Marianne Winslett, Charles C. Zhang, Piero A. Bonatti:
PeerAccess: a logic for distributed authorization.
Abstract
This paper introduces the PeerAccess framework for reasoning
about authorization in open distributed systems, and shows how a
parameterization of the framework can be used to reason about access to
computational resources in a grid environment. The PeerAccess framework
supports a declarative description of the behavior of peers that
selectively push and/or pull information from certain other
peers. PeerAccess local knowledge bases encode the basic knowledge of each
peer (e.g., Alice's group memberships), its policies governing the release
of each possible piece of information to other peers, and information that
guides and limits its search process when trying to obtain particular
pieces of information from other peers. PeerAccess proofs of authorization
are verifiable and nonrepudiable, and their construction relies only on
the local information possessed by peers and their parameterized behavior
with respect to query answering, information push/pull, and information
release policies (i.e., no omniscient viewpoint is required). We present
the PeerAccess language and peer knowledge base structure, the associated
formal semantics and proof theory, and examples of the use of PeerAccess
in constructing proofs of authorization to access computational resources.
URL:
http://rewerse.net/publications/rewerse-publications.html#REWERSE-RP-2005-136
@inproceedings{REWERSE-RP-2005-136, author = {Marianne Winslett and Charles C. Zhang and Piero A. Bonatti}, title = {PeerAccess: a logic for distributed authorization}, booktitle = {Proceedings of 12th ACM Conference on Computer and Communications Security, Alexandria, VA, USA (7th--11th November 2005)}, year = {2005}, organization = {ACM}, pages = {168--179}, url = {http://rewerse.net/publications/rewerse-publications.html#REWERSE-RP-2005-136} }