What can machines know?: On the properties of knowledge in distributed systems
Journal of the ACM (JACM)
A calculus for access control in distributed systems
ACM Transactions on Programming Languages and Systems (TOPLAS)
Reasoning about knowledge
CCS '99 Proceedings of the 6th ACM conference on Computer and communications security
Modal logic
Flexible support for multiple access control policies
ACM Transactions on Database Systems (TODS)
Delegation logic: A logic-based approach to distributed authorization
ACM Transactions on Information and System Security (TISSEC)
Distributed credential chain discovery in trust management
Journal of Computer Security
Binder, a Logic-Based Security Language
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
SD3: A Trust Management System with Certified Evaluation
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Belief, information acquisition, and trust in multi-agent systems: a modal logic formulation
Artificial Intelligence
Distributed Proving in Access-Control Systems
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Provenance-Aware Tracing ofWorm Break-in and Contaminations: A Process Coloring Approach
ICDCS '06 Proceedings of the 26th IEEE International Conference on Distributed Computing Systems
Design and Semantics of a Decentralized Authorization Language
CSF '07 Proceedings of the 20th IEEE Computer Security Foundations Symposium
Alpaca: extensible authorization for distributed services
Proceedings of the 14th ACM conference on Computer and communications security
Provenance and scientific workflows: challenges and opportunities
Proceedings of the 2008 ACM SIGMOD international conference on Management of data
CSF '08 Proceedings of the 2008 21st IEEE Computer Security Foundations Symposium
Trojan horse resistant discretionary access control
Proceedings of the 14th ACM symposium on Access control models and technologies
A modal deconstruction of access control logics
FOSSACS'08/ETAPS'08 Proceedings of the Theory and practice of software, 11th international conference on Foundations of software science and computational structures
Efficient proving for practical distributed access-control systems
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
Tracking and constraining authorization provenance
IEA/AIE'12 Proceedings of the 25th international conference on Industrial Engineering and Other Applications of Applied Intelligent Systems: advanced research in applied artificial intelligence
Hi-index | 0.00 |
In distributed environments, statements from a number of principals, besides the central trusted party, may influence the derivations of authorization decisions. However, existing authorization logics put few emphasis on this set of principals - authorization provenance. Reasoning about provenance enables to (1) defend against a class of attacks, (2) understand and analyze authorizations and the status of policy bases, and (3) obtain potentially efficient logging and auditing guided by provenance information. This paper presents the design and applications of a provenance-enabled authorization logic, called DBT. More specifically, we give a sound and complete axiomatic system of DBT. We also examine a class of provenance-aware policy bases and queries. One can syntactically extract provenance information from the structure of these queries if they are evaluated positively in provenance-aware policy bases. Finally, two case studies are presented to demonstrate possible applications of DBT.