Li, N., Feigenbaum, J., and Grosof, B. 1999. A logic-based knowledge representation for authorization with delegation. In Proc. of the 12th Computer Security Foundations Workshop (Mordano, Italy, June 1999), pp. 162-174.  Home/Search   Document Details and Download   Summary   Related Articles   Check

....approach is desirable to help establish authorization policies and remove conflicts in the policies before they are integrated with other system functionalities. Currently there exist various models [9, 7, 5, 25, 12, 18, 19] explaining security properties and approaches dealing with delegations [1, 6, 15] and conflicts [14, 4] We argue that an engineering approach based on software engineering technologies can be developed to assist users and designers in better implementing the models and applying the available approaches. 2 AUTHORIZATION POLICY ENGINEERING Authorization policies in computer ....

N. Li, J. Feigenbaum, and B. N. Grosof. "A Logic-Based Knowledge Representation for Authorization with Delegation (Extended Abstract)" In Proceedings of the 12th IEEE Computer Security Foundations Workshop, IEEE Computer Society Press, June 1999, pp. 162-174. Full paper available as IBM Research Report RC21492.

....2.5. Conflict Solving SPL supports non monotonic policies, in the sense that it is able to express both positive and negative constraints at the same time. The ability to express non monotonic policies has long been recognized as very important for the expressibility of security policies [24, 25]. Notably the C2 level of TCSEC standard [14] includes this explicit requirement. The increased expressibility added by nonmonotonicity does not come without cost as it leads to potential conflicts between contradictory rules. Usually these conflicts are solved by the introduction of implicit ....

.... the rules type but also the authority of the rules issuers (i.e. rules issued by a higher authority manager override others) the specificity of the rules (often more specific rules should override more generic ones) and the issuing time of the rules (more recently rules override older ones) [2, 25]. This approach is very intuitive and natural, but it has some drawbacks. It is not unusual for a high authoritative manager to issue a rule which may be overridden by a low authoritative manager, or to express a mandatory general rule which should not be overridden. Another strategy is to ....

[Article contains additional citation context not shown here]

N. Li, J. Feigenbaum, and B. N. Grosof. A logic-based knowledge representation for authorization with delegation. In Proceeding of the 12th IEEE Computer Security Workshop. IEEE Computer Society Press, July 1999.

....the domain. This language, though a step in the right direction, is complicated because it consists of a large set of interdependent rules that the user has to fully understand in order to use. ASL does not provide explicit protocols for delegation or address delegation of obligations. Li et al. [11, 12] define a language and protocol for delegation based access control, which tends to focus on authorization based on properties of entities. It specifies a language for authorization in open systems, which allows policies, credentials and requests to be represented uniformly. This logic language ....

Ninghui Li, Joan Feigenbaum, and Benjamin Grosof. A Logic-based Knowledge Representation for Authorization with Delegation. In PCSFW: Proceedings of The 12th Computer Security Foundations Workshop. IEEE Computer Society Press, 1999.

....6.4 Idemix, Trust Management and AttributeBased Access Control Decentralized trust management, a term introduced by Blaze, Feigenbaum and Lacy [4] deals with access control and authorization in distributed environments. Di#erent trust management systems and languages have been proposed, e.g. [3, 21, 20, 19, 23, 22, 15]; a credential or certificate modeled by those systems binds a public key to attributes and or authorizations. Access control and trust establishment policies controlled by resource owners allow authorization decisions based on these attributes and authorizations, or on derived role assignments. ....

N. Li, B. N. Grosof, and J. Feigenbaum. A logic-based knowledge representation for authorization with delegation. In "Proceedings of the 12th IEEE Computer Security Foundations Workshop", 162--174.

....[5] 22] 33] and natural language watermarking [1] Here we study the issue of watermarking numeric relational content. Whereas extensive research has focused on various aspects of DBMS security, including access control techniques as well as data security issues [2] 3] 4] 13] 14] 15] 16] [19] [20] 21] 26] 28] to the best of our knowledge there is no previous work addressing this very problem of relational data security through watermarking. Protecting rights over outsourced digital content is of ever increasing interest, especially considering areas where sensitive, valuable data ....

Li, Feigenbaum, and Grosof. A logic-based knowledge representation for authorization with delegation. In PCSFW: Proceedings of The 12th Computer Security Foundations Workshop. IEEE Computer Society Press, 1999.

....necessary that the intended purpose of the data that should be preserved be identi ed during the watermarking process. Whereas extensive research has focused on various aspects of DBMS security, including access control techniques as well as data security issues [6] 7] 11] 12] 13] 14] [15] [16] 17] 20] to the best of our knowledge only one simultaneous published related e ort is available for comparison [3] Numerous fundamental di erences distinguish our results from this e ort, including but not limited to, the actual method of watermarking, the fact that the method presented ....

Li, Feigenbaum, and Grosof. A logic-based knowledge representation for authorization with delegation. In PCSFW: Proc. of The 12th Computer Security Foundations Workshop, 1999.

....is to motivate and introduce this model of delegation, in the hope it will be seen as contributing a new and interesting mechanism for transferring authority between organisations in a flexible and controllable way. Although this work is influenced by the work in the Trust Management area (see [2, 1, 8, 7] and [3] its goal and focus is somewhat different. In this work, we do not address the issue of distribution of privileges as it is done in e.g. Simple Public Key Infrastructure (SPKI) 3] In our model, we assume that there is a central authorisation server that verifies each delegation attempt ....

....from a more fine grained and flexible control over delegation than current models admit. The standard approach to delegation is binary: Either delegation is possible, and then no substantial further control over the way it is used is possible, or else no delegation is permitted. Some authors (cf. [8]) go beyond this by permitting a fixed upper bound to be imposed on the depth of delegation chains. We have introduced a model which permits much finer control over the scope of delegations. The central idea is to introduce (regular) expressions that constrain the possible shapes of delegation ....

Li, Grosof, and Feigenbaum. A Logic-based Knowledge Representation for Authorization with Delegation. In PCSFW: Proceedings of The 12th Computer Security Foundations Workshop. IEEE Computer Society Press, 1999.

....a difficult problem of knowing what information sources (e.g. documents, web pages, agents) to believe and trust in an open, distributed and dynamic world, and how to integrate and fuse potentially contradictory information. DAML can be used to support distributed trust and reputation management [16, 19, 20]. This will form the basis of a logic for distributed belief transfer that will enable more sophisticated, semantically driven rule based techniques for information integration and fusion. We are making use of DAML s expressiveness and employing it to describe security policies, credentials and ....

Ninghui Li, Joan Feigenbaum, and Benjamin Grosof. A logic-based knowledge representation for authorization with delegation (extended abstract). Proc. 12th IEEE Computer Security Foundations Workshop, Mordano, Italy, June 1999. IBM Research Report RC 21492.

....[21] uses certificates for use conditions that are created by those responsible for the resources. This can only be used when the resource is simple enough to be described by useconditions, but in large systems there could be many types of access like read, write, execute etc. Delegation logics [29, 17] is similar to our approach, however it is not able to capture adequately the constraints associated with rights and delegations. 3.2 Trust Architecture A security policy is a set of rules for authorization, access control and trust in a certain domain. All devices users of the domain must ....

Li, Feigenbaum, and Grosof. A logic-based knowledge representation for authorization with delegation. In PCSFW: Proceedings of The 12th Computer Security Foundations Workshop. IEEE Computer Society Press, 1999.

....and eliminating the closed world assumption. Over the last ten years, a number of trust management systems have been developed, some focusing on authentication [20, 21, 22] others for specialized purposes [3, 8, 18] others for general purpose authorization [4, 6, 13] and others based on logics [1, 2, 17]. Because of the wide range in precision in the specification of these systems and the wide variety of trust management languages, it is difficult to compare the systems in order to intelligently decide which to apply to a new situation. Because of the lack of formality in many of the ....

....Of course, by adding more constructs, one could express those examples as well, but at the cost of additional complexity in the trust management engine and possibly additional time taken in computing M EL . The last example would require an existential quantification operator, similar to that of [17, 18]. 3 Simple Public Key Infrastructure (SPKI) Figure 4 shows how to express SPKI [12, 13, 14] including SDSI [19] local names, in the framework of Section 2. The upper part of the figure defines the lattice of SPKI authorizations and the representation of SPKI assertions. The lower part gives the ....

[Article contains additional citation context not shown here]

N. Li, B. N. Grosof, and J. Feigenbaum. A logic-based knowledge representation for authorization with delegation (extended abstract). In Proceedings of the 12th IEEE Computer Security Foundations Workshop, pages 162--174. IEEE Computer Society Press, 1999.

....know the requester better; normally, the authorizer trusts these third parties only for certain things and only to certain degrees. This trust and delegation aspect makes distributed authorization different from traditional access control. The goal of a growing body of work on trust manage1 ment [9, 11, 12, 13, 20, 24, 25, 49, 50] is to find a more expressive and distributed approach to authorization in these scenarios. In the trust management view of distributed authorization, a requester submits a request, possibly supported by a set of credentials issued by other parties, to an au thorizer, who controls the ....

....code (e.g. Java applets [3] and ActiveX controls [17] content advising [64] privacy protection [75, 76] remote resource sharing, etc. Authorization in these applications is significantly different from traditional authorization. The goal of a growing body of work on trust management [9, 11, 12, 13, 20, 24, 25, 49, 50] is to find a more expressive and distributed approach to authorization in these scenarios. In the rest of this chapter, we first give some background information on authentication and access control, then motivate and describe the trust management approach. See [57] for a comprehensive ....

Ninghui Li, Joan Feigenbaum, and Benjamin N. Grosof, "A Logic-Based Knowledge Representation for Authorization with Delegation (Extended Abstract) ," in Proceedings of the 12th IEEE Computer Security Foundations Workshop (CSFW-12), pp. 162-174, IEEE Computer Society Press, Los Alamitos, CA, 1999. Full paper available as IBM Research Report RC21492. http://cs.nyu.edu/ninghui/papers/ibmrr.ps

....threshold structures are more expensive in practice, because M is typically much larger than n. Recall that n, used in Section 4.3, is the size of one static threshold pool. 32 Dynamic weighted threshold structures We also considered incorporating dynamic weighted threshold structures [31] into DL; however, they pose di#culties for ensuring tractability. 4.5 Reverse Transformation of Conclusions In Section 4.1, we defined the transformation from a D1LP to an OLP O. We now define a reverse transformation that maps an OLP model of to a D1LP model of P. This reverse ....

Ninghui Li, Joan Feigenbaum, and Benjamin N. Grosof. A logic-based knowledge representation for authorization with delegation (extended abstract). In Proceedings of the 1999.

No context found.

Ninghui Li, Joan Feigenbaum, and Benjamin N. Grosof. A logic-based knowledge representation for authorization with delegation (extended abstract). In Proceedings of the 2002.

No context found.

Li, N., Feigenbaum, J., and Grosof, B. 1999. A logic-based knowledge representation for authorization with delegation. In Proc. of the 12th Computer Security Foundations Workshop (Mordano, Italy, June 1999), pp. 162-174.

No context found.

52 N. Li, J. Feigenbaum, B. Grosof. A logic-based knowledge representation for authorization with delegation. Proc. of the 12th IEEE Computer Security Foundations Workshop, pp. 162-174, 1999.

No context found.

Ninghui Li, Joan Feigenbaum, and Benjamin Grosof. A logic-based knowledge representation for authorization with delegation. In Proc. of the 12th IEEE Computer Security Foundations Workshop, pages 162-174, July 1999. 23

No context found.

Li, N., Feigenbaum, J., and Grosof, B. 1999. A logic-based knowledge representation for authorization with delegation. In Proc. of the 12th IEEE Computer Security Foundations Workshop (Mordano, Italy, June 1999), pp. 162-174.

No context found.

N. Li, J. Feigenbaum, and B. N. Grosof. A logic-based knowledge representation for authorization with delegation. In 12th IEEE Computer Security Foundations Workshop, page 162, 1999.

No context found.

Li, Feigenbaum, and Grosof. A logic-based knowledge representation for authorization with delegation. In PCSFW: Proceedings of the 12th Computer Security Foundations Workshop, 1999.

No context found.

N. Li, J. Feigenbaum, and B. Grosof. A logic-based knowledge representation for authorization with delegation. In Proceedings of the 12th IEEE Computer Security Foundations Workshop (CSFW '99), pages 162--174, Washington - Brussels - Tokyo, June 1999. IEEE. 14

No context found.

Li N, Feigenbaum J and Grosof B, A Logic-based Knowledge Representation for Authorization with Delegation, In Proc. of the 12 IEEE Computer Security Foundations Workshop, (1999) 162-174.

No context found.

Li, Grosof, and Feigenbaum, "A logic-based knowledge representation for authorization with delegation," in PCSFW: Proceedings of The 12th Computer Security Foundations Workshop, IEEE Computer Society Press, 1999.

No context found.

N Li, J. Feigenbaum, and B.N. Grosof, "A Logic-Based Knowledge Representation for Authorization with Delegation," PCSFW: Proc. 12th Computer Security Foundations Workshop, 1999.

No context found.

N. Li, J. Feigenbaum and B. Grosof, A logic-based knowledge representation for authorization with delegation (extended abstract), Proc. 12th Int. IEEE Computer Security Foundations Workshop, 1999.

No context found.

Ninghui Li, Benjamin N. Grosof, Joan Feigenbaum, "A Logic-based Knowledge Representation for Authorization with Delegation", IBM Research Report, May 1999 http://research.ibm.com/

First 50 documents

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC