Sciweavers

CCS
2010
ACM

A logic for authorization provenance

14 years 6 months ago
A logic for authorization provenance
In distributed environments, statements from a number of principals, besides the central trusted party, may influence the derivations of authorization decisions. However, existing authorization logics put few emphasis on this set of principals - authorization provenance. Reasoning about provenance enables to (1) defend against a class of attacks, (2) understand and analyze authorizations and the status of policy bases, and (3) obtain potentially efficient logging and auditing guided by provenance information. This paper presents the design and applications of a provenance-enabled authorization logic, called DBT. More specifically, we give a sound and complete axiomatic system of DBT. We also examine a class of provenance-aware policy bases and queries. One can syntactically extract provenance information from the structure of these queries if they are evaluated positively in provenance-aware policy bases. Finally, two case studies are presented to demonstrate possible applications ...
Jinwei Hu, Yan Zhang, Ruixuan Li, Zhengding Lu
Added 18 May 2010
Updated 18 May 2010
Type Conference
Year 2010
Where CCS
Authors Jinwei Hu, Yan Zhang, Ruixuan Li, Zhengding Lu
Comments (0)