Opacity Analysis in Trust Management Systems

  title={Opacity Analysis in Trust Management Systems},
  author={Moritz Y. Becker and Masoud Koleini},
Trust management systems are vulnerable to so-called probing attacks, which enable an adversary to gain knowledge about confidential facts in the system. We present the first method for deciding if an adversary can gain knowledge about confidential information in a Datalog-based policy. 
Foundations of Logic-Based Trust Management
This paper presents a model theory that is based on Kripke structures for counterfactual logic that can be used to prove non-trivial meta-theorems about trust management systems, as well as analyze probing attacks on such systems.
Verification of temporal-epistemic properties of access control systems
This thesis presents a framework for knowledge-based verification of dynamic access control policies and develops an automated abstraction refinement technique for evaluating temporal-epistemic properties and a sound and complete algorithm in order to identify information leakage in Datalog-based trust management systems.


Information leakage in Datalog-based trust management systems
This work presents the first complete decision procedure for checking if an adversary, characterized by a set of probes available in an attack, is unable to gain knowledge about confidential information about a policy specified in Datalog, and positively answers the hitherto open question of whether the opacity problem in this setting is decidable.
Decentralized trust management
This paper presents a comprehensive approach to trust management, based on a simple language for specifying trusted actions and trust relationships, and describes a prototype implementation of a new trust management system, called PolicyMaker, that will facilitate the development of security features in a wide range of network services.
Automated trust negotiation
The notion of a trust negotiation strategy is introduced and examined with respect to an abstract model of trust negotiation, and a language of credential expressions is presented.
SD3: a trust management system with certified evaluation
  • T. Jim
  • Computer Science
    Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001
  • 2001
SD3, a trust management system consisting of a high-level policy language, a local policy evaluation, and a certificate retrieval system, is introduced and it is shown how to implement a secure name service entirely in SD3.
Towards practical automated trust negotiation
  • W. Winsborough, Ninghui Li
  • Computer Science
    Proceedings Third International Workshop on Policies for Distributed Systems and Networks
  • 2002
This work introduces the trust target graph (TTG) protocol, which supports a more realistic credential language, Ack policies, and distributed storage of credentials, and protects information about sensitive attributes.
The inference problem: a survey
A survey of the current and emerging research in data inference control is presented and the importance of targeting this so often overlooked problem during database security design is emphasized.
Safety in automated trust negotiation
A formal framework for ATN is introduced in which it is proved that an approach to ATN from the literature meets the requirements set forth in the preferred safety definition, thus validating the safety of that approach, as well as the usability of the definition.
Information Flow in Credential Systems
  • Moritz Y. Becker
  • Computer Science
    2010 23rd IEEE Computer Security Foundations Symposium
  • 2010
A systematic study of information flow in credential-based declarative authorization policies finds that opacity is the more useful, and more general of the two properties; indeed, it is shown that non-interference can be stated in terms of opacity.
Design of a role-based trust-management framework
The RT framework, a family of role-based trust management languages for representing policies and credentials in distributed authorization, is introduced, and the semantics of credentials are defined by presenting a translation from credentials to Datalog rules.
Language-based information-flow security
A structured view of research on information-flow security is given, particularly focusing on work that uses static program analysis to enforce information- flow policies, and some important open challenges are identified.