Expressiveness of a Provenance-Enabled Authorization Logic

摘要

In distributed environments, access control decisions depend on statements of multiple agents rather than only one central trusted party. However, existing policy languages put few emphasis on authorization provenances. The capability of managing these provenances is important and useful in various security areas such as computer auditing and authorization recycling. Based on our previously proposed logic, we present several case studies of this logic. By doing this, we show its expressiveness and usefulness in security arena