Title :
DKAL: Distributed-Knowledge Authorization Language
Author :
Gurevich, Yuri ; Neeman, Itay
Abstract :
DKAL is a new declarative authorization language for distributed systems. It is based on existential fixed-point logic and is considerably more expressive than existing authorization languages in the literature. Yet its query algorithm is within the same bounds of computational complexity as e.g. that of SecPAL. DKAL´s communication is targeted which is beneficial for security and for liability protection. DKAL enables flexible use of functions; in particular principals can quote (to other principals) whatever has been said to them. DKAL strengthens the trust delegation mechanism of SecPAL. A novel information order contributes to succinctness. DKAL introduces a semantic safety condition that guarantees the termination of the query algorithm.
Keywords :
Authorization; Communication system security; Computational complexity; Computer security; Information security; Logic; Mathematics; Permission; Protection; Query processing; Datalog; Datalog with constraints; access control; authorization; distributed knowledge; existential fixed-point logic; infon; information leakage; security;
Conference_Titel :
Computer Security Foundations Symposium, 2008. CSF '08. IEEE 21st
Conference_Location :
Pittsburgh, PA, USA
Print_ISBN :
978-0-7695-3182-3
