Title :
Owned policies for information security
Author :
Chen, Hubie ; Chong, Stephen
Author_Institution :
Dept. of Comput. Sci., Cornell Univ., Ithaca, NY, USA
Abstract :
In many systems, items of information have owners associated with them. An owner of an item of information may want the system to enforce a policy that restricts use of that information; we call such a policy an owned policy. Owned policies can be used in many contexts, including information flow, access control, and software licensing. In this paper, we introduce and study a general framework for owned policies. Relationships between security policies for a given system may be dependent on system aspects that change between or during system execution. As a result, there may be only partial knowledge of the structure of security policies available when analyzing a system statically. We demonstrate that our framework permits static reasoning about owned policies under partial knowledge, and we also exhibit tractability results for the problem of inferring security policies.
Keywords :
security of data; access control; information flow; information owner; information security; information use restriction; owned policy; security policies; software licensing; static analysis; static reasoning; system analysis; Access control; Computer science; Computer security; Conferences; Data security; Information resources; Information security; Licenses; Permission;
Conference_Titel :
Computer Security Foundations Workshop, 2004. Proceedings. 17th IEEE
Print_ISBN :
0-7695-2169-X
DOI :
10.1109/CSFW.2004.1310737
