Tools
Sorted by:
Try your query at:
 |
 |
 |
 |
 |
 |
Results 1 - 10
of
340
Decentralized Trust Management
- In Proceedings of the 1996 IEEE Symposium on Security and Privacy
, 1996
"... We identify the trust management problem as a distinct and important component of security in network services. Aspects of the trust management problem include formulating security policies and security credentials, determining whether particular sets of credentials satisfy the relevant policies, an ..."
Abstract
-
Cited by 1025 (24 self)
- Add to MetaCart
approach to trust management, based on a simple language for specifying trusted actions and trust relationships. It also describes a prototype implementation of a new trust management system, called PolicyMaker, that will facilitate the development of security features in a wide range of network services
Safe Kernel Extensions Without Run-Time Checking
- Proc. of OSDI'96
"... Abstract This paper describes a mechanism by which an operating system kernel can determine with certainty that it is safe to execute a binary supplied by an untrusted source. The kernel first defines a safety policy and makes it public. Then, using this policy, an application can provide binaries i ..."
Abstract
-
Cited by 429 (20 self)
- Add to MetaCart
in a special form called proof-carrying code, or simply PCC. Each PCC binary contains, in addition to the native code, a formal proof that the code obeys the safety policy. The kernel can easily validate the proof without using cryptography and without consulting any external trusted entities
Design of a role-based trust management framework
- In Proceedings of the 2002 IEEE Symposium on Security and Privacy
, 2002
"... We introduce the RT framework, a family of Rolebased Trust-management languages for representing policies and credentials in distributed authorization. RT combines the strengths of role-based access control and trustmanagement systems and is especially suitable for attributebased access control. Usi ..."
Abstract
-
Cited by 362 (42 self)
- Add to MetaCart
We introduce the RT framework, a family of Rolebased Trust-management languages for representing policies and credentials in distributed authorization. RT combines the strengths of role-based access control and trustmanagement systems and is especially suitable for attributebased access control
Requirements for policy languages for trust negotiation
- In 3rd International Workshop on Policies for Distributed Systems and Networks
, 2002
"... In open systems like the Internet, traditional approaches to security based on identity do not provide a solution to the problem of establishing trust between strangers, because strangers do not share the same security domain. A new approach to establishing trust between strangers is trust negotiati ..."
Abstract
-
Cited by 81 (8 self)
- Add to MetaCart
describe a model for trust negotiation, focusing on the central role of policies. We delineate requirements for policy languages and runtime systems for trust negotiation, and evaluate four existing policy languages for trust management with respect to those requirements. We conclude with recommendations
REFEREE: Trust Management for Web Applications
"... Digital signatures provide a mechanism for guaranteeing integrity and authenticity of Web content but not more general notions of security or trust. Web-aware applications must permit users to state clearly their own security policies and, of course, must provide the cryptographic tools for manipula ..."
Abstract
-
Cited by 137 (7 self)
- Add to MetaCart
for manipulating digital signatures. This paper describes the REFEREE trust management system for Web applications; REFEREE provides both a general policy-evaluation mechanism for Web clients and servers and a language for specifying trust policies. REFEREE places all trust decisions under explicit policy control
Datalog with Constraints: A Foundation for Trust Management Languages
- In PADL ’03: Proceedings of the 5th International Symposium on Practical Aspects of Declarative Languages
, 2003
"... Trust management (TM) is a promising approach for authorization and access control in distributed systems, based on signed distributed policy statements expressed in a policy language. Although several TM languages are semantically equivalent to subsets of Datalog, Datalog is not su#ciently expr ..."
Abstract
-
Cited by 121 (11 self)
- Add to MetaCart
Trust management (TM) is a promising approach for authorization and access control in distributed systems, based on signed distributed policy statements expressed in a policy language. Although several TM languages are semantically equivalent to subsets of Datalog, Datalog is not su
RT: A Role-based Trust-management Framework
, 2003
"... The RT Role-based Trust-management framework provides policy language, semantics, deduction engine, and pragmatic features such as application domain specification documents that help distributed users maintain consistent use of policy terms. This paper provides a general overview of the framework, ..."
Abstract
-
Cited by 143 (7 self)
- Add to MetaCart
The RT Role-based Trust-management framework provides policy language, semantics, deduction engine, and pragmatic features such as application domain specification documents that help distributed users maintain consistent use of policy terms. This paper provides a general overview of the framework
Access Control Meets Public Key Infrastructure, Or: Assigning Roles to Strangers
- In Proceedings of the 2000 IEEE Symposium on Security and Privacy
, 2000
"... The Internet enables connectivity between many strangers- entities that don't know each other. We present the Trust Policy Language (TPL), used to define the mapping of strangers to predefined business roles, based on certificates issued by third parties. TPL is expressive enough to allow compl ..."
Abstract
-
Cited by 190 (3 self)
- Add to MetaCart
The Internet enables connectivity between many strangers- entities that don't know each other. We present the Trust Policy Language (TPL), used to define the mapping of strangers to predefined business roles, based on certificates issued by third parties. TPL is expressive enough to allow
Cassandra: flexible trust management, applied to electronic health records
- In 17th IEEE Computer Security Foundations Workshop (CSFW
, 2004
"... We study the specification of access control policy in large-scale distributed systems. We present Cassandra, a language and system for expressing policy, and the results of a substantial case study, a security policy for a national Electronic Health Record system, based on the requirements for the ..."
Abstract
-
Cited by 128 (11 self)
- Add to MetaCart
credential-based access control (e.g. between administrative domains); and rules can refer to remote policies (for automatic credential retrieval and trust negotiation). Moreover, the policy language is small, and it has a formal semantics for query evaluation and for the access control engine. For the case
Towards practical automated trust negotiation
- In Proceedings of the Third International Workshop on Policies for Distributed Systems and Networks (Policy 2002
, 2002
"... Exchange of attribute credentials is a means to establish mutual trust between strangers that wish to share resources or conduct business transactions. Automated Trust Negotiation (ATN) is an approach to regulate the exchange of sensitive credentials by using access control policies. Existing ATN wo ..."
Abstract
-
Cited by 106 (12 self)
- Add to MetaCart
Exchange of attribute credentials is a means to establish mutual trust between strangers that wish to share resources or conduct business transactions. Automated Trust Negotiation (ATN) is an approach to regulate the exchange of sensitive credentials by using access control policies. Existing ATN
Results 1 - 10
of
340
