Abstract
Past generations of access control systems, when faced with an access request, have issued a “yes” (resp. “no”) answer to the access request resulting in access being granted (resp. denied). In this chapter, we argue that for the world’s rapidly proliferating business to business (B2B) applications and auctions, “yes/no” responses are just not enough. We propose the notion of a “provisional authorization” which intuitively says “You may perform the desired access provided you cause condition C to be satisfied.” For instance, a user accessing an online brokerage may receive some information if he fills out his name/address, but not otherwise. While a variety of such provisional authorization mechanisms exist on the web, they are all hardcoded on an application by application basis. We show that given (almost) any logic L, we may define a provisional authorization specification language pASLL. pASLL is based on the declarative, polynomially evaluable authorization specification language ASL proposed by Jajodia et al [JSS97]. We define programs in pASLL, and specify how given any access request, we must find a “weakest” precondition under which the access can be granted (in the worst case, if this weakest precondition is “false” this amounts to a denial). We develop a model theoretic semantics for pASLL and show how it can be applied to online sealed-bid auction servers and online contracting.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
K. Arisha, T. Eiter, S. Kraus, F. Ozcan, R. Ross, and V. S. Subrahmanian. IMPACT: Interactive Maryland Platform for Agents Collaborating Together. IEEE Intelligent Systems, pages 64–72, March 1999.
M. Blaze, J. Feigenbaum, J. Ioannidis, and A. Keromytis. The KeyNote trust management system (version 2). Technical report, Internet RFC,http://www.cis.upenn.edu/angelos/Papers/rfcnnnn.txt
M. Blaze, J. Feigenbaum, and J. Lacy. Decentralized trust management. In Proc. IEEE Symp. on Security and Privacy, pages 164–173, May 1996.
D. F. C. Brewer and M. J. Nash. The Chinese wall security policy. In Proc. Symp. on Security and Privacy, pages 215–228, Oakland, CA, May 1989.
Silvana Castano, Mariagrazia Fugini, Giancarlo Martella, and Pierangela Samarati. Database Security. Addison-Wesley, Reading, MA, 1994.
Dorothy E. Denning. Cryptography and Data Security. Addison-Wesley, Reading, MA, 1983.
M. K. Franklin and M. K. Reiter. The design and implementation of a secure auction service. IEEE Trans. on Software Engineering,22(5):302–312, May 1996.
Sushil Jajodia, Pierangela Samarati, and V. S. Subrahmanian. A logical language for expressing authorizations. In Proc. IEEE Symp. on Security and Privacy, pages 31–42, Oakland, CA, May 1997.
[] Sushil Jajodia, Pierangela Samarati, V. S. Subrahmanian, and Elisa Bertino. A unified framework for enforcing multiple access control policies. In Proc. ACM SIGMOD Int’l. Conf. on Management of Data, pages 474–485, Tucson, AZ, May 1997.
[] Manoj Kumar and Stuart I. Feldman. Internet auctions. In Third USENIX Workshop on Electronic Commerce, 1998.
Charlie Kaufman, Radia Perlman, and Make Speciner. Network Security: Private Communication in a Public World. Prentice—Hall, Englewood Cliffs, NJ, 1995.
Michiharu Kudo. Secure electronic sealed-bid auction protocol with public key cryptography. IEICE Transactions on Fundamentals of Electronics,Communications and Computer Sciences, E81-A(1), January 1998.
J. W. Lloyd. Foundations of Logic Programming. Springer, 1987.
Paul Milgrom. Auctions and bidding: A primer. Journal of Economic Perspectives, 3(3):3–22, Summer 1989.
R.P McAfee and John McMillan. Auctions and bidding. Journal of Economic Literature, 25(2):699–738, June 1987.
T. Przymusinski. On the declarative semantics of deductive databases and logic programs In J. Minker, editor, Foundations of deductive databases,pages 193–216. Morgan Kaufmann, San Mateo, 1988.
[] J. Shoenfield. Mathematical Logic. Addison Wesly, 1967.
J. G. Stener, B. C. Neuman, and J. I. Schiller. Kerberos: An authentication service for open network systems. In Proc. USENIX Conf., February 1988.
David Vickrey. Counter speculation, auctions, and competitive sealed tenders. Journal of Finance, pages 9–37, March 1961.
Thomas Y. C. Woo and Simon S. Lam. Authorizations in distributed systems: A new approach. Journal of Computer Security, 2(2,3):107–136, 1993.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2001 Springer Science+Business Media New York
About this chapter
Cite this chapter
Jajodia, S., Kudo, M., Subrahmanian, V.S. (2001). Provisional Authorizations. In: Ghosh, A.K. (eds) E-Commerce Security and Privacy. Advances in Information Security, vol 2. Springer, Boston, MA. https://doi.org/10.1007/978-1-4615-1467-1_8
Download citation
DOI: https://doi.org/10.1007/978-1-4615-1467-1_8
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4613-5568-7
Online ISBN: 978-1-4615-1467-1
eBook Packages: Springer Book Archive