next up previous
Next: Applications of logic Up: Applications of Logic Previous: Applications of Logic

Applications of logic programming to security in heterogeneous/federated databases

In collaboration with Prof. V. S. Subrahmanian (University of Maryland at College Park) in the framework of the HERMES project, a formal framework for integrating heterogeneous security policies in a mandatory framework has been developed [8]. Two provably correct algorithmic approaches to this problem have been introduced, based on logic programming and graph algorithms, respectively. The computational complexity of various relaxation methods for interoperability constraints has been studied; we have provided algorithms for the tractable cases.

The problem of integrating heterogeneous security specifications in a discretionary, role based framework is being tackled in collaboration with Prof. Elisa Bertino (University of Milano). The specification model is independent from the database model, and hence it applies to many kinds of heterogeneous databases. Authorizations are periodic; their validity is specified through periodic temporal expressions. Authorizations can be inherited according to role and object hierarchies; this aspect involves subtle technical difficulties, with no counterpart in the literature (we are dealing with non-stratified logic programs, which in general have bad computational properties). Formal methods to merge heterogeneous hierarchies without violating the security of data are being developed.



Matteo Baldoni
Mon Jan 26 18:45:29 MET 1998