Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

Share this Page URL

23.4 Formal Methods > 23.4.3 Binary Decision Diagrams - Pg. 589

CHAPTER 23 Policies, Access Control, and Formal Methods f 589 based on C-Datalog [37], is able to represent protected objects, subjects, permissions, possibly organized into hierarchies, sessions, positive/neg- ative authorizations, and explicit/implicit autho- rizations. An important characteristic of this framework is that it does not impose any specific conflict resolution policy to deal with the simul- taneous presence of both positive and negative authorizations for the same object, subject, and privilege. Rather, it supports the specification of arbitrary conflict resolution policies and provides a semantics that is parameterized with respect to such a policy. Other notable examples of use of logic programming are represented by the tem- poral authorization model by Bertino et al. [15], which uses Datalog extended with nonmonotonic negation, periodicity, and gap-order constraints, and the access control model for workflows by Bertino et al. [38], which uses logic programs to model and reason on separation of duties con- t a NA Y FIGURE 23-7 An example of an access control policy encoded by a binary decision diagram. Nonterminal nodes in such a graph are called decision nodes; each decision node is labeled by