Policy Specification for Digital Library Objects Related Links (aka Previous Work) Vicky Weissman

Related Links
Most of the links on this page point to internal copies.

Logics and Languages

Overview
"The Digital Dilemma - Intellectual Property in the Information Age", National Research Council, 2000

Henry M. Gladney and Jeff B. Lotspiech, "Safeguarding Digital Library Contents and Users, Storing, Sending, Showing, and Honoring Usage Terms and Conditions", D-Lib Magazine, May 1998

Sandra Payette and Carl Lagoze, "Policy-Enforcing, Policy-Carrying Digital Objects", Fourth European Conference on Research and Advanced Technology for Digital Libraries, Springer 2000

Various Logics/Languages
Overview
Joseph Y. Halpern, Ron van der Meyden and Fred B. Schneider, "Less is More: Logical Foundations for Trust Management."

Complete
M. Abadi, M. Burrows, B. Lampson, and G. Plotkin. "A Calculus for Access Control in Distributed Systems". ACM Trans. Programming Languages and Systems, 15, 4 (Oct. 1993), pp 706-734.

Obligation
Janice Glasgow, Glenn MacEwen, and Prakash Panangaden, "A Logic for Reasoning about Security" ACM Transactions on Computer Systems, Aug. 1992

R. van der Meyden, "The Dynamic Logic of Permission" IEEE Symposium on Logic in Computer Science, Philadelphia, 1990

Consistency
Laurence Cholvy and Frederic Cuppens, "Analyzing Consistency of Security Policies" 18th IEEE Computer Society Symposium on Research in Security and Privacy, 1997

Frederic Cuppens, Laurence Cholvy, Claire Saurel, and Jerome Carrere, "Merging security policies: analysis of a practical example" PCSFW: Proceedings of The 11th Computer Security Foundations Workshop, 1998

J. Chomicki and J. Lobo, "Monitors for History-Based Policies" Proc. International Workshop of Policies for Distributed Systems and Networks, Policy 2001. LNCS 1995. January 2001

Addresses implementation
Sushil Jajodia, Pierangela Samarati, and V. S. Subrahmanian. "A Logical Language for Expressing Authorizations." IEEE Symposium on Security and Privacy, 1997

D. Wijesekera, S. Jajodia. "Policy Algebras for Access Control -- The Propositional Case" Proc. of the ACM Conference on Computer and Communications Security, November 5-8, 2001

Nicodemos Damianou, Naranker Dulay, Emil Lupu, and Morris Sloman, "The Ponder Policy Specification Language", Proc. International Workshop of Policies for Distributed Systems and Networks, Policy 2001. LNCS 1995. January 2001

Fred B. Schneider, "Enforceable Security Policies." July 26, 1999

James A. Hoagland, Raju Pandey, and Karl N. Levitt, "Security Policy Specification Using a Graphical Approach", 1998

Delegation
Ninghui Li, Benjamin N. Grosof, and Joan Feigenbaum, "A Logic-based Knowledge Representation for Authorization with Delegation" IBM Research Report RC 21492, May 28, 1999

Ninghui Li, Benjamin N. Grosof, and Joan Feigenbaum, "A Practically Implementable and Tractable Delegation Logic" Proceedings of the 21st IEEE Symposium on Security and Privacy, IEEE Computer Society Press, May 2000, Oakland CA.

Ninghui LI, Benjamin Grosof, and Joan Feigenbaum, "A Nonmonotonic Delegation Logic with Prioritized Conflict Handling"

PolicyMaker/KeyNote
M. Blaze, J. Feigenbaum and J. Lacy, "Decentralized Trust Management." IEEE Conference on Security and Privacy, Oakland, CA. May 1996.
Software is called PolicyMaker.

Minna Kangasluoma, ""Policy Specification Languages", Nov. 11, 1999

XML
Collection
"The XML Cover Pages: XML and Digital Rights Management(DRM)

Individual languages
XrML - eXtensible rights Markup Language
Homepage: http://www.xrml.org
Specification: "XrMLSpec1.3.pdf"

Robin Cover "The XML Cover Pages: Digital Property Right's Language (DPRL)" June 20, 2001

"The Open Digital Rights Langauge Initiative"

Amir Herzberg, Yosi Mass, Joris Michaeli, Dalit Naor, and Yiftach Ravid, "Access Control Meets Public Key Infrastructure, Or: Assigning Roles to Strangers"

SPKI/SDSI
Joseph Y. Halpern and Ron van der Meyden, "A logical reconstruction of SPKI" Proc. IEEE Computer Security Foundations Workshop, 2001, pp. 59-70

Joseph Y. Halpern and Ron van der Meyden, "A Logic for SDSI's Linked Local Name Spaces" Journal of Computer Security, vol 9, number 1, 2, pp.75-104, 2001

Jon Howell and David Kotz, "A Formal Semantics for SPKI" Proc. of the Sixth European Symposium on Research in Computer Security, 2000, Lecture Notes in Computer Science #1895, pages 140-158

Dwaine Clarke, Jean-Emile Elien, Carl Ellison , Matt Fredette, Alexander Morcos, and Ronald L. Rivest, "Certificate Chain Discovery in SPKI/SDSI" manuscript, Nov. 1999 (to appear in Journal of Computer Security)

"SPKI Working Group"

Framework for comparing approaches
Stephen Weeks, "Understanding Trust Management Systems", IEEE Symposium on Security and Privacy, 2001

Sample Policies
Digital libraries
"Notes from Sandy Payette's interview with the Co-Directors of the Cornell Institute for Digital Collections"

William Yeo Arms, "Implementing Policies for Access Management" D-Lib Magazine, Feb 1998

Medical
Ross Anderson, "Security in Clinical Information Systems" British Medical Assocation, Jan. 12, 1996

Various
Computer Policy and Law - Cornell University

Questions concerning this project should be sent to Vicky Weissman.