A Logic for Authorization Provenance
In distributed environments, statements from a number of princi pals, besides the central trusted party, may influence the derivations of authorization decisions. However, existing authorization logics put few emphasis on this set of principals - authorization prove nance. Reasoning about provenance enables to (1) defend against a class of attacks, (2) understand and analyze authorizations and the status of policy bases, and (3) obtain potentially efficient log ging and auditing guided by provenance information. This paper presents the design and applications of a provenanceenabled au thorization logic, called DBT. More specifically, we give a sound and complete axiomatic system of DBT. We also examine a class of provenance-aware policy bases and queries. One can syntactically extract provenance information from the structure of these queries if they are evaluated positively in provenance-aware policy bases. Finally, two case studies are presented to demonstrate possible ap plications of DBT.
Authorization Provenance Authorization Logic
Jinwei Hu Yan Zhang Ruixuan Li Zhengding Lu
Intelligent and Distributing Computing Laboratory, College of Computer Science and Technology Huazho Intelligent Systems Laboratory, School of Computing and Mathematics University of Western Sydney, Sy Intelligent and Distributing Computing Laboratory, College of Computer Science and Technology Huazho
国际会议
北京
英文
238-249
2010-04-13(万方平台首次上网日期,不代表论文的发表时间)