Owned Policies for Information Security

12 years 1 months ago
Owned Policies for Information Security
In many systems, items of information have owners associated with them. An owner of an item of information may want the system to enforce a policy that restricts use of that information; we call such a policy an owned policy. Owned policies can be used in many contexts, including information flow, access control, and software licensing. In this paper we introduce and study a general framework for owned policies. Relationships between security policies for a given system may be dependent on system aspects that change between or during system execution. As a result, there may be only partial knowledge of the structure of security policies available when analyzing a system statically. We demonstrate that our framework permits static reasoning about owned policies under partial knowledge, and we also exhibit tractability results for the problem of inferring security policies.
Hubie Chen, Stephen Chong
Added 20 Aug 2010
Updated 20 Aug 2010
Type Conference
Year 2004
Where CSFW
Authors Hubie Chen, Stephen Chong
Comments (0)