An audit logic for accountability

We describe a policy language and implement its associated proof checking system. In our system, agents can distribute data along with usage policies in a decentralized architecture. Our language supports the specification of conditions and obligations, and also the possibility to refine policies. In our framework, the compliance with usage policies is not actively enforced. However, agents are accountable for their actions, and may be audited by an authority requiring justifications.

[1]  Xin Wang,et al.  XrML -- eXtensible rights Markup Language , 2002, XMLSEC '02.

[2]  F. Pfenning Logic programming in the LF logical framework , 1991 .

[3]  Yee Wei Law,et al.  LicenseScript: a novel digital rights language and its semantics , 2003, Proceedings Third International Conference on WEB Delivering of Music.

[4]  Jaehong Park,et al.  Usage Control: A Vision for Next Generation Access Control , 2003, MMM-ACNS.

[5]  Ninghui Li,et al.  Design of a role-based trust-management framework , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[6]  John DeTreville,et al.  Binder, a logic-based security language , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[7]  Elisa Bertino,et al.  A logical framework for reasoning about access control models , 2001, SACMAT '01.

[8]  Sabrina De Capitani di Vimercati,et al.  Access Control: Policies, Models, and Mechanisms , 2000, FOSAD.

[9]  Jaehong Park,et al.  Towards usage control models: beyond traditional access control , 2002, SACMAT '02.

[10]  Elisa Bertino,et al.  A unified framework for enforcing multiple access control policies , 1997, SIGMOD '97.

[11]  Jerry den Hartog,et al.  A Logic for Auditing Accountability in Decentralized Systems , 2004, Formal Aspects in Security and Trust.

[12]  R. Sandhu,et al.  Access control: principles and practice , 1994, IEEE Commun. Mag..

[13]  P. Samarati,et al.  Access control: principle and practice , 1994, IEEE Communications Magazine.

[14]  Andrew W. Appel,et al.  Proof-carrying authentication , 1999, CCS '99.

[15]  Frank Pfenning,et al.  System Description: Twelf - A Meta-Logical Framework for Deductive Systems , 1999, CADE.

[16]  Martín Abadi,et al.  By reason and authority: a system for authorization of proof-carrying code , 2004, Proceedings. 17th IEEE Computer Security Foundations Workshop, 2004..

[17]  Martín Abadi,et al.  Logic in access control , 2003, 18th Annual IEEE Symposium of Logic in Computer Science, 2003. Proceedings..

[18]  Paul Ashley,et al.  E-P3P privacy policies and privacy authorization , 2002, WPES '02.

[19]  George C. Necula,et al.  Compiling with proofs , 1998 .