@inproceedings{4d27db844d6b4930b4e7cf47333391d2,
title = "Avoiding information leakage in security-policy-aware planning",
abstract = "In early computer systems only simple actions would be governed by security policies. However, computers are increasingly handling complex organizational tasks which may have complex preconditions and postconditions. As such, it is useful to be able to plan and schedule actions in advance in order to ensure that desired actions will be able to be carried out without violating the security policy. However, there is a possibility that planning systems could accidentally leak information about future plans which should be kept confidential. In this paper, we investigate how sensitive information could be leaked by a planning system which uses security policies to ensure that planned actions will be able to occur. We formally define information leakage in this context. Then we present two techniques which can be used to mitigate or eliminate this information leakage and prove their security.",
keywords = "Obligations, Policy, Scheduling",
author = "Keith Irwin and Ting Yu and Winsborough, \{William H.\}",
year = "2008",
doi = "10.1145/1456403.1456418",
language = "English",
isbn = "9781605582894",
series = "Proceedings of the ACM Conference on Computer and Communications Security",
publisher = "Association for Computing Machinery",
pages = "85--94",
booktitle = "Proceedings of the 7th ACM Workshop on Privacy in the Electronic Society, WPES'08,Co-located with the 15th ACM Computer and Communications Security Conference, CCS'08",
address = "United States",
note = "7th ACM Workshop on Privacy in the Electronic Society, WPES'08, Co-located with the 15th ACM Computer and Communications Security Conference, CCS'08 ; Conference date: 27-10-2008 Through 31-10-2008",
}