Abstract
Authorization provenance concerns how an authorization is derived. It appears important to define authorization provenance to (1) analyze policy bases, (2) defend against a class of attacks, and (3) audit authorizations. In this paper, we study a notion of authorization provenance, based on a recently proposed logic in the literature. By examining a collection of properties, we show this definition captures the intuitions of authorization provenance. We also present an application of our notion of authorization provenance: specifying and enforcing a new type of security requirements.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Appel, A.W., Felten, E.W.: Proof-carrying authentication. In: ACM Conference on Computer and Communications Security, pp. 52–62 (1999)
Braun, U., Shinnar, A., Seltzer, M.: Securing provenance. In: Proc. of the 3rd USENIX Workshop on Hot Topics in Security (HotSec) (July 2008)
Chong, S., van der Meyden, R.: Deriving epistemic conclusions from agent architecture. In: TARK (July 2009)
Hasan, R., Sion, R., Winslett, M.: The case of the fake picasso: Preventing history forgery with secure provenance. In: Proceedings of the 7th USENIX Conference on File and Storage Technologies, FAST (2009)
Hu, J., Zhang, Y., Li, R., Lu, Z.: A logic for authorization provenance. In: Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, pp. 238–249 (2010)
Mao, Z., Li, N., Chen, H., Jiang, X.: Trojan horse resistant discretionary access control. In: ACM Symposium on Access Control Models and Technologies (2009)
Muniswamy-Reddy, K.-K., Holland, D.A., Braun, U., Seltzer, M.I.: Provenance-aware storage systems. In: Proc. of the USENIX Annual Technical Conference, pp. 43–56 (2006)
Ni, Q., Xu, S., Bertino, E., Sandhu, R., Han, W.: An access control language for a general provenance model. In: Proceedings of the 6th VLDB Workshop on Secure Data Management (2009)
Schneider, F.B.: Enforceable security policies. ACM Trans. Inf. Syst. Secur. 3(1), 30–50 (2000)
Sipser, M.: Introduction to the Theory of Computation (2005)
Tan, W.C.: Provenance in databases: Past, current, and future. IEEE Data Eng. Bull. 30(4), 3–12 (2007)
van der Meyden, R.: On notions of causality and distributed knowledge. In: International Conference on Principles of Knowledge Representation and Reasoning, pp. 209–219 (2008)
Wang, Q., Li, N., Chen, H.: On the Security of Delegation in Access Control Systems. In: Jajodia, S., Lopez, J. (eds.) ESORICS 2008. LNCS, vol. 5283, pp. 317–332. Springer, Heidelberg (2008)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Hu, J., Khan, K.M., Bai, Y., Zhang, Y. (2012). Tracking and Constraining Authorization Provenance. In: Jiang, H., Ding, W., Ali, M., Wu, X. (eds) Advanced Research in Applied Artificial Intelligence. IEA/AIE 2012. Lecture Notes in Computer Science(), vol 7345. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-31087-4_68
Download citation
DOI: https://doi.org/10.1007/978-3-642-31087-4_68
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-31086-7
Online ISBN: 978-3-642-31087-4
eBook Packages: Computer ScienceComputer Science (R0)