DKAL: Distributed-Knowledge Authorization Language

	This Article
	Subscribers, please Login Purchase article: $19 PDF RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Yuri Gurevich Articles by Itay Neeman

2008 21st IEEE Computer Security Foundations Symposium

June 23-June 25

ISBN: 978-0-7695-3182-3

	ASCII Text	x
	Yuri Gurevich, Itay Neeman, "DKAL: Distributed-Knowledge Authorization Language," Computer Security Foundations Symposium, IEEE, pp. 149-162, 2008 21st IEEE Computer Security Foundations Symposium, 2008.

	BibTex	x
	@article{ 10.1109/CSF.2008.8, author = {Yuri Gurevich and Itay Neeman}, title = {DKAL: Distributed-Knowledge Authorization Language}, journal ={Computer Security Foundations Symposium, IEEE}, volume = {0}, year = {2008}, isbn = {978-0-7695-3182-3}, pages = {149-162}, doi = {http://doi.ieeecomputersociety.org/10.1109/CSF.2008.8}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Computer Security Foundations Symposium, IEEE TI - DKAL: Distributed-Knowledge Authorization Language SN - 978-0-7695-3182-3 SP149 EP162 A1 - Yuri Gurevich, A1 - Itay Neeman, PY - 2008 KW - access control KW - authorization KW - Datalog KW - Datalog with constraints KW - distributed knowledge KW - existential fixed-point logic KW - infon KW - information leakage KW - security VL - 0 JA - Computer Security Foundations Symposium, IEEE ER -

Yuri Gurevich

Itay Neeman

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/CSF.2008.8

DKAL is a new declarative authorization language for distributed systems. It is based on existential fixed-point logic and is considerably more expressive than existing authorization languages in the literature. Yet its query algorithm is within the same bounds of computational complexity as e.g. that of SecPAL. DKAL's communication is targeted which is beneficial for security and for liability protection. DKAL enables flexible use of functions; in particular principals can quote (to other principals) whatever has been said to them. DKAL strengthens the trust delegation mechanism of SecPAL. A novel information order contributes to succinctness. DKAL introduces a semantic safety condition that guarantees the termination of the query algorithm.

Index Terms:

access control, authorization, Datalog, Datalog with constraints, distributed knowledge, existential fixed-point logic, infon, information leakage, security

Citation:

Yuri Gurevich, Itay Neeman, "DKAL: Distributed-Knowledge Authorization Language," csf, pp.149-162, 2008 21st IEEE Computer Security Foundations Symposium, 2008

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.