Results 1 - 10
of
196
Design of a role-based trust management framework
- In Proceedings of the 2002 IEEE Symposium on Security and Privacy
, 2002
"... We introduce the RT framework, a family of Rolebased Trust-management languages for representing policies and credentials in distributed authorization. RT combines the strengths of role-based access control and trustmanagement systems and is especially suitable for attributebased access control. Usi ..."
Abstract
-
Cited by 362 (42 self)
- Add to MetaCart
(Show Context)
We introduce the RT framework, a family of Rolebased Trust-management languages for representing policies and credentials in distributed authorization. RT combines the strengths of role-based access control and trustmanagement systems and is especially suitable for attributebased access control. Using a few simple credential forms, RT provides localized authority over roles, delegation in role definition, linked roles, and parameterized roles. RT also introduces manifold roles, which can be used to express threshold and separation-of-duty policies, and delegation of role activations. We formally define the semantics of credentials in the RT framework by presenting a translation from credentials to Datalog rules. This translation also shows that this semantics is algorithmically tractable. 1
Delegation Logic: A Logic-based Approach to Distributed Authorization
- ACM Transactions on Information and System Security
, 2000
"... We address the problem of authorization in large-scale, open... ..."
Abstract
-
Cited by 243 (14 self)
- Add to MetaCart
(Show Context)
We address the problem of authorization in large-scale, open...
Automated trust negotiation
- In DARPA Information Survivability Conference and Exposition, volume I
, 2000
"... Exchange of attribute credentials is a means to establish mutual trust between strangers wishing to share resources or conduct business transactions. Automated Trust Negotiation (ATN) is an approach to regulate the exchange of sensitive information during this process. It treats credentials as poten ..."
Abstract
-
Cited by 241 (18 self)
- Add to MetaCart
Exchange of attribute credentials is a means to establish mutual trust between strangers wishing to share resources or conduct business transactions. Automated Trust Negotiation (ATN) is an approach to regulate the exchange of sensitive information during this process. It treats credentials as potentially sensitive resources, access to which is under policy control. Negotiations that correctly enforce policies have been called “safe ” in the literature. Prior work on ATN lacks an adequate definition of this safety notion. In large part, this is because fundamental questions such as “what needs to be protected in ATN? ” and “what are the security requirements? ” are not adequately answered. As a result, many prior methods of ATN have serious security holes. We introduce a formal framework for ATN in which we give precise, usable, and intuitive definitions of correct enforcement of policies in ATN. We argue that our chief safety notion captures intuitive security goals. We give precise comparisons of this notion with two alternative safety notions that may seem intuitive, but that are seen to be inadequate under closer inspection. We prove that an approach to ATN from the literature meets the requirements set forth in the preferred safety definition, thus
Design and Implementation of the idemix Anonymous Credential System
, 2002
"... Anonymous credential systems [8, 9, 12, 24] allow anonymous yet authenticated and accountable transactions between users and service providers. As such, they represent a powerful technique for protecting users' privacy when conducting Internet transactions. In this paper, we describe the design ..."
Abstract
-
Cited by 162 (12 self)
- Add to MetaCart
Anonymous credential systems [8, 9, 12, 24] allow anonymous yet authenticated and accountable transactions between users and service providers. As such, they represent a powerful technique for protecting users' privacy when conducting Internet transactions. In this paper, we describe the design and implementation of an anonymous credential system based on the protocols developed by [6]. The system is based on new high-level primitives and interfaces allowing for easy integration into access control systems. The prototype was realized in Java. We demonstrate its use and some deployment issues with the description of an operational demonstration scenario.
Supporting Structured Credentials and Sensitive Policies through Interoperable Strategies for Automated Trust Negotiation
- ACM TRANSACTIONS ON INFORMATION AND SYSTEM SECURITY
, 2003
"... ... this paper we provide the formal underpinnings for that goal, by formalizing the concepts of negotiation protocols, strategies, and interoperation. We show how to model the information flow of a negotiation, for use in analyzing strategy interoperation. We also present two large sets of strategi ..."
Abstract
-
Cited by 156 (22 self)
- Add to MetaCart
... this paper we provide the formal underpinnings for that goal, by formalizing the concepts of negotiation protocols, strategies, and interoperation. We show how to model the information flow of a negotiation, for use in analyzing strategy interoperation. We also present two large sets of strategies whose members all interoperate with one another, and show that these sets contain many practical strategies. We develop the theory both for black-box propositional credentials and credentials with internal structure, and for access control policies whose contents are (resp. are not) sensitive. We also discuss how these results fit into TrustBuilder, our prototype system for trust negotiation
RT: A Role-based Trust-management Framework
, 2003
"... The RT Role-based Trust-management framework provides policy language, semantics, deduction engine, and pragmatic features such as application domain specification documents that help distributed users maintain consistent use of policy terms. This paper provides a general overview of the framework, ..."
Abstract
-
Cited by 143 (7 self)
- Add to MetaCart
The RT Role-based Trust-management framework provides policy language, semantics, deduction engine, and pragmatic features such as application domain specification documents that help distributed users maintain consistent use of policy terms. This paper provides a general overview of the framework, combining some aspects described in previous publications with recent improvements and explanation of motivating applications.
A Survey of Trust in Computer Science and the Semantic Web
, 2007
"... Trust is an integral component in many kinds of human interaction, allowing people to act under uncertainty and with the risk of negative consequences. For example, exchanging money for a service, giving access to your property, and choosing between conflicting sources of information all may utilize ..."
Abstract
-
Cited by 142 (3 self)
- Add to MetaCart
Trust is an integral component in many kinds of human interaction, allowing people to act under uncertainty and with the risk of negative consequences. For example, exchanging money for a service, giving access to your property, and choosing between conflicting sources of information all may utilize some form of trust. In computer science, trust is a widelyused term whose definition differs among researchers and application areas. Trust is an essential component of the vision for the Semantic Web, where both new problems and new applications of trust are being studied. This paper gives an overview of existing trust research in computer science and the Semantic Web.
Datalog with Constraints: A Foundation for Trust Management Languages
- In PADL ’03: Proceedings of the 5th International Symposium on Practical Aspects of Declarative Languages
, 2003
"... Trust management (TM) is a promising approach for authorization and access control in distributed systems, based on signed distributed policy statements expressed in a policy language. Although several TM languages are semantically equivalent to subsets of Datalog, Datalog is not su#ciently expr ..."
Abstract
-
Cited by 121 (11 self)
- Add to MetaCart
Trust management (TM) is a promising approach for authorization and access control in distributed systems, based on signed distributed policy statements expressed in a policy language. Although several TM languages are semantically equivalent to subsets of Datalog, Datalog is not su#ciently expressive for fine-grained control of structured resources. We define the class of linearly decomposable unary constraint domains, prove that Datalog extended with constraints in any combination of such constraint domains is tractable, and show that permissions associated with structured resources fall into this class. We also present a concrete declarative TM language, RT 1 , based on constraint Datalog, and use constraint Datalog to analyze another TM system, KeyNote, which turns out to be less expressive than RT 1 in significant respects, yet less tractable in the worst case. Although constraint Datalog has been studied in the context of constraint databases, TM applications involve di#erent kinds of constraint domains and have different computational complexity requirements.
Towards practical automated trust negotiation
- In Proceedings of the Third International Workshop on Policies for Distributed Systems and Networks (Policy 2002
, 2002
"... Exchange of attribute credentials is a means to establish mutual trust between strangers that wish to share resources or conduct business transactions. Automated Trust Negotiation (ATN) is an approach to regulate the exchange of sensitive credentials by using access control policies. Existing ATN wo ..."
Abstract
-
Cited by 106 (12 self)
- Add to MetaCart
(Show Context)
Exchange of attribute credentials is a means to establish mutual trust between strangers that wish to share resources or conduct business transactions. Automated Trust Negotiation (ATN) is an approach to regulate the exchange of sensitive credentials by using access control policies. Existing ATN work makes unrealistic simplifying assumptions about credential-representation languages and credential storage. Moreover, while existing work protects the transmission of credentials, it fails to hide the contents of credentials, thus providing uncontrolled access to potentially sensitive attributes. To protect information about sensitive attributes, we introduce the notion of attribute acknowledgment policies (Ack policies). We then introduce the trust target graph (TTG) protocol, which supports a more realistic credential language, Ack policies, and distributed storage of credentials. 1
Driving and Monitoring Provisional Trust Negotiation with Metapolicies
- In Sixth IEEE International Workshop on Policies for Distributed Systems and Networks
, 2005
"... We introduce the provisional trust negotiation framework PROTUNE, for combining distributed trust management policies with provisional-style business rules and accesscontrol related actions. The framework features a powerful declarative metalanguage for driving some critical negotiation decisions, a ..."
Abstract
-
Cited by 94 (33 self)
- Add to MetaCart
(Show Context)
We introduce the provisional trust negotiation framework PROTUNE, for combining distributed trust management policies with provisional-style business rules and accesscontrol related actions. The framework features a powerful declarative metalanguage for driving some critical negotiation decisions, and integrity constraints for monitoring negotiations and credential disclosure. 1
