Noninterference Analysis of Delegation Subterfuge in Distributed Authorization Systems
Abstract
A principal carrying out a delegation may not be certain about the state of its delegation graph as it may have been perturbed by an attacker. This perturbation may come about from the attacker concealing the existence of selected delegation certificates and/or injecting new delegation certificates. As a consequence of this delegation subterfuge the principal may violate its own policy that guides delegation actions. This paper considers the verification of the absence of subterfuge in systems that accept and issue delegation certificates. It is argued that this absence of subterfuge is not a safety property and a non-interference style security-property based interpretation is proposed.
Domains
Computer Science [cs]Origin | Files produced by the author(s) |
---|
Loading...