DKAL: Distributed-Knowledge Authorization Language

Gurevich, Yuri; Neeman, Itay

doi:10.1109/csf.2008.8

Cited by 79 publications

(102 citation statements)

References 12 publications

Supporting

Mentioning

102

Contrasting

Order By: Relevance

“…In what follows we focus on one logical construct that has often been used in this context, says (e.g., [2,6,8,12,13,20,22,29,33,43,46,48,54,63]). The formula p says s represents that principal p makes statement s. This statement may simply be a request for an operation.…”

Section: Saying Predicatesmentioning

confidence: 99%

“…Several of these languages rely on concepts and techniques from logic, specifically from logic programming: D1LP [48], SD3 [42], RT [50], Binder [22], Soutei [54],Sec-PAL [13], and DKAL [33]. Other languages such as SDSI [55], SPKI [23], and XrML 2.0 [62] include related ideas though typically with less generality.…”

Section: From Logics To Languagesmentioning

confidence: 99%

“…Languages for access control aim to support the practical expression and the enforcement of policies (e.g., [13,16,17,22,23,33,42,48,50,54,55,61,62]). The languages are general and flexible enough for programming a wide range of policies-for example, in file systems and for digital rights management.…”

Section: From Logics To Languagesmentioning

confidence: 99%

See 2 more Smart Citations

Logic in Access Control (Tutorial Notes)

Abadi

2009

Foundations of Security Analysis and Design V

View full text Add to dashboard Cite

Abstract. Access control is central to security in computer systems. Over the years, there have been many efforts to explain and to improve access control, sometimes with logical ideas and tools. This paper is a partial survey and discussion of the role of logic in access control. It considers logical foundations for access control and their applications, in particular in languages for security policies. It focuses on some specific logics and their properties. It is intended as a written counterpart to a tutorial given at the 2009 International School on Foundations of Security Analysis and Design.

show abstract

Section: Saying Predicatesmentioning

confidence: 99%

Section: From Logics To Languagesmentioning

confidence: 99%

See 1 more Smart Citation

Logic in Access Control (Tutorial Notes)

Abadi

2009

Foundations of Security Analysis and Design V

View full text Add to dashboard Cite

show abstract

“…While subterfuge is concerned with how an attacker can interfere with a target's policy certificates, probing-free authorization [2,3,14] is concerned with determining what an attacker can infer about hidden policy certificates when making queries. Both subterfuge and probing are effectively concerned with determining whether information flows [15,19,21] from one principal to another as a result of using the delegation system.…”

Section: Related Workmentioning

confidence: 99%

Noninterference Analysis of Delegation Subterfuge in Distributed Authorization Systems

Foley

2013

Trust Management VII

View full text Add to dashboard Cite

Abstract.A principal carrying out a delegation may not be certain about the state of its delegation graph as it may have been perturbed by an attacker. This perturbation may come about from the attacker concealing the existence of selected delegation certificates and/or injecting new delegation certificates. As a consequence of this delegation subterfuge the principal may violate its own policy that guides delegation actions. This paper considers the verification of the absence of subterfuge in systems that accept and issue delegation certificates. It is argued that this absence of subterfuge is not a safety property and a non-interference style security-property based interpretation is proposed.

show abstract

“…The development of DKAL (Distributed-Knowledge Authorization Language) [17], another logic-based language, was based on SecPAL, and had the goal to remove a potential information leak problem and to increase expressivity by allowing the free use of functions. Apart from the use of function symbols, the main difference to SecPAL is that communication is targeted, i.e.…”

Section: Other Logic-based Authorization and Trust Policy Languagesmentioning

confidence: 99%

A Case Study in Decentralized, Dynamic, Policy-Based, Authorization and Trust Management – Automated Software Distribution for Airplanes

Hartmann

Maidl

Oheimb

et al. 2011

Security and Trust Management

View full text Add to dashboard Cite

Abstract. We apply SecPAL, a logic-based policy language for decentralized authorization and trust management, to our case study of automated software distribution for airplanes. In contrast to established policy frameworks for authorization like XACML, SecPAL offers constructs to express trust relationships and delegation explicitly and to form chains of trusts. We use these constructs in our case study to specify and reason about dynamic, ad-hoc trust relationships between airlines and contractors of suppliers of software that has to be loaded into airplanes.Keywords: Authorization, trust management, security-tokens, logic, softwaredistribution 1 Why do we need dynamic, decentralized authorization and trust management?Electronically collaboration increasingly takes place not only within security domains, but between enterprises and individuals with no pre-established trust relationships. The application areas comprise industrial applications, energy management and distribution, transportation systems, healthcare, and many others. The use case we focus on is the distribution of software 'parts' to airplanes. The challenge is not only to transport such software parts from the airline to the airplane, but that a range of other parties -suppliers, the airplane manufacturer, and service providers -are involved. There is a strong security requirement that only unmodified parts that have been released by trusted producers are loaded into the airplane.Triggered by the increasing demand for electronic communication and collaboration over the Internet, there is also a strong trend towards using standard protocols and frameworks as a uniform interface to existing computer systems and programming frameworks, based on standardized XML messages that are exchanged

show abstract

DKAL: Distributed-Knowledge Authorization Language

Cited by 79 publications

References 12 publications

Logic in Access Control (Tutorial Notes)

Logic in Access Control (Tutorial Notes)

Noninterference Analysis of Delegation Subterfuge in Distributed Authorization Systems

A Case Study in Decentralized, Dynamic, Policy-Based, Authorization and Trust Management – Automated Software Distribution for Airplanes

Contact Info

Product

Resources

About