Sciweavers

CSFW
2008
IEEE

A Trust Management Approach for Flexible Policy Management in Security-Typed Languages

14 years 7 months ago
A Trust Management Approach for Flexible Policy Management in Security-Typed Languages
Early work on security-typed languages required that legal information flows be defined statically. More recently, techniques have been introduced that relax these assumptions and allow policies to change at run-time. For example, the Rx language uses a policy language based on RT, a trust management framework for representing authorization policies. While Rx made significant strides toward the goal of allowing policy updates in security-typed languages, in this paper we observe that certain design choices of Rx violate the privacy and autonomy requirements of principals in trust management systems, thus making decentralized control over information difficult. To address these problems, we propose RTI, a new security-typed language. In addition to avoiding prior pitfalls, RTI’s most distinguishing characteristic is that it supports fine-grained specification of security for dynamic policy. We also provide a proof of noninterference for RTI.
Sruthi Bandhakavi, William H. Winsborough, Mariann
Added 29 May 2010
Updated 29 May 2010
Type Conference
Year 2008
Where CSFW
Authors Sruthi Bandhakavi, William H. Winsborough, Marianne Winslett
Comments (0)