Publication:

Owned Policies for Information Security

Thumbnail Image

Open/View Files

Owned_Policies_for_Information_Security.pdf (234.84 KB)

Date

Authors

Published Version

10.1109/csfw.2004.1310737

Journal Title

Journal ISSN

Volume Title

Publisher

IEEE
The Harvard community has made this article openly available. Please share how this access benefits you.

Research Projects

Organizational Units

Journal Issue

Citation

Chen, H., & S. Chong. Owned Policies for Information Security. Proceedings of the 17th IEEE Computer Security Foundations Workshop (CSFW), IEEE, Pacific Grove, CA, 30-30 June 2004, 8199193.

Abstract

In many systems, items of information have own- ers associated with them. An owner of an item of in- formation may want the system to enforce a policy that restricts use of that information; we call such a policy an owned policy. Owned policies can be used in many contexts, including information flow, access control, and software licensing. In this paper we introduce and study a general framework for owned policies. Relationships between security policies for a given system may be dependent on system aspects that change between or during system execution. As a result, there may be only partial knowledge of the structure of security policies available when analyzing a system statically. We demonstrate that our framework permits static reasoning about owned policies under partial knowledge, and we also exhibit tractability results for the problem of inferring security policies.

Description

Other Available Sources

Research Data

Keywords

Terms of Use

This article is made available under the terms and conditions applicable to Open Access Policy Articles (OAP), as set forth at Terms of Service

URI

http://nrs.harvard.edu/urn-3:HUL.InstRepos:42661820

Collections

FAS Scholarly Articles

Endorsement

Review

Supplemented By

Related Stories