An ASP Framework for the Refinement of Authorization and Obligation Policies
This work addresses policy refinement for authors in security and compliance domains, but it appears incremental as it builds on existing AOPL language and Answer Set Programming methods.
The paper tackles the problem of refining authorization and obligation policies by introducing an Answer Set Programming framework that detects inconsistencies, underspecifications, and ambiguities in policies encoded in AOPL, with a focus on issues like requiring unauthorized actions.
This paper introduces a framework for assisting policy authors in refining and improving their policies. In particular, we focus on authorization and obligation policies that can be encoded in Gelfond and Lobo's AOPL language for policy specification. We propose a framework that detects the statements that make a policy inconsistent, underspecified, or ambiguous with respect to an action being executed in a given state. We also give attention to issues that arise at the intersection of authorization and obligation policies, for instance when the policy requires an unauthorized action to be executed. The framework is encoded in Answer Set Programming. Under consideration for acceptance in TPLP.