A Trust Management Approach for Flexible Policy Management in Security-Typed Languages

June 23-June 25

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/CSF.2008.22

2008 21st IEEE Computer Security Foun ...

	This Article
	PURCHASE ARTICLE: $19 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Sruthi Bandhakavi Articles by William Winsborough Articles by Marianne Winslett

	ASCII Text	x
	Sruthi Bandhakavi, William Winsborough, Marianne Winslett, "A Trust Management Approach for Flexible Policy Management in Security-Typed Languages," Computer Security Foundations Symposium, IEEE, pp. 33-47, 2008 21st IEEE Computer Security Foundations Symposium, 2008.

	BibTex	x
	@article{ 10.1109/CSF.2008.22, author = {Sruthi Bandhakavi and William Winsborough and Marianne Winslett}, title = {A Trust Management Approach for Flexible Policy Management in Security-Typed Languages}, journal ={Computer Security Foundations Symposium, IEEE}, volume = {0}, year = {2008}, isbn = {978-0-7695-3182-3}, pages = {33-47}, doi = {http://doi.ieeecomputersociety.org/10.1109/CSF.2008.22}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Computer Security Foundations Symposium, IEEE TI - A Trust Management Approach for Flexible Policy Management in Security-Typed Languages SN - 978-0-7695-3182-3 SP33 EP47 A1 - Sruthi Bandhakavi, A1 - William Winsborough, A1 - Marianne Winslett, PY - 2008 KW - Trust Management KW - Information Flow KW - Lanugage Based Security VL - 0 JA - Computer Security Foundations Symposium, IEEE ER -

Sruthi Bandhakavi

William Winsborough

Marianne Winslett

Early work on security-typed languages required that legal information flows be defined statically. More recently, techniques have been introduced that relax these assumptions and allow policies to change at run-time. For example, the Rx language uses a policy language based on RT, a trust management framework for representing authorization policies. While Rx made significant strides toward the goal of allowing policy updates in security-typed languages, in this paper we observe that certain design choices of Rx violate the privacy and autonomy requirements of principals in trust management systems, thus making decentralized control over information difficult. To address these problems, we propose RTI, a new security-typed language. In addition to avoiding prior pitfalls, RTI's most distinguishing characteristic is that it supports fine-grained specification of security for dynamic policy. We also provide a proof of noninterference for RTI.

Index Terms:

Trust Management, Information Flow, Lanugage Based Security

Citation:

Sruthi Bandhakavi, William Winsborough, Marianne Winslett, "A Trust Management Approach for Flexible Policy Management in Security-Typed Languages," csf, pp.33-47, 2008 21st IEEE Computer Security Foundations Symposium, 2008

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.