Design and semantics of a decentralized authorization language

Proceedings - IEEE Computer Security Foundations Symposium

Volumn , Issue , 2007, Pages 3-15

  Becker, Moritz Y ^a   Fournet, Cédric ^a   Gordon, Andrew D ^a  

^a MICROSOFT RESEARCH   (United Kingdom)

Author keywords

[No Author keywords available]

Indexed keywords

CONSTRAINT THEORY; DATA REDUCTION; IMAGE RESOLUTION; QUERY LANGUAGES;

DECENTRALIZED AUTHORIZATION LANGUAGE; EXECUTION EFFICIENCY;

SEMANTICS;

EID: 35048879241     PISSN: 19401434     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/CSF.2007.18     Document Type: Conference Paper

References (50)

1. M. Abadi. On SDSI's linked local name spaces. Journal of Computer Security, 6(1-2):3-22, 1998.
2. M. Abadi, M. Burrows, B. Lampson, and G. Plotkin. A calculus for access control in distributed systems. ACM Transactions on Programming Languages and Systems, 15(4):706-734, 1993.
3. S. Abiteboul, R. Hull, and V. Vianu. Foundations of Databases. Addison-Wesley, 1995.
4. O. Bandmann, B. S. Firozabadi, and M. Dam. Constrained delegation. In IEEE Symposium on Security and Privacy, pages 131-140, 2002.
5. S. Barker and P. J. Stuckey. Flexible access control policy specification with constraint logic programming. ACM Trans. Inf. Syst. Secur., 6(4):501-546, 2003.
6. M. Y. Becker. Cassandra: Flexible trust management and its application to electronic health records (Ph.D. thesis). Technical Report UCAM-CL-TR-648, University of Cambridge, Computer Laboratory, 2005. See http://www.cl.cam.ac.uk/ TechReports/UCAM-CL-TR-648.html.
7. M. Y. Becker, C. Fournet, and A. D. Gordon. Sec-PAL: Design and semantics of a decentralized authorization language. Technical report, Microsoft Research, 2006.research.microsoft.com/research/pubs/view.aspx?tr_id=1166.
8. M. Y. Becker and S. Nanz. A logic for state-modifying authorization policies. Technical Report MSR-TR-2007-32, Microsoft Research, 2007. research.microsoft.com/research/pubs/view.aspx?tr_id=1274.
9. M. Y Becker and P. Sewell. Cassandra: distributed access control policies with tunable expressiveness. In IEEE 5th International Workshop on Policies for Distributed Systems and Networks, pages 159-168, 2004.
10. M. Y. Becker and P. Sewell. Cassandra: Flexible trust management, applied to electronic health records. In IEEE Computer Security Foundations Workshop, pages 139-154, 2004.
11. D. E. Bell and L. J. LaPadula. Secure computer systems: Unified exposition and Multics interpretation. Technical report, The MITRE Corporation, July 1975.
12. E. Bertino, C. Bettini, E. Ferrari, and P. Samarati. An access control model supporting periodicity constraints and temporal reasoning. ACM Trans. Database Syst., 23(3), 1998.
13. E. Bertino, C. Bettini, and P. Samarati. A temporal authorization model. In CCS '94: Proceedings of the 2nd ACM Conference on Computer and communications security, pages 126-135, New York, NY, USA, 1994. ACM Press.
14. E. Bertino, B. Catania, E. Ferrari, and P. Perlasca. A logical framework for reasoning about access control models. In SACMAT '01: Proceedings of the sixth ACM symposium on Access control models and technologies, pages 41-52, New York, NY, USA, 2001. ACM Press.
15. M. Blaze, J. Feigenbaum, and A. D. Keromytis. The role of trust management in distributed systems security. In Secure Internet Programming, pages 185-210, 1999.
16. M. Blaze, J. Feigenbaum, and J. Lacy. Decentralized trust management. In IEEE Symposium on Security and Privacy, pages 164-173, 1996.
17. S. Ceri, G. Gottlob, and L. Tanca. What you always wanted to know about Datalog (and never dared to ask). IEEE Transactions on Knowledge and Data Engineering, 1(1):146-166, 1989.
18. D. Chadwick. Authorisation in Grid Computing. Information Security Technical Report, 10(1):33-40, 2005.
19. W. Chen and D. S. Warren. Tabled evaluation with delaying for general logic programs. Journal of the ACM, 43(1):20-74, 1996.
20. ContentGuard. eXtensible rights Markup Language (XrML) 2.0 specification part II: core schema, 2001. At www.xrml.org.
21. E. Dantsin, T. Eiter, G. Gottlob, and A. Voronkov. Complexity and expressive power of logic programming. In CCC '97: Proceedings of the 12th Annual IEEE Conference on Computational Complexity, page 82, Washington, DC, USA, 1997. IEEE Computer Society.
22. J. DeTreville. Binder, a logic-based security language. In IEEE Symposium on Security and Privacy, pages 105-113, 2002.
23. S. D. C. di Vimercati, P. Samarati, and S. Jajodia. Policies, models, and languages for access control. In Databases in Networked Information Systems, volume 3433, pages 225-237, 2005.
24. S. W. Dietrich. Extension tables: Memo relations in logic programming. In Symposium on Logic Programming, pages 264-272, 1987.
25. B. Dillaway. A unified approach to trust, delegation, and authorization in large-scale grids. Whitepaper, Microsoft Corporation. See http://research.microsoft.com/projects/SecPAL/, Sept. 2006.
26. C. M. Ellison, B. Frantz, B. Lampson, R. Rivest, B. Thomas, and T. Ylonen. SPKI certificate theory, RFC 2693, September 1999. See http://www.ietf.org/rfc/rfc2693.txt.
27. M. Evered and S. Bögeholz. A case study in access control requirements for a health information system. In CRPIT '04: Proceedings of the second workshop on Australasian information security, Data Mining and Web Intelligence, and Software Internationalisation, pages 53-61, 2004.
28. L. Giuri and P. Iglio. Role templates for content-based access control. In Proceedings of the 2nd ACM Workshop on Role-Based Access Control (RBAC-97), pages 153-159, 1997.
29. J. Y. Halpern and V. Weissman. Using first-order logic to reason about policies. In IEEE Computer Security Foundations Workshop, pages 187-201, 2003.
30. J. Y. Halpern and V. Weissman. A formal foundation for XrML. In CSFW '04: Proceedings of the 17th IEEE Computer Security Foundations Workshop (CSFW'04), page 251, Washington, DC, USA, 2004. IEEE Computer Society.
31. P. Humenn. The formal semantics of XACML (draft). Syracuse University, 2003. At lists.oasis-open.org/archives/xacml/200310/pdf00000.pdf.
32. J. Jaffar and M. J. Maher. Constraint logic programming: a survey. Journal of Logic Programming, 19/20:503-581, 1994.
33. S. Jajodia, P. Samarati, M. L. Sapino, and V. S. Subrahmanian. Flexible support for multiple access control policies. ACM Trans. Database Syst., 26(2):214-260, 2001.
34. T. Jim. SD3: A trust management system with certified evaluation. In Proceedings of the 2001 IEEE Symposium on Security and Privacy, pages 106-115, 2001.
35. B. Lampson, M. Abadi, M. Burrows, and E. Wobber. Authentication in distributed systems: theory and practice. ACM Transactions on Computer Systems, 10(4):265-310, 1992.
36. N. Li, B. Grosof, and J. Feigenbaum. A practically implementable and tractable delegation logic. In IEEE Symposium on Security and Privacy, pages 27-42, 2000.
37. N. Li and J. Mitchell. Understanding SPKI/SDSI using first-order logic. In Computer Security Foundations Workshop, 2003.
38. N. Li and J. C. Mitchell. Datalog with constraints: A foundation for trust management languages. In Proc. PADL, pages 58-73, 2003.
39. N. Li, J. C. Mitchell, and W. H. Winsborough. Design of a role-based trust management framework. In Proceedings of the 2002 IEEE Symposium on Security and Privacy, pages 114-130, 2002.
40. E. C. Lupu and M. Sloman. Reconciling role-based management and role-based access control. In ACM Workshop on Role-based Access Control, pages 135-141, 1997.
41. OASIS, eXtensible Access Control Markup Language (XACML) Version 2.0 core specification, 2005. At www.oasis-open.org/committees/xacml/.
42. P. Revesz. Introduction to constraint databases. Springer-Verlag New York, Inc., New York, NY, USA, 2002.
43. P. Z. Revesz. Constraint databases: A survey. In Semantics in Databases, volume 1358 of Lecture Notes in Computer Science, pages 209-246. Springer, 1995.
44. R. L. Rivest and B. Lampson. SDSI - A simple distributed security infrastructure, August 1996. See http://theory.lcs.mit.edu/~rivest/sdsi10.ps.
45. H. Tamaki and T. Sato. OLD resolution with tabulation. In Proceedings on Third international conference on logic programming, pages 84-98, New York, NY, USA, 1986. Springer-Verlag New York, Inc.
46. D. Toman. Memoing evaluation for constraint extensions of Datalog. Constraints, 2(3/4):337-359, 1997.
47. J. D. Ullman. Assigning an appropriate meaning to database logic with negation. In H. Yamada, Y. Kambayashi, and S. Ohta, editors, Computers as Our Better Partners, pages 216-225. World Scientific Press, 1994.
48. L. Wang, D. Wijesekera, and S. Jajodia. A logic-based framework for attribute based access control. In FMSE '04: Proceedings of the 2004 ACM workshop on Formal methods in security engineering, pages 45-55, 2004.
49. V. Welch, I. Foster, T. Scavo, F. Siebenlist, and C. Catlett. Scaling TeraGrid access: A roadmap for attribute-based authorization for a large cyberinfrastructure (draft August 24). 2006. http://gridshib.globus.org/docs/tg- paper/TG-Attribute-Authz-Roadmap-draft-aug24.pdf.
50. V. Welch, F. Siebenlist, I. Foster, J. Bresnahan, K. Czajkowski, J. Gawor, C. Kesselman, S. Meder, L. Pearlman, and S. Tuecke. Security for grid services. In HPDC '03: Proceedings of the 12th IEEE International Symposium on High Performance Distributed Computing (HPDC'03), page 48, 2003.