Sciweavers

CSFW
2010
IEEE

Constraining Credential Usage in Logic-Based Access Control

14 years 4 months ago
Constraining Credential Usage in Logic-Based Access Control
—Authorization logics allow concise specification of flexible access-control policies, and are the basis for logic-based access-control systems. In such systems, resource owners issue credentials to specify policies, and the consequences of these policies are derived using logical inference rules. Proofs in authorization logics can serve as capabilities for gaining access to resources. Because a proof is derived from a set of credentials possibly issued by different parties, the issuer of a specific credential may not be aware of all the proofs that her credential may make possible. From this credential issuer’s standpoint, the policy expressed in her credential may thus have unexpected consequences. To solve this general problem, we propose a system in which credentials can specify constraints on how they are to be used. We show how to modularly extend wellstudied authorization logics to support the specification and enforcement of such constraints. A novelty of our design is ...
Lujo Bauer, Limin Jia, Divya Sharma
Added 15 Aug 2010
Updated 15 Aug 2010
Type Conference
Year 2010
Where CSFW
Authors Lujo Bauer, Limin Jia, Divya Sharma
Comments (0)