Revocation in the privilege calculus ?
نویسندگان
چکیده
We have previously presented a framework for updating privileges and creating management structures by means of authority certificates. These are used both to create access-level permissions and to delegate authority to other agents. In this paper we extend the framework to support a richer set of revocation schemes. As in the original, we present an associated calculus of privileges, encoded as a logic program, for reasoning about certificates, revocations, and the privileges they create and destroy. The discussion of revocation schemes follows an existing classification in the literature based on three separate dimensions: resilience, propagation, and dominance. The first does not apply to this framework. The second is specified straightforwardly. The third can be encoded but raises a number of further questions for future investigation.
منابع مشابه
Using Authority Certificates to Create Management Structures
We address the issue of updating privileges in a dynamic environment by introducing authority cerrtificates in a Privilege Management Infrastructure. These certificates can be used to create access-level permissions but also to delegate authority to other agents, thereby providing a mechanism for creating management structures and for changing these structures over time. We present a semantic f...
متن کاملAn Extended Authorization Model for Relational Databases
We propose two extensions to the authorization model for relational databases defined originally by Griffiths and Wade. The first extension concerns a new type of revoke operation, called noncascading revoke operation. The original model contains a single, cascading revoke operation, meaning that when a privilege is revoked from a user, a recursive revocation takes place that deletes all author...
متن کاملPersonhood and Moral Status of The Embryo: It’s Effect on Validity of Surrogacy Contract Revocation according to Shia Jurisprudence Perspective
Objective One of the most controversial issues related to human embryo is to determine the moment when the embryo is considered as a human being and acquires a moral status. Although personhood and moral status are frequently touched upon in medical ethics, they are considered interdisciplinary as concepts shaping the debate in Medical Law (Fiqh) since their consequences are influential in the ...
متن کاملDoS-Resistant Attribute-Based Encryption in Mobile Cloud Computing with Revocation
Security and privacy are very important challenges for outsourced private data over cloud storages. By taking Attribute-Based Encryption (ABE) for Access Control (AC) purpose we use fine-grained AC over cloud storage. In this paper, we extend previous Ciphertext Policy ABE (CP-ABE) schemes especially for mobile and resource-constrained devices in a cloud computing environment in two aspects, a ...
متن کاملThe Separation of Duty with Privilege Calculus
This paper presents Privilege Calculus (PC) as a new approach of knowledge representation for Separation of Duty (SD) in the view of process and intents to improve the reconfigurability and traceability of SD. PC presumes that the structure of SD should be reduced to the structure of privilege and then the regulation of system should be analyzed with the help of forms of privilege.
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2003