Implementation of logical query languages for databases
ACM Transactions on Database Systems (TODS)
Decidable optimization problems for database logic programs
STOC '88 Proceedings of the twentieth annual ACM symposium on Theory of computing
Cognitive dimensions of notations
Proceedings of the fifth conference of the British Computer Society, Human-Computer Interaction Specialist Group on People and computers V
A calculus for access control in distributed systems
ACM Transactions on Programming Languages and Systems (TOPLAS)
A lattice model of secure information flow
Communications of the ACM
The role of trust management in distributed systems security
Secure Internet programming
Certificate chain discovery in SPKI?SDSI
Journal of Computer Security
What You Always Wanted to Know About Datalog (And Never Dared to Ask)
IEEE Transactions on Knowledge and Data Engineering
Foundations of Secure Deductive Databases
IEEE Transactions on Knowledge and Data Engineering
DATALOG with Constraints: A Foundation for Trust Management Languages
PADL '03 Proceedings of the 5th International Symposium on Practical Aspects of Declarative Languages
Declarative Semantics of Hypothetical Logic Programming with Negation as Failure
ELP '92 Proceedings of the Third International Workshop on Extensions of Logic Programming
The inference problem: a survey
ACM SIGKDD Explorations Newsletter
Design of a Role-Based Trust-Management Framework
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Binder, a Logic-Based Security Language
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
A Practically Implementable and Tractable Delegation Logic
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
SD3: A Trust Management System with Certified Evaluation
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Reasoning About Knowledge
Cassandra: Distributed Access Control Policies with Tunable Expressiveness
POLICY '04 Proceedings of the Fifth IEEE International Workshop on Policies for Distributed Systems and Networks
Cassandra: Flexible Trust Management, Applied to Electronic Health Records
CSFW '04 Proceedings of the 17th IEEE workshop on Computer Security Foundations
Safety in automated trust negotiation
ACM Transactions on Information and System Security (TISSEC)
Design and Semantics of a Decentralized Authorization Language
CSF '07 Proceedings of the 20th IEEE Computer Security Foundations Symposium
DKAL: Distributed-Knowledge Authorization Language
CSF '08 Proceedings of the 2008 21st IEEE Computer Security Foundations Symposium
ACM Transactions on Information and System Security (TISSEC)
Opacity generalised to transition systems
International Journal of Information Security
The role of abduction in declarative authorization policies
PADL'08 Proceedings of the 10th international conference on Practical aspects of declarative languages
Abductive authorization credential gathering
POLICY'09 Proceedings of the 10th IEEE international conference on Policies for distributed systems and networks
Information Flow in Credential Systems
CSF '10 Proceedings of the 2010 23rd IEEE Computer Security Foundations Symposium
Language-based information-flow security
IEEE Journal on Selected Areas in Communications
Hi-index | 0.00 |
This article proposes a systematic study of information flow in credential-based declarative authorization policies. It argues that a treatment in terms of information flow is needed to adequately describe, analyze and mitigate a class of probing attacks which allow an adversary to infer any confidential fact within a policy. Two information flow properties that have been studied in the context of state transition systems, non-interference and opacity, are reformulated in the current context of policy languages. A comparison between these properties reveals that opacity is the more useful, and more general of the two; indeed, it is shown that non-interference can be stated in terms of opacity. The article then presents an inference system for non-opacity or detectability, in Datalog-based policies. Finally, a pragmatic method is presented, based on a mild modification of the mechanics of delegation, for preventing a particularly dangerous kind of probing attack that abuses delegation of authority.