Reference : Postulates for Revocation Schemes
Scientific congresses, symposiums and conference proceedings : Paper published in a book
Engineering, computing & technology : Computer science
Computational Sciences
http://hdl.handle.net/10993/29413
Postulates for Revocation Schemes
English
Cramer, Marcos mailto [University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC) >]
Casini, Giovanni mailto [University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC) >]
18-Jan-2017
Principles of Security and Trust. Proceedings of the 6th International Conference POST 2017
Cramer, Marcos mailto
Casini, Giovanni mailto
Springer
LNCS, volume 10204
232-252
Yes
No
International
978-3-662-54454-9
6th International Conference on Principles of Security and Trust (POST)
22-29 April 2017
Uppsala
Sweden
[en] access control ; delegation ; permission
[en] In access control frameworks with the possibility of delegating
permissions and administrative rights, delegation chains can form. There
are di erent ways to treat these delegation chains when revoking rights,
which give rise to di erent revocation schemes. Hagstr om et al. [11] proposed
a framework for classifying revocation schemes, in which the di erent
revocation schemes are de ned graph-theoretically. At the outset, we identify
multiple problems with Hagstr om et al.'s de nitions of the revocation
schemes, which can pose security risks. This paper is centered around the
question how one can systematically ensure that improved de nitions of the
revocation schemes do not lead to similar problems. For this we propose to
apply the axiomatic method originating in social choice theory to revocation
schemes. Our use of the axiomatic method resembles its use in belief revision
theory. This means that we de ne postulates that describe the desirable behaviour
of revocation schemes, study which existing revocation frameworks
satisfy which postulates, and show how all de ned postulates can be satis ed
by de ning the revocation schemes in a novel way.
Researchers
http://hdl.handle.net/10993/29413
https://link.springer.com/chapter/10.1007/978-3-662-54455-6_11
The original paper has been published by Springer (https://link.springer.com/chapter/10.1007/978-3-662-54455-6_11). The content of the present version corresponds to the published version, plus the proofs of the propositions.
FnR ; FNR4758104 > Leon Van Der Torre > SIEP > Specification logics and Inference tools for verification and Enforcement of Policies > 01/06/2012 > 30/04/2017 > 2011

File(s) associated to this reference

Fulltext file(s):

FileCommentaryVersionSizeAccess
Open access
AEL_revocation_tech_rep.pdfAuthor postprint299.06 kBView/Open

Bookmark and Share SFX Query

All documents in ORBilu are protected by a user license.