Abstract
Trust management systems are vulnerable to so-called probing attacks, which enable an adversary to gain knowledge about confidential facts in the system. We present the first method for deciding if an adversary can gain knowledge about confidential information in a Datalog-based policy.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Anderson, A.: Web Services Profile of XACML (WS-XACML) Version 1.0. OASIS TC Working Draft (2006)
Anderson, A., Lockhart, H.: SAML 2.0 Profile of XACML v2. 0. OASIS Standard (2005)
Becker, M.Y.: Information flow in credential systems. In: IEEE Computer Security Foundations Symposium, pp. 171–185 (2010)
Becker, M.Y., Fournet, C., Gordon, A.D.: Design and semantics of a decentralized authorization language. In: IEEE Computer Security Foundations (2007)
Becker, M.Y., Koleini, M.: Information leakage in datalog-based trust management systems. Technical Report MSR-TR-2011-11, Microsoft Research (2011)
Becker, M.Y., Sewell, P.: Cassandra: Flexible trust management, applied to electronic health records. In: IEEE Computer Security Foundations, pp. 139–154 (2004)
Blaze, M., Feigenbaum, J., Lacy, J.: Decentralized trust management. In: IEEE Symposium on Security and Privacy, pp. 164–173 (1996)
Bonatti, P., Kraus, S., Subrahmanian, V.: Foundations of secure deductive databases. IEEE Transactions on Knowledge and Data Engineering 7(3), 406–422 (1995)
Ceri, S., Gottlob, G., Tanca, L.: What you always wanted to know about Datalog (and never dared to ask). IEEE Transactions on Knowledge and Data Engineering 1(1), 146–166 (1989)
Damianou, N., Dulay, N., Lupu, E., Sloman, M.: The ponder policy specification language. In: Sloman, M., Lobo, J., Lupu, E.C. (eds.) POLICY 2001. LNCS, vol. 1995, pp. 18–38. Springer, Heidelberg (2001)
Detreville, J.: Binder, a logic-based security language. In: IEEE Symposium on Security and Privacy, pp. 105–113 (2002)
Farkas, C., Jajodia, S.: The inference problem: a survey. ACM SIGKDD Explorations Newsletter 4(2), 6–11 (2002)
Gurevich, Y., Neeman, I.: DKAL: Distributed-knowledge authorization language. In: IEEE Computer Security Foundations Symposium (CSF), pp. 149–162 (2008)
Gurevich, Y., Neeman, I.: DKAL 2 – a simplified and improved authorization language. Technical Report MSR-TR-2009-11, Microsoft Research (2009)
Jajodia, S., Meadows, C.: Inference problems in multilevel secure database management systems. In: Information Security: An Integrated Collection of Essays (1995)
Jim, T.: SD3: A trust management system with certified evaluation. In: Proceedings of the 2001 IEEE Symposium on Security and Privacy, pp. 106–115 (2001)
Li, N., Mitchell, J.C., Winsborough, W.H.: Design of a role-based trust management framework. In: Symposium on Security and Privacy, pp. 114–130 (2002)
OASIS. eXtensible Access Control Markup Language (XACML) Version 2.0 core specification (2005)
Sabelfeld, A., Myers, A.: Language-based information-flow security. IEEE Journal on Selected Areas in Communications 21(1), 5–19 (2003)
Winsborough, W., Li, N.: Safety in automated trust negotiation. ACM Transactions on Information and System Security (TISSEC)Â 9(3) (2006)
Winsborough, W.H., Li, N.: Towards practical automated trust negotiation. In: IEEE International Workshop on Policies for Distributed Systems and Networks (2002)
Winsborough, W.H., Seamons, K.E., Jones, V.E.: Automated trust negotiation. In: DARPA Information Survivability Conference and Exposition, vol. 1 (2000)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Becker, M.Y., Koleini, M. (2011). Opacity Analysis in Trust Management Systems. In: Lai, X., Zhou, J., Li, H. (eds) Information Security. ISC 2011. Lecture Notes in Computer Science, vol 7001. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-24861-0_16
Download citation
DOI: https://doi.org/10.1007/978-3-642-24861-0_16
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-24860-3
Online ISBN: 978-3-642-24861-0
eBook Packages: Computer ScienceComputer Science (R0)