• DocumentCode
    2009912
  • Title

    DKAL: Distributed-Knowledge Authorization Language

  • Author

    Gurevich, Yuri ; Neeman, Itay

  • fYear
    2008
  • fDate
    23-25 June 2008
  • Firstpage
    149
  • Lastpage
    162
  • Abstract
    DKAL is a new declarative authorization language for distributed systems. It is based on existential fixed-point logic and is considerably more expressive than existing authorization languages in the literature. Yet its query algorithm is within the same bounds of computational complexity as e.g. that of SecPAL. DKAL´s communication is targeted which is beneficial for security and for liability protection. DKAL enables flexible use of functions; in particular principals can quote (to other principals) whatever has been said to them. DKAL strengthens the trust delegation mechanism of SecPAL. A novel information order contributes to succinctness. DKAL introduces a semantic safety condition that guarantees the termination of the query algorithm.
  • Keywords
    Authorization; Communication system security; Computational complexity; Computer security; Information security; Logic; Mathematics; Permission; Protection; Query processing; Datalog; Datalog with constraints; access control; authorization; distributed knowledge; existential fixed-point logic; infon; information leakage; security;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Computer Security Foundations Symposium, 2008. CSF '08. IEEE 21st
  • Conference_Location
    Pittsburgh, PA, USA
  • ISSN
    1940-1434
  • Print_ISBN
    978-0-7695-3182-3
  • Type

    conf

  • DOI
    10.1109/CSF.2008.8
  • Filename
    4556684
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2009912