{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,28]],"date-time":"2025-10-28T00:27:12Z","timestamp":1761611232039,"version":"3.41.0"},"reference-count":60,"publisher":"Association for Computing Machinery (ACM)","issue":"1","license":[{"start":{"date-parts":[[2008,10,1]],"date-time":"2008-10-01T00:00:00Z","timestamp":1222819200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Inf. Syst. Secur."],"published-print":{"date-parts":[[2008,10]]},"abstract":"Despite their widespread adoption, Role-based Access Control (RBAC) models exhibit certain shortcomings that make them less than ideal for deployment in, for example, distributed access control. In the distributed case, standard RBAC assumptions (e.g., of relatively static access policies, managed by human users, with complete information available about users and job functions) do not necessarily apply. Moreover, RBAC is restricted in the sense that it is based on one type of ascribed status, an assignment of a user to a role. In this article, we introduce the status-based access control (SBAC) model for distributed access control. The SBAC model (or family of models) is based on the notion of users having an action status as well as an ascribed status. A user's action status is established, in part, from a history of events that relate to the user; this history enables changing access policy requirements to be naturally accommodated. The approach can be implemented as an autonomous agent that reasons about the events, actions, and a history (of events and actions), which relates to a requester for access to resources, in order to decide whether the requester is permitted the access sought. We define a number of algebras for composing SBAC policies, algebras that exploit the language that we introduce for SBAC policy representation: identification-based logic programs. The SBAC model is richer than RBAC models and the policies that can be represented in our approach are more expressive than the policies admitted by a number of monotonic languages that have been hitherto described for representing distributed access control requirements. Our algebras generalize existing algebras that have been defined for access policy composition. We also describe an approach for the efficient implementation of SBAC policies.<\/jats:p>","DOI":"10.1145\/1410234.1410235","type":"journal-article","created":{"date-parts":[[2008,11,6]],"date-time":"2008-11-06T13:49:43Z","timestamp":1225979383000},"page":"1-47","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":24,"title":["Status-Based Access Control"],"prefix":"10.1145","volume":"12","author":[{"given":"Steve","family":"Barker","sequence":"first","affiliation":[{"name":"King's College London"}]},{"given":"Marek J.","family":"Sergot","sequence":"additional","affiliation":[{"name":"Imperial College London"}]},{"given":"Duminda","family":"Wijesekera","sequence":"additional","affiliation":[{"name":"George Mason University"}]}],"member":"320","published-online":{"date-parts":[[2008,10]]},"reference":[{"key":"e_1_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/155183.155225"},{"volume-title":"A Semantic Web Primer","author":"Antoniou G.","key":"e_1_2_1_2_1","unstructured":"Antoniou , G. and van Harmelen , F. 2004. A Semantic Web Primer . MIT Press . Antoniou, G. and van Harmelen, F. 2004. A Semantic Web Primer. MIT Press."},{"volume-title":"From Logic Programming to Prolog","author":"Apt K.","key":"e_1_2_1_3_1","unstructured":"Apt , K. 1997. From Logic Programming to Prolog . Prentice Hall . Apt, K. 1997. From Logic Programming to Prolog. Prentice Hall."},{"key":"e_1_2_1_4_1","doi-asserted-by":"crossref","unstructured":"Apt K. and Bezem M. 1991. Acyclic programs. New Generation Comput. 9 3\/4 335--364. Apt K. and Bezem M. 1991. Acyclic programs. New Generation Comput. 9 3\/4 335--364.","DOI":"10.1007\/BF03037168"},{"key":"e_1_2_1_5_1","doi-asserted-by":"crossref","unstructured":"Apt K. R. and Blair H. 1990. Arithmetic classification of perfect models of stratified programs. XIII 1--17. Apt K. R. and Blair H. 1990. Arithmetic classification of perfect models of stratified programs. XIII 1--17.","DOI":"10.3233\/FI-1990-13103"},{"key":"e_1_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/581271.581276"},{"key":"e_1_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1016\/0743-1066(94)90025-6"},{"key":"e_1_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/1014007.1014026"},{"key":"e_1_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10990-008-9030-8"},{"key":"e_1_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/950191.950194"},{"volume-title":"Proceedings of the International Workshop on Policies for Distributed Systems and Networks (POLICY'04)","author":"Becker M.","key":"e_1_2_1_11_1","unstructured":"Becker , M. and Sewell , P . 2004. Cassandra: Distributed access control policies with tunable expressiveness . In Proceedings of the International Workshop on Policies for Distributed Systems and Networks (POLICY'04) , 159--168. Becker, M. and Sewell, P. 2004. Cassandra: Distributed access control policies with tunable expressiveness. In Proceedings of the International Workshop on Policies for Distributed Systems and Networks (POLICY'04), 159--168."},{"key":"e_1_2_1_12_1","doi-asserted-by":"crossref","unstructured":"Bell D. E. and LaPadula L. J. 1976. Secure computer system: Unified exposition and multics interpretation. MITRE-2997. Bell D. E. and LaPadula L. J. 1976. Secure computer system: Unified exposition and multics interpretation. MITRE-2997 .","DOI":"10.21236\/ADA023588"},{"key":"e_1_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/293910.293151"},{"key":"e_1_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/344287.344298"},{"key":"e_1_2_1_15_1","unstructured":"Bertino E. Catania B. and Zarri G. 2001. Intelligent Database Systems. Addison Wesley. Bertino E. Catania B. and Zarri G. 2001. Intelligent Database Systems . Addison Wesley."},{"key":"e_1_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSMCA.2006.871796"},{"key":"e_1_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/504909.504910"},{"volume-title":"IEEE Symposium on Security and Privacy (SP'89)","author":"Brewer D. F. C.","key":"e_1_2_1_18_1","unstructured":"Brewer , D. F. C. and Nash , M. J . 1989. The Chinese Wall security policy . In IEEE Symposium on Security and Privacy (SP'89) , 206--214. Brewer, D. F. C. and Nash, M. J. 1989. The Chinese Wall security policy. In IEEE Symposium on Security and Privacy (SP'89), 206--214."},{"key":"e_1_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/227595.227597"},{"key":"e_1_2_1_20_1","unstructured":"Ciao 2004. The Ciao Prolog System. Ciao 2004. The Ciao Prolog System ."},{"key":"e_1_2_1_21_1","first-page":"293","volume-title":"Logic and Databases","author":"Clark K.","unstructured":"Clark , K. 1978. Negation as failure . In H. Gallaire and J. Minker (Eds.), Logic and Databases , pp. 293 -- 322 . Plenum . Clark, K. 1978. Negation as failure. In H. Gallaire and J. Minker (Eds.), Logic and Databases, pp. 293--322. Plenum."},{"key":"e_1_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.5555\/512756.512758"},{"key":"e_1_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/249978.249980"},{"key":"e_1_2_1_24_1","volume-title":"Proceedings of the 1st International Workshop on Security and Trust Management (STM'05)","author":"Czenko M.","year":"2005","unstructured":"Czenko , M. , Tran , H. , Doumen , J. , Etalle , S. , Hartel , S. , and den Hartog , J. 2005 . Nonmonotonic Trust Management for P2P applications . In Proceedings of the 1st International Workshop on Security and Trust Management (STM'05) , 101--116. Czenko, M., Tran, H., Doumen, J., Etalle, S., Hartel, S., and den Hartog, J. 2005. Nonmonotonic Trust Management for P2P applications. In Proceedings of the 1st International Workshop on Security and Trust Management (STM'05), 101--116."},{"key":"e_1_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1109\/TKDE.2003.1209003"},{"key":"e_1_2_1_26_1","doi-asserted-by":"crossref","unstructured":"Damianou N. Dulay N. Lupu E. and \n Sloman M\n . \n 2001\n . The Ponder Policy Specification Language. In Proceedings of the International Workshop on Policies for Distributed Systems and Networks (POLICY'01) Volume \n 1995\n of \n LNCS 18--38. \n Springer\n . Damianou N. Dulay N. Lupu E. and Sloman M. 2001. The Ponder Policy Specification Language. In Proceedings of the International Workshop on Policies for Distributed Systems and Networks (POLICY'01) Volume 1995 of LNCS 18--38. Springer.","DOI":"10.1007\/3-540-44569-2_2"},{"volume-title":"Essays on Actions and Events","author":"Davidson D.","key":"e_1_2_1_27_1","unstructured":"Davidson , D. 2001. Essays on Actions and Events . Oxford University Press . Davidson, D. 2001. Essays on Actions and Events. Oxford University Press."},{"key":"e_1_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.5555\/829514.830540"},{"volume-title":"Proceedings of the IFIP Conference on Intelligence in Communication Systems (INTELLCOMM'04)","author":"Dung P. M.","key":"e_1_2_1_29_1","unstructured":"Dung , P. M. and Thang , P. M . 2004. Trust negotiation with nonmonotonic access policies . In Proceedings of the IFIP Conference on Intelligence in Communication Systems (INTELLCOMM'04) , 70--84. Dung, P. M. and Thang, P. M. 2004. Trust negotiation with nonmonotonic access policies. In Proceedings of the IFIP Conference on Intelligence in Communication Systems (INTELLCOMM'04), 70--84."},{"key":"e_1_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1016\/0304-3975(95)00148-4"},{"key":"e_1_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/501978.501980"},{"key":"e_1_2_1_32_1","volume-title":"12th International Conference on Multi-Valued Logics, 238--246","author":"Fitting M. C.","year":"1990","unstructured":"Fitting , M. C. 1990 . Bilattices in logic programming. In G. Epstein (Ed.) , 12th International Conference on Multi-Valued Logics, 238--246 . Fitting, M. C. 1990. Bilattices in logic programming. In G. Epstein (Ed.), 12th International Conference on Multi-Valued Logics, 238--246."},{"volume-title":"Bi-lattices are nice things","author":"Fitting M. C.","key":"e_1_2_1_33_1","unstructured":"Fitting , M. C. 2006. Bi-lattices are nice things , Chapter self-reference. University of Chicago Press . Fitting, M. C. 2006. Bi-lattices are nice things, Chapter self-reference. University of Chicago Press."},{"volume-title":"R. Kowalski and K. Bowen (Eds.) In Proceedings of the 5th International Conference and Symposium on Logic Programming (JICSLP'88)","author":"Gelfond M.","key":"e_1_2_1_34_1","unstructured":"Gelfond , M. and Lifschitz , V . 1988. The stable model semantics for logic programming . In R. Kowalski and K. Bowen (Eds.) In Proceedings of the 5th International Conference and Symposium on Logic Programming (JICSLP'88) , MIT Press. 1070--1080. Gelfond, M. and Lifschitz, V. 1988. The stable model semantics for logic programming. In R. Kowalski and K. Bowen (Eds.) In Proceedings of the 5th International Conference and Symposium on Logic Programming (JICSLP'88), MIT Press. 1070--1080."},{"key":"e_1_2_1_35_1","doi-asserted-by":"crossref","unstructured":"Ginseberg M. L. 1988. Multi-valued logics. Comput. Intell. 265--316. Ginseberg M. L. 1988. Multi-valued logics. Comput. Intell. 265--316.","DOI":"10.1111\/j.1467-8640.1988.tb00280.x"},{"volume-title":"Proceedings of the IEEE Symposium on Security and Privacy (SP'00)","author":"Herzberg A.","key":"e_1_2_1_36_1","unstructured":"Herzberg , A. , Mass , Y. , Mihaeli , J. , Naor , D. , and Ravid , Y . 2000. Access control meets public key infrastructure, or: Assigning roles to strangers . In Proceedings of the IEEE Symposium on Security and Privacy (SP'00) , 2--14. Herzberg, A., Mass, Y., Mihaeli, J., Naor, D., and Ravid, Y. 2000. Access control meets public key infrastructure, or: Assigning roles to strangers. In Proceedings of the IEEE Symposium on Security and Privacy (SP'00), 2--14."},{"key":"e_1_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1007\/11552222_4"},{"key":"e_1_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/383891.383894"},{"key":"e_1_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.5555\/882495.884431"},{"key":"e_1_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1109\/TKDE.2005.1"},{"volume-title":"Proceedings of the International Workshop on Policies for Distributed Systems and Networks (POLICY'03)","author":"Kagal L.","key":"e_1_2_1_41_1","unstructured":"Kagal , L. , Finin , T. , and Johshi , A . 2003. A policy language for pervasive computing environment . In Proceedings of the International Workshop on Policies for Distributed Systems and Networks (POLICY'03) , 63--78. Kagal, L., Finin, T., and Johshi, A. 2003. A policy language for pervasive computing environment. In Proceedings of the International Workshop on Policies for Distributed Systems and Networks (POLICY'03), 63--78."},{"key":"e_1_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1007\/BF03037383"},{"key":"e_1_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1145\/605434.605438"},{"volume-title":"Proceedings of the IEEE Symposium on Security and Privacy (SP'02)","author":"Li N.","key":"e_1_2_1_44_1","unstructured":"Li , N. , Mitchell , J. C. , and Winsborough , W. H . 2002. Design of a role-based trust-management framework . In Proceedings of the IEEE Symposium on Security and Privacy (SP'02) , 114--130. Li, N., Mitchell, J. C., and Winsborough, W. H. 2002. Design of a role-based trust-management framework. In Proceedings of the IEEE Symposium on Security and Privacy (SP'02), 114--130."},{"volume-title":"Foundations of Logic Programming","author":"Lloyd J.","key":"e_1_2_1_45_1","unstructured":"Lloyd , J. 1987. Foundations of Logic Programming . Springer-Verlag . Lloyd, J. 1987. Foundations of Logic Programming. Springer-Verlag."},{"key":"e_1_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1016\/0304-3975(93)90013-J"},{"key":"e_1_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1007\/s000120050149"},{"key":"e_1_2_1_48_1","unstructured":"OASIS 2003. eXtensible Access Control Markup language (XACML). Retrieved from http:\/\/www.oasis-open.org\/xacml\/docs\/. OASIS 2003. eXtensible Access Control Markup language (XACML). Retrieved from http:\/\/www.oasis-open.org\/xacml\/docs\/."},{"key":"e_1_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1145\/984334.984339"},{"key":"e_1_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1023\/B:ELEC.0000009279.89570.27"},{"key":"e_1_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1007\/11429760_6"},{"key":"e_1_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1109\/2.485845"},{"volume-title":"Proceedings of the Second International Logic Programming Conference (ICLP'84)","author":"Tamaki H.","key":"e_1_2_1_53_1","unstructured":"Tamaki , H. and Sato , T . 1984. Unfold\/fold transformation of logic programs . In Proceedings of the Second International Logic Programming Conference (ICLP'84) , 127--138. Tamaki, H. and Sato, T. 1984. Unfold\/fold transformation of logic programs. In Proceedings of the Second International Logic Programming Conference (ICLP'84), 127--138."},{"key":"e_1_2_1_54_1","first-page":"16","volume-title":"Proceedings of the 2nd International Workshop on Trust Management (iTrust'04)","author":"Uszok A.","unstructured":"Uszok , A. , Bradshaw , M. , and Jeffers , R . 2004. KAoS semantic policy and domain services . In Proceedings of the 2nd International Workshop on Trust Management (iTrust'04) , pp. 16 -- 26 . Uszok, A., Bradshaw, M., and Jeffers, R. 2004. KAoS semantic policy and domain services. In Proceedings of the 2nd International Workshop on Trust Management (iTrust'04), pp. 16--26."},{"key":"e_1_2_1_55_1","doi-asserted-by":"publisher","DOI":"10.1016\/0022-0000(93)90024-Q"},{"key":"e_1_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.1145\/1029133.1029140"},{"key":"e_1_2_1_57_1","doi-asserted-by":"publisher","DOI":"10.1145\/501983.501990"},{"key":"e_1_2_1_58_1","doi-asserted-by":"publisher","DOI":"10.1145\/586110.586134"},{"key":"e_1_2_1_59_1","doi-asserted-by":"publisher","DOI":"10.3233\/JCS-1993-22-304"},{"key":"e_1_2_1_60_1","doi-asserted-by":"publisher","DOI":"10.1145\/1108906.1108908"}],"container-title":["ACM Transactions on Information and System Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1410234.1410235","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/1410234.1410235","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T13:29:36Z","timestamp":1750253376000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1410234.1410235"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2008,10]]},"references-count":60,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2008,10]]}},"alternative-id":["10.1145\/1410234.1410235"],"URL":"https:\/\/doi.org\/10.1145\/1410234.1410235","relation":{},"ISSN":["1094-9224","1557-7406"],"issn-type":[{"type":"print","value":"1094-9224"},{"type":"electronic","value":"1557-7406"}],"subject":[],"published":{"date-parts":[[2008,10]]},"assertion":[{"value":"2004-07-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2008-02-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2008-10-01","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}