智能与分布计算实验室

A Logic for Authorization Provenance

出版社:
  • 会议名称:The 5th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2010)
  • 举办地点:Beijing,China
  • 举办日期:April 2010
  • 页数:238-249
摘要内容:

In distributed environments, statements from a number of princi-pals, besides the central trusted party, may in?uence the derivationsof authorization decisions. However, existing authorization logicsput few emphasis on this set of principals - authorization prove-nance. Reasoning about provenance enables to (1) defend againsta class of attacks, (2) understand and analyze authorizations andthe status of policy bases, and (3) obtain potentially ef?cient log-ging and auditing guided by provenance information. This paperpresents the design and applications of a provenance-enabled au-thorization logic, called DBT. More speci?cally, we give a soundand complete axiomatic system of DBT.We also examine a class ofprovenance-aware policy bases and queries. One can syntacticallyextract provenance information from the structure of these queriesif they are evaluated positively in provenance-aware policy bases.Finally, two case studies are presented to demonstrate possible ap-plications of DBT.

关键词:
  • Authorization Provenance;Authorization Logic