Publication: Owned Policies for Information Security
No Thumbnail Available
Open/View Files
Date
Authors
Published Version
Journal Title
Journal ISSN
Volume Title
Publisher
IEEE
The Harvard community has made this article openly available. Please share how this access benefits you.
Citation
Chen, H., & S. Chong. Owned Policies for Information Security. Proceedings of the 17th IEEE Computer Security Foundations Workshop (CSFW), IEEE, Pacific Grove, CA, 30-30 June 2004, 8199193.
Research Data
Abstract
In many systems, items of information have own- ers associated with them. An owner of an item of in- formation may want the system to enforce a policy that restricts use of that information; we call such a policy an owned policy. Owned policies can be used in many contexts, including information flow, access control, and software licensing. In this paper we introduce and study a general framework for owned policies.
Relationships between security policies for a given system may be dependent on system aspects that change between or during system execution. As a result, there may be only partial knowledge of the structure of security policies available when analyzing a system statically. We demonstrate that our framework permits static reasoning about owned policies under partial knowledge, and we also exhibit tractability results for the problem of inferring security policies.
Description
Other Available Sources
Keywords
Terms of Use
This article is made available under the terms and conditions applicable to Open Access Policy Articles (OAP), as set forth at Terms of Service