Abstract
DKAL is a new expressive high-level authorization language. It has been successfully tried at Microsoft which led to further improvements of the language itself. One improvement is the separation of concerns between static core policies and dynamic workflow; important safety properties can be proved from the core policies alone, independently from the workflow. Another improvement is true decentralization; different principals live in different worlds exchanging information by means of communication and filtering assertions. We also present some complexity results.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Abadi, M., Burrows, M., Lampson, B., Plotkin, G.: A calculus for access control in distributed systems. ACM Transactions on Programming Languages and Systems 15(4), 706–734 (1993)
Becker, M.Y., Fournet, C., Gordon, A.D.: SecPAL: Design and Semantics of a Decetralized Authorization Language. In: 20th IEEE Computer Security Foundations Symposium (CSF), pp. 3–15 (2007)
Blass, A., Gurevich, Y.: Two Forms of One Useful Logic: Existential Fixed Point Logic and Liberal Datalog. Bulletin of the European Association for Theoretical Computer Science 95, 164–182 (2008)
Blaze, M., Feigenbaum, J., Lacy, J.: Decentralized trust management. In: Proc. 1996 IEEE Symposium on Security and Privacy, pp. 164–173 (1996)
DeTreville, J.: Binder, a Logic-Based Security Language. In: IEEE Symposium on Security and Privacy, pp. 105–113 (2002)
Gurevich, Y., Neeman, I.: DKAL: Distributed-Knowledge Authorization Language. In: 21st IEEE Computer Security Foundations Symposium (CSF 2008), pp. 149–162 (2008)
Gurevich, Y., Neeman, I.: DKAL 2 — A Simplified and Improved Authorization Language. Microsoft Research Tech Report MSR-TR-2009-11 (February 2009)
Gurevich, Y., Roy, A.: Operational Semantics for DKAL: Application and Analysis. Microsoft Research Tech Report MSR-TR-2008-184 (December 2008)
Li, N.: Delegation Logic: A Logic-Based Approach to Distributed Authorization, Ph.D. thesis, New York University (September 2000)
Li, N., Grosof, B.N., Feigenbaum, J.: Delegation Logic: A Logic-Based Approach to Distributed Authorization. ACM Trans. on Information and System Security (TISSEC) 6(1), 128–171 (2003)
Li, N., Winsborough, W.H., Mitchell, J.C.: Beyond Proof-of-Compliance: Safety and Availability Analysis in Trust Management. In: Proceedings of 2003 IEEE Symposium on Security and Privacy, May 2003, pp. 123–139 (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Gurevich, Y., Roy, A. (2009). Operational Semantics for DKAL: Application and Analysis. In: Fischer-Hübner, S., Lambrinoudakis, C., Pernul, G. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2009. Lecture Notes in Computer Science, vol 5695. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-03748-1_15
Download citation
DOI: https://doi.org/10.1007/978-3-642-03748-1_15
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-03747-4
Online ISBN: 978-3-642-03748-1
eBook Packages: Computer ScienceComputer Science (R0)