Opacity Analysis in Trust Management Systems
@inproceedings{Becker2011OpacityAI,
title={Opacity Analysis in Trust Management Systems},
author={Moritz Y. Becker and Masoud Koleini},
booktitle={ISC},
year={2011}
}Trust management systems are vulnerable to so-called probing attacks, which enable an adversary to gain knowledge about confidential facts in the system. We present the first method for deciding if an adversary can gain knowledge about confidential information in a Datalog-based policy.
2 Citations
Foundations of Logic-Based Trust Management
- Computer Science2012 IEEE Symposium on Security and Privacy
- 2012
This paper presents a model theory that is based on Kripke structures for counterfactual logic that can be used to prove non-trivial meta-theorems about trust management systems, as well as analyze probing attacks on such systems.
Verification of temporal-epistemic properties of access control systems
- Computer Science
- 2012
This thesis presents a framework for knowledge-based verification of dynamic access control policies and develops an automated abstraction refinement technique for evaluating temporal-epistemic properties and a sound and complete algorithm in order to identify information leakage in Datalog-based trust management systems.
References
SHOWING 1-10 OF 24 REFERENCES
Information leakage in Datalog-based trust management systems
- Computer Science
- 2011
This work presents the first complete decision procedure for checking if an adversary, characterized by a set of probes available in an attack, is unable to gain knowledge about confidential information about a policy specified in Datalog, and positively answers the hitherto open question of whether the opacity problem in this setting is decidable.
Decentralized trust management
- Computer ScienceProceedings 1996 IEEE Symposium on Security and Privacy
- 1996
This paper presents a comprehensive approach to trust management, based on a simple language for specifying trusted actions and trust relationships, and describes a prototype implementation of a new trust management system, called PolicyMaker, that will facilitate the development of security features in a wide range of network services.
Automated trust negotiation
- Computer ScienceProceedings DARPA Information Survivability Conference and Exposition. DISCEX'00
- 2000
The notion of a trust negotiation strategy is introduced and examined with respect to an abstract model of trust negotiation, and a language of credential expressions is presented.
SD3: a trust management system with certified evaluation
- Computer ScienceProceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001
- 2001
SD3, a trust management system consisting of a high-level policy language, a local policy evaluation, and a certificate retrieval system, is introduced and it is shown how to implement a secure name service entirely in SD3.
Towards practical automated trust negotiation
- Computer ScienceProceedings Third International Workshop on Policies for Distributed Systems and Networks
- 2002
This work introduces the trust target graph (TTG) protocol, which supports a more realistic credential language, Ack policies, and distributed storage of credentials, and protects information about sensitive attributes.
The inference problem: a survey
- Computer ScienceSKDD
- 2002
A survey of the current and emerging research in data inference control is presented and the importance of targeting this so often overlooked problem during database security design is emphasized.
Safety in automated trust negotiation
- Computer ScienceIEEE Symposium on Security and Privacy, 2004. Proceedings. 2004
- 2004
A formal framework for ATN is introduced in which it is proved that an approach to ATN from the literature meets the requirements set forth in the preferred safety definition, thus validating the safety of that approach, as well as the usability of the definition.
Information Flow in Credential Systems
- Computer Science2010 23rd IEEE Computer Security Foundations Symposium
- 2010
A systematic study of information flow in credential-based declarative authorization policies finds that opacity is the more useful, and more general of the two properties; indeed, it is shown that non-interference can be stated in terms of opacity.
Design of a role-based trust-management framework
- Computer ScienceProceedings 2002 IEEE Symposium on Security and Privacy
- 2002
The RT framework, a family of role-based trust management languages for representing policies and credentials in distributed authorization, is introduced, and the semantics of credentials are defined by presenting a translation from credentials to Datalog rules.
Language-based information-flow security
- Computer ScienceIEEE J. Sel. Areas Commun.
- 2003
A structured view of research on information-flow security is given, particularly focusing on work that uses static program analysis to enforce information- flow policies, and some important open challenges are identified.