Abstract: Security policy is the key of access control, and the description, authentication and execution of policy can not be realized without authorization language. In practice, the existing authorization languages are not well adapted to the complex and dynamic nature of security requirements and can not provide enough support for access control model. This paper proposed a logical authorization language based on attribute and subject operation-object stratification(SOCKSAL). Based on first order logic,SOOSAL describes the subject,operation,and object by predication, and the relationship of these by rules. In addition, policy was classified into closed world policy and open world policy from the logic point of view of the world and a simple solution was given under security discussion of the two types of policies. Our experimental results show that SOOSAL has a strong descriptive power, and can achieve the policy of dynamic change and support different security requirements and authority principle better.

Key words: Authorization language, Logic, Attribute, Stratification