Tracking and Constraining Authorization Provenance
نویسندگان
چکیده
Authorization provenance concerns how an authorization is derived. It appears important to define authorization provenance to (1) analyze policy bases, (2) defend against a class of attacks, and (3) audit authorizations. In this paper, we study a notion of authorization provenance, based on a recently proposed logic in the literature. By examining a collection of properties, we show this definition captures the intuitions of authorization provenance. We also present an application of our notion of authorization provenance: specifying and enforcing a new type of security requirements.
منابع مشابه
bdbms - A Database Management System for Biological Data
Biologists are increasingly using databases for storing and managing their data. Biological databases typically consist of a mixture of raw data, metadata, sequences, annotations, and related data obtained from various sources. Current database technology lacks several functionalities that are needed by biological databases. In this paper, we introduce bdbms, an extensible prototype database ma...
متن کاملACCESSPROV: Tracking the Provenance of Access Control Decisions
Access control protects security-sensitive operations from access by unauthorized subjects. Unfortunately, access control mechanisms are implemented manually in practice, which can lead to exploitable errors. Prior work aims to find such errors through static analysis, but the correctness of access control enforcement depends on runtime factors, such as the access control policies enforced and ...
متن کاملTapido: Trust and Authorization Via Provenance and Integrity in Distributed Objects (Extended Abstract)
Existing web services and mashups exemplify the need for flexible construction of distributed applications. How to do so securely remains a topic of current research. We present TAPIDO, a programming model to address Trust and Authorization concerns via Provenance and Integrity in systems of Distributed Objects. Creation of TAPIDO objects requires (static) authorization checks and their communi...
متن کاملAdopting Provenance-Based Access Control in OpenStack Cloud IaaS
Provenance-based Access Control (PBAC) has recently risen as an effective access control approach that can utilize readily provided history information of underlying systems to enhance various aspects of access control in a computing environment. The adoption of PBAC capabilities to the authorization engine of a multi-tenant cloud Infrastructure-as-a-Service (IaaS) such as OpenStack can enhance...
متن کاملA Provenance Assisted Roadmap for Life Sciences Linked Open Data Cloud
A significant portion of Web of Data is composed of multiple datasets that add high value to biomedical research. These datasets have been exposed on the web as a part of the Life Sciences Linked Open Data (LSLOD) Cloud. Different initiatives have been proposed for navigating through these datasets with or without vocabulary reuse. The significance of provenance information regarding life scien...
متن کامل