Chao Huang,Jianling Sun,Xinyu Wang,Yuanjie Si

DOI: https://doi.org/10.1109/ebiss.2009.5138002

2009-01-01

Abstract:Access control becomes more and more essential for safe and security access to the system resources. Role based access control policy widely used in industry enterprise systems nowadays is a statement which specifies the rules about how to setup the process for granting or denying authorizations. It is extremely important to make sure that there is no inconsistency of an access control policy, since otherwise it may conceal the security danger or even break down the entire access control system. In this paper, we analyze the inconsistencies of role based access control policy, and give the formal definition for the inconsistency. We then propose an inconsistency checking algorithm to detect the inconsistencies of a role based access control policy.

Liao Beishui,Huang Huaxin

DOI: https://doi.org/10.19862/j.cnki.xsyk.2013.06.007

2013-01-01

Abstract:As a development of classical nonmonotonic logic,argumentation logic(also called abstract argumentation theory,and formal argumentation,etc.) provides a general mechanism to handle the problems of inconsistency in various situations.It captures the common properties of various reasoning systems in a context of disagreement by using abstract arguments and attack relations,and defines the acceptability of arguments by establishing general evaluation criteria(called argumentation semantics).This makes argumentation logic generally applicable to various situations.First,since the evaluation of the status of arguments is only related to the attack relations among them,the types,origins,representation languages and methods,of underlying knowledge,are allowed to be diverse.Second,the evaluation criteria corresponding to certain argumentation semantics are suitable to various applications.Third,argumentation logic not only supports the epistemic reasoning and the practical reasoning of individual agents,but also supports the reasoning in the process of multiagent interaction(e.g.,persuasion,disputation,negotiation,etc).Currently,the emphasis of the research of argumentation logic is on the definitions and computational methods of argumentation semantics,the instantiation approaches of argumentation semantics,and the applications of argumentation semantics,etc.

Peng Liu,Jian-bin Hu,Zhong Chen

DOI: https://doi.org/10.1109/WI.2005.2

2005-01-01

Abstract:Although several access control policies have been proposed for securing access to resources, they focused on security of distributed environments that were rather static. Nowadays distributed environment becomes open and dynamic. In this paper, we propose a formal language for access control policies in open and dynamic environment. The language is based on description logic program and generalized courteous logic program supporting classical negation, prioritized conflict handling and mutual exclusion constraints. The language allows the specification of positive and negative authorization, privilege delegation and revocation, prioritized conflict resolution and mutual authorization exclusions.

LIAO Bei-Shui,DAI Jian-Hua

DOI: https://doi.org/10.3969/j.issn.1003-6059.2012.04.011

2012-01-01

Pattern Recognition and Artificial Intelligence

Abstract:Most of existing theories and methods for belief revision, deliberation, means-ends reasoning etc. are based on classical first order logic, and therefore effective mechanisms are absent in handling incomplete and inconsistent knowledge. Argumentation-based non-monotonic reasoning, including epistemic reasoning and practical reasoning, has become a promising theory to solve the above-mentioned problem. However, as an emerging research area, the basic notions, theories, methods, as well as the existing research problems, are still unclear. In this paper, after presenting the basic notions of argumentation, the recent development of argumentation-based non-monotonic reasoning of agents is analyzed. Finally, some challenging problems are discussed, and the possible future work is pointed out.

XIE Kai-bo,LIAO Bei-shui

DOI: https://doi.org/10.3969/j.issn.1674-8425(s).2013.09.007

2013-01-01

Abstract:As first-order logic alone cannot depict the non-monotony in the human reasoning process,logicians try to establish new logic systems to deal with this problem,and these new systems are called non-monotonic logic.Traditionally,they adopt the way of consistency and unprovability.However,since the late 1980s and early 1990s,more and more logicians have begun to use a new way to realize the non-monotony of reasoning,which is argumentation.This paper will expound argumentation system and how argumentation framework is used to depict non-monotonic reasoning,and analyze the connections between them.

Jieting Luo,Beishui Liao,Dov Gabbay

DOI: https://doi.org/10.3233/faia220157

2022-01-01

Comma

Abstract:Autonomous agents are supposed to be able to finish tasks or achieve goals that are assigned by their users through performing a sequence of actions. Since there might exist multiple plans that an agent can follow and each plan might promote or demote different values along each action, the agent should be able to resolve the conflicts between them and evaluate which plan he should follow. In this paper, we develop a logic-based framework that combines modal logic and argumentation for value-based practical reasoning with plans. Modal logic is used as a technique to represent and verify whether a plan with its local properties of value promotion or demotion can be followed to achieve an agent's goal. We then propose an argumentation-based approach that allows an agent to reason about his plans in the form of supporting or objecting to a plan using the verification results.

Chen-hua Ma,Guo-dong Lu,Jiong Qiu

DOI: https://doi.org/10.1631/jzus.a0820366

2009-01-01

Journal of Zhejiang University SCIENCE A

Abstract:The specification of authorization policies in access control models proposed so far cannot satisfy the requirements in workflow management systems (WFMSs). Furthermore, existing approaches have not provided effective conflict detection and resolution methods to maintain the consistency of authorization polices in WFMSs. To address these concerns, we propose the definition of authorization policies in which context constraints are considered and the complicated requirements in WFMSs can be satisfied. Based on the definition, we put forward static and dynamic conflict detection methods for authorization policies. By defining two new concepts, the precedence establishment rule and the conflict resolution policy, we provide a flexible approach to resolving conflicts.

Xiaowang Zhang,Guohui Xiao,Zuoquan Lin,Jan Van den Bussche

DOI: https://doi.org/10.1016/j.ijar.2013.09.005

IF: 4.452

2014-01-01

International Journal of Approximate Reasoning

Abstract:The Web Ontology Language (OWL) is a family of description logic based ontology languages for the Semantic Web and gives well defined meaning to web accessible information and services. The study of inconsistency-tolerant reasoning with description logic knowledge bases is especially important for the Semantic Web since knowledge is not always perfect within it. An important challenge is strengthening the inference power of inconsistency-tolerant reasoning because it is normally impossible for paraconsistent logics to obey all important properties of inference together. This paper presents a non-classical DL called quasi-classical description logic (QCDL) to tolerate inconsistency in OWL DL which is a most important sublanguage of OWL supporting those users who want the maximum expressiveness while retaining computational completeness (i.e., all conclusions are guaranteed to be computable) and decidability (i.e., all computations terminate in finite time). Instead of blocking those inference rules, we validate them conditionally and partially, under which more useful information can still be inferred when inconsistency occurs. This new non-classical DL possesses several important properties as well as its paraconsistency in DL, but it does not bring any extra complexity in worst case. Finally, a transformation-based algorithm is proposed to reduce reasoning problems in QCDL to those in DL so that existing OWL DL reasoners can be used to implement inconsistency-tolerant reasoning. Based on this algorithm, a prototype OWL DL paraconsistent reasoner called PROSE is implemented. Preliminary experiments show that PROSE produces more intuitive results for inconsistent knowledge bases than other systems in general.

Wei Zhang,Zuoquan Lin

DOI: https://doi.org/10.1109/skg.2012.5

2012-01-01

Abstract:The ANSI RBAC standard provides no mechanism for access policies. This paper employs answer set programming (ASP) as the policy language and presents a new logic-based RBAC formalization framework. The powerful expression ability of ASP ensures the representation of various policies, while high-efficient answer set solvers help our framework suit for reasoning in industrial level applications. We show that properties of the proposed framework support flexible policies well. Furthermore, systems based on the proposed framework are proved to be safe and available.

Heather L. Parrish,C. Glassman,Madeline M. Keenen,Neha R. Deshpande,M. Bronnimann,M. Kuhns

DOI: https://doi.org/10.1371/journal.pone.0132333

IF: 3.7

2015-07-06

PLoS ONE

Abstract:CD4 interactions with class II major histocompatibility complex (MHC) molecules are essential for CD4+ T cell development, activation, and effector functions. While its association with p56lck (Lck), a Src kinase, is important for these functions CD4 also has an Lck-independent role in TCR signaling that is incompletely understood. Here, we identify a conserved GGxxG motif in the CD4 transmembrane domain that is related to the previously described GxxxG motifs of other proteins and predicted to form a flat glycine patch in a transmembrane helix. In other proteins, these patches have been reported to mediate dimerization of transmembrane domains. Here we show that introducing bulky side-chains into this patch (GGxxG to GVxxL) impairs the Lck-independent role of CD4 in T cell activation upon TCR engagement of agonist and weak agonist stimulation. However, using Forster’s Resonance Energy Transfer (FRET), we saw no evidence that these mutations decreased CD4 dimerization either in the unliganded state or upon engagement of pMHC concomitantly with the TCR. This suggests that the CD4 transmembrane domain is either mediating interactions with an unidentified partner, or mediating some other function such as membrane domain localization that is important for its role in T cell activation.

Nico Roos

2024-11-15

Abstract:In many situations humans have to reason with inconsistent knowledge. These inconsistencies may occur due to not fully reliable sources of information. In order to reason with inconsistent knowledge, it is not possible to view a set of premisses as absolute truths as is done in predicate logic. Viewing the set of premisses as a set of assumptions, however, it is possible to deduce useful conclusions from an inconsistent set of premisses. In this paper a logic for reasoning with inconsistent knowledge is described. This logic is a generalization of the work of N. Rescher [15]. In the logic a reliability relation is used to choose between incompatible assumptions. These choices are only made when a contradiction is derived. As long as no contradiction is derived, the knowledge is assumed to be consistent. This makes it possible to define an argumentation-based deduction process for the logic. For the logic a semantics based on the ideas of Y. Shoham [22, 23], is defined. It turns out that the semantics for the logic is a preferential semantics according to the definition S. Kraus, D. Lehmann and M. Magidor [12]. Therefore the logic is a logic of system P and possesses all the properties of an ideal non-monotonic logic.

Artificial Intelligence

Xiaowang Zhang,Zuoquan Lin

DOI: https://doi.org/10.1007/s10844-012-0230-7

2012-01-01

Journal of Intelligent Information Systems

Abstract:This paper presents an argumentation framework for reasoning and management in (inconsistent or incoherent) description logic ontologies which contain conflicts. First, a new argumentation framework obtained by combining Besnard and Hunter's framework with binary argumentation is introduced to frame the inner relation over axioms in an ontology. A dialogue mechanism, based on this framework, is then presented to derive meaningful consequences from inconsistent ontologies. Three novel operators are developed to repair those axioms or assertions which cause inconsistency or incoherency of ontologies by using this framework. Within this framework, an inconsistency is neither directly assigned a contradictory value nor roughly removed but further analyzed and evaluated. Because of this, reasoning within it satisfies some important logical properties such as consistency-preserving and justifiability. Moreover, it provides an alternative scenario for maintaining consistency and coherency of ontologies with giving consideration to both semantics and syntax. Thus the repaired results by using the proposed framework not only keep the closer semantics but also preserve the syntactic structure of original ontologies.

Yue Ma,Pascal Hitzler,Zuoquan Lin

2008-01-01

Abstract:In an open, constantly changing and collaborative environment like the forthcoming Semantic Web, it is reasonable to expect that knowledge sources will contain noise and inaccuracies. Practical reasoning techniques for ontologies therefore will have to be tolerant to this kind of data, including the ability to handle inconsistencies in a meaningful way and to measure inconsistency degree of an inconsistent knowledge base. For this purpose, we employ paraconsistent semantics based on four-valued logic, which is a classical method for dealing with inconsistencies in knowledge bases. Its transfer to OWL DL has the following advantages: 1) It can be implemented by invoking classical reasoners and keeps the same complexity as classical inference. This is innovative with respect to other inconsistency handling approaches which get much higher complexity than classical inference. 2) It works well on kinds of description logics, such as basic ALC, on more expressive description logic SHIQ, and on tractable description logics including EL++, DL-Lite, and Horn-DLs. 3) It provides us with a direct way to define a syntax-independent measurement of inconsistency degree which provides context information for facilitating inconsistency handling.

Jason Crampton,James Sellwood

DOI: https://doi.org/10.48550/arXiv.1406.4988

2014-06-19

Cryptography and Security

Abstract:Traditional authorization policies are user-centric, in the sense that authorization is defined, ultimately, in terms of user identities. We believe that this user-centric approach is inappropriate for many applications, and that what should determine authorization is the relationships that exist between entities in the system. While recent research has considered the possibility of specifying authorization policies based on the relationships that exist between peers in social networks, we are not aware of the application of these ideas to general computing systems. We develop a formal access control model that makes use of ideas from relationship-based access control and a two-stage method for evaluating policies. Our policies are defined using path conditions, which are similar to regular expressions. We define semantics for path conditions, which we use to develop a rigorous method for evaluating policies. We describe the algorithm required to evaluate policies and establish its complexity. Finally, we illustrate the advantages of our model using an example and describe a preliminary implementation of our algorithm.

Mingjie Yu,Fenghua Li,Nenghai Yu,Xiao Wang,Yunchuan Guo

DOI: https://doi.org/10.1016/j.dcan.2022.09.002

IF: 6.348

2022-10-01

Digital Communications and Networks

Abstract:Policy conflicts may cause substantial economic losses. Although a large amount of effort has been spent on detecting intra-domain policy conflict, it can not detect conflicts of heterogeneous policies. In this paper, considering background knowledge, we propose a conflict detection mechanism to search and locate conflicts of heterogeneous policies. First, we propose a general access control model to describe authorization mechanisms of cloud service and a translation scheme designed to translate a cloud service policy to an Extensible Access Control Markup Language (XACML) policy. Then the scheme based on Multi-terminal Multi-data-type Interval Decision Diagram (MTMIDD) and Extended MTMIDD (X-MTMIDD) is designed to represent XACML policy and search the conflict among heterogeneous policies. To reduce the rate of false positives, the description logic is used to represent XACML policy and eliminate false conflicts. Experimental results show the efficiency of our scheme.

telecommunications

Jason Crampton,James Sellwood

DOI: https://doi.org/10.48550/arXiv.1505.07945

2015-09-19

Abstract:Recent work on relationship-based access control has begun to show how it can be applied to general computing systems, as opposed to simply being employed for social networking applications. The use of relationships to determine authorization policies enables more powerful policies to be defined than those based solely on the commonly used concept of role membership. The relationships, paths and principal matching (RPPM) model described here is a formal access control model using relationships and a two-stage request evaluation process. We make use of path conditions, which are similar to regular expressions, to define policies. We then employ non-deterministic finite automata to determine which policies are applicable to a request. The power and robustness of the RPPM model allows us to include contextual information in the authorization process (through the inclusion of logical entities) and allows us to support desirable policy foundations such as separation of duty and Chinese Wall. Additionally, the RPPM model naturally supports a caching mechanism which has significant impact on request evaluation performance.

Cryptography and Security

Xiaowang Zhang,Zuoquan Lin

DOI: https://doi.org/10.1007/978-3-540-88737-9_18

2008-01-01

Abstract:Description logics are a family of knowledge representation formalism which descended from semantic networks. During the past decade, the important reasoning problems such as satisfiability and subsumption have been handled by tableau-like algorithms. Description logics are practical monotonic logics which, though imparting strong and conclusive reasoning mechanisms, lack the flexibility of non-monotonic reasoning mechanisms. In recent years, the study of inconsistency handling in description logics becomes more and more important. Some technologies are being applied to handle inconsistency in description logic. Quasi-classical logic, which allows the derivation of nontrivial classical inferences from inconsistent information, supports many important proof rules such as modus tollens, modus ponens, and disjunctive syllogism. In this paper, we consider the characters of ALC with Quasi-classical semantics and develop a sound and complete tableau algorithm for paraconsistent reasoning in ALC.

Hua Wang,Jing Ying

DOI: https://doi.org/10.1109/icmlc.2007.4370543

2007-01-01

Abstract:A recent approach to monitor and adapt system behavior at runtime is to decouple one or more external modules and self-adaptive mechanism from the target system. An important challenge arises when more than one such self-adaptive module is employed: how can we ensure that they cooperate without conflicts in a coherent fashion? This paper describes our initial approach for harmonizing conflicting policies in the presence of multiple self-adaptive modules. The main distribution of the paper is to resolve conflicts using an extended ECA rule paradigm to coordinate self-adaptive actions among multiple external modules. The approach shares advantages with other policy languages, i.e., the declarative and domain-independent semantics of policy rules. However, a key benefit of our approach is that both conflicting actions and influence of actions are considered. We focus on the problem of harmonizing self-adaptation capability by detecting and further resolving policy conflicts using action-level meta rule and value-level meta rule. Finally, this paper illustrates the efficiency of the approach in a VOD system as a case study, and discusses our future plans.

Ziyi Su,Frederique Biennier

DOI: https://doi.org/10.48550/arXiv.1305.1727

2013-05-08

Cryptography and Security

Abstract:In an open information systems paradigm, real-time context-awareness is vital for the success of cooperation, therefore dynamic security attributes of partners should considered in coalition for avoiding security conflicts. Furthermore, the cross-boundary asset sharing activities and risks associated to loss of governance call for a continuous regulation of partners' behavior, paying attention to the resource sharing and consuming activities. This paper describes an attribute-based usage control policy shceme compline to this needs. A concise syntax with EBNF is used to summarize the base policy model. The semantics of negotiation process is disambiguated with abductive constraint logic programming (ACLP) and Event Calculus (EC). Then we propose a policy ratification method based on a policy aggregation algebra that elaborate the request space and policy rule relation. This method ensures that, when policies are aggregated due to resource sharing and merging activities, the resulting policy correctly interprets the original security goals of the providers' policies.

Nguyen Minh Hoang,Ha Xuan Son

DOI: https://doi.org/10.1145/3309074.3309097

2019-01-01

Abstract:Access control is a security technique that specifies access rights to resources in a cloud computing environment. As information in cloud systems nowadays become more complex, it plays an important role in authenticating and authorizing users and preventing an attacker from targeting sensitive information. However, in recent years, with the popularity of the Internet as social network, IoTs which deploy in cloud platforms for sharing data in real-time, more and more challenges have been exposed. For example, the access control mechanism must be able to guarantee fine-grained access control, privacy protection, conflicts and redundancies handle between rules of the same policy or between different policies. In this paper, we proposed an access control model based on attribute that incorporates a policy model based on the combining algorithm and prioritization of functions to resolve conflicts at a fine-grained level called "Dynamic model for fine-grained policy conflict resolution". Experiments are carried out to illustrate the relationship between the processing time for the traditional approach (single policy, multi-policy without priority) and our approach (multi-policy with priority). Experimental results show that the evaluation performance satisfies the privacy requirements defined by the user.