley BuildingSouth Kensington Campus

//

Summary

 

Publications

Citation

BibTex format

@article{Marinovic:2014,
author = {Marinovic, S and Dulay, N and Sloman, MS},
journal = {ACM Transactions on Information and System Security},
title = {Rumpole - An Introspective Break-glass Access Control Language},
url = {http://hdl.handle.net/10044/1/13790},
year = {2014}
}
Download

RIS format (EndNote, RefMan)

TY  - JOUR
AB  - Access control policies define what resources can be accessed by which subjects and under which conditions. It is, however, often not possible to anticipate all subjects that should be permitted access and the conditions under which they should be permitted. For example, predicting and correctly encoding all emergency and exceptional situations is impractical. Traditional access control models simply deny all requests that are not permitted, and in doing so may cause unpredictable and unacceptable consequences. To overcome this issue, break-glass access control models permit a subject to override an access control denial, if he accepts a set of obligatory actions and certain override conditions are met. Existing break-glass models are limited in how the override decision is specified. They either grant overrides for a pre-defined set of exceptional situations, or they grant unlimited overrides to selected subjects, and as such they suffer from the difficulty of correctly encoding and predicting all override situations and permissions. To address this, we develop Rumpole, a novel break-glass language that explicitly represents and infers knowledge gaps and knowledge conflicts about the subject’s attributes and the contextual conditions, such as emergencies. For example, a Rumpole policy can distinguish whether or not it is known that an emergency holds. This leads to a more informed decision for an override request, whereas current break-glass languages simply assume that there is no emergency if the evidence for it is missing. To formally define Rumpole, we construct a novel many- valued logic programming language called Beagle. It has a simple syntax similar to that of Datalog, and its semantics is an extension of Fitting’s bilattice-based semantics for logic programs. Beagle is a knowledge non-monotonic langauge, and as such is strictly more expressive than current many-valued logic program- ming languages.
AU  - Marinovic,S
AU  - Dulay,N
AU  - Sloman,MS
PY  - 2014///
TI  - Rumpole - An Introspective Break-glass Access Control Language
T2  - ACM Transactions on Information and System Security
UR  - http://hdl.handle.net/10044/1/13790
ER  -
Download