CCS '99 Proceedings of the 6th ACM conference on Computer and communications security
Delegation logic: A logic-based approach to distributed authorization
ACM Transactions on Information and System Security (TISSEC)
A Logic-based Knowledge Representation for Authorization with Delegation
CSFW '99 Proceedings of the 12th IEEE workshop on Computer Security Foundations
Design of a Role-Based Trust-Management Framework
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Binder, a Logic-Based Security Language
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
SD3: A Trust Management System with Certified Evaluation
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Foundations of Cryptography: Volume 2, Basic Applications
Foundations of Cryptography: Volume 2, Basic Applications
Distributed Proving in Access-Control Systems
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
PeerAccess: a logic for distributed authorization
Proceedings of the 12th ACM conference on Computer and communications security
Secure context-sensitive authorization
Pervasive and Mobile Computing
Design and Semantics of a Decentralized Authorization Language
CSF '07 Proceedings of the 20th IEEE Computer Security Foundations Symposium
DKAL: Distributed-Knowledge Authorization Language
CSF '08 Proceedings of the 2008 21st IEEE Computer Security Foundations Symposium
Distributed Authorization by Multiparty Trust Negotiation
ESORICS '08 Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security
Confidentiality-preserving distributed proofs of conjunctive queries
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
Information Flow in Credential Systems
CSF '10 Proceedings of the 2010 23rd IEEE Computer Security Foundations Symposium
| Hi-index | 0.00 |
A distributed proof system is an effective way for deriving useful information by combining data from knowledge bases managed by multiple different principals across different administrative domains. As such, many researchers have proposed using these types of systems as a foundation for distributed authorization and trust management in decentralized systems. However, to account for the potentially sensitive nature of the underlying information, it is important that such proof systems be able to protect the confidentiality of the logical facts and statements. In this paper, we explore the design space of sound and safe confidentiality-preserving distributed proof systems. Specifically, we develop a framework to analyze the theoretical best-case proving power of these types of systems by analyzing confidentiality-preserving proof theories for Datalog-like languages within the context of a trusted third party evaluation model. We then develop a notion of safety based on the concept of non-deducibility and analyze the safety of several confidentiality-enforcing proof theories from the literature. The results in this paper show that the types of discretionary access control enforced by most systems on a principal-to-principal basis are indeed safe, but lack proving power when compared to other systems. Specifically, we show that a version of the Minami-Kotz (MK) proof system can prove more facts than the simple DAC system while retaining the safety property of the simple system. We further show that a seemingly-useful modification of the MK to support commutative encryption breaks the safety of the system without violating soundness.