PolicyUpdater
PolicyUpdater is a logic-based authorisation system that provides a dynamic access control mechanism for conditional policy updating as well as query evaluation. The system uses a first-order authorisation language Language L, to represent the policy base. Query evaluation works by translating Language L into a Normal Logic Program, which is suitable for evaluation using the Stable Model Semantics. Queries can then be tested against the resulting stable models.
PolicyUpdater uses Smodels, an application and library package that computes the stable models of Normal Logic Programs. PolicyUpdater is written in C++, with a wrapper library for C applications. The core system is a library (libvlad) designed to provide a mechanism for defining, updating and querying the policy base. Included in the package is the vlad application, which features a parser for translating Language L into a Normal Logic Program.
The mod_vlad module is an application of PolicyUpdater implemented as an external module for the Apache web server. The mod_vlad module provides a logic-based authorisation system as an alternative to the access control system provided by Apache's internal mod_access module.
PolicyUpdater 2 is an extension with support for authorisations with temporal attributes. The corresponding extended language, Language LT, allows expression of temporal constraints within authorisation rules by the integration of the well-known temporal interval algebra. PolicyUpdater 2 makes use of the Tribe temporal reasoner library to evaluate relations between the temporal intervals.
Publications
Please note that the copyright for the following papers may belong to the publisher of the publication. Further note that these papers may not exactly correspond to their respective referenced versions.
-
V. F. Crescini,
Implementation of a Logic-Based Access Control System with Dynamic Policy Updates and Temporal Constraints.
PhD Thesis, Univeristy of Western Sydney, 2006.
-
V. F. Crescini, Y. Zhang,
PolicyUpdater: A System for Dynamic Access Control.
International Journal of Information Security,
Vol. 5, No. 3, pp. 145-156, 2006.
-
V. F. Crescini, Y. Zhang,
A Logic Based Approach for Dynamic Access Control.
Proceedings of the 17th Australian Joint Conference on Artificial Intelligence (AI 2004) LNCS/LNAI,
Vol. 3339, pp. 623-635, Springer-Verlag, 2004.
-
V. F. Crescini, Y. Zhang, W. Wang,
Web Server Authorisation with the PolicyUpdater Access Control System.
Proceedings of the IADIS International Conference (WWW/Internet 2004),
Vol. 2, pp. 945-948, IADIS Press, 2004.
Source Code
All source code available for download from this page are released under the terms of the GNU General Public License (GPL). Copyright is retained by University of Western Sydney.
Link to GitHub project page: https://github.com/vfcrescini/vlad.
- vlad 2.0.1 Latest stable version with support for temporal constraints
- vlad 1.4.3 Stable version with full variable grounding support
- vlad 1.2.5 Old stable version with the same functionality as vlad 1.0.x series, but with clean ups and optimisations
- vlad 1.0.5 Old version that works with mod_vlad
- mod_vlad 0.3.5 Experimental Apache module. Will only work with vlad 1.0.x series. Tested with Apache 2.0.45