ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Information carrying identity proof trees
Full text PdfPdf (208 KB)
Source
Workshop On Privacy In The Electronic Society archive
Proceedings of the 2007 ACM workshop on Privacy in electronic society table of contents
Alexandria, Virginia, USA
SESSION: Short papers table of contents
Pages: 76 - 79  
Year of Publication: 2007
ISBN:978-1-59593-883-1
Authors
Wiliam H. Winsborough  University of Texas at San Antonio, San Antonio, TX
Anna C. Squicciarini  Purdue University, West Lafayette, IN
Elisa Bertino  Purdue University, West Lafayette, IN
Sponsors
SIGSAC: ACM Special Interest Group on Security, Audit, and Control
ACM: Association for Computing Machinery
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 5,   Downloads (12 Months): 41,   Citation Count: 0
Additional Information:

abstract   references   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1314333.1314348
What is a DOI?

ABSTRACT

In open systems, the verification of properties of subjects is crucial for authorization purposes. Very often access to resources is based on policies that express (possibly complex) requirements in terms of what are referred to variously as identity properties, attributes, or characteristics of the subject. In this paper we provide an approach that an entity called a verifier can use to evaluate queries about properties of a subject requesting resources that are relevent deciding whether the requested action is authorized. Specifically, we contribute techniques that enable reuse of previously computed query results. We consider issues related to temporal validity as well as issues related to confidentiality when one entity reuses query results computed by another entity. We employ constraint logic programming as the foundation of our policy rules and query evaluation. This provides a very general, flexible basis, and enable our work to be applied more or less directly to several existing policy frameworks. The process of evaluation of a query against a subject identity is traced through a structure, referred to as identity proof tree, that carries all information proving that a policy requirement is met.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

1
Steve Barker , Peter J. Stuckey, Flexible access control policy specification with constraint logic programming, ACM Transactions on Information and System Security (TISSEC), v.6 n.4, p.501-546, November 2003  [doi>10.1145/950191.950194]
 
2
Cassandra: Distributed Access Control Policies with Tunable Expressiveness, Proceedings of the Fifth IEEE International Workshop on Policies for Distributed Systems and Networks, p.159, June 07-09, 2004
 
3
Trevor Jim, SD3: A Trust Management System with Certified Evaluation, Proceedings of the 2001 IEEE Symposium on Security and Privacy, p.106, May 14-16, 2001
4
Jiangtao Li , Ninghui Li , William H. Winsborough, Automated trust negotiation using cryptographic credentials, Proceedings of the 12th ACM conference on Computer and communications security, November 07-11, 2005, Alexandria, VA, USA  [doi>10.1145/1102120.1102129]
5
Ninghui Li , Benjamin N. Grosof , Joan Feigenbaum, Delegation logic: A logic-based approach to distributed authorization, ACM Transactions on Information and System Security (TISSEC), v.6 n.1, p.128-171, February 2003  [doi>10.1145/605434.605438]
 
6
Ninghui Li , John C. Mitchell, DATALOG with Constraints: A Foundation for Trust Management Languages, Proceedings of the 5th International Symposium on Practical Aspects of Declarative Languages, p.58-73, January 13-14, 2003
 
7
Kazuhiro Minami , David Kotz, Secure Context-Sensitive Authorization, Proceedings of the Third IEEE International Conference on Pervasive Computing and Communications, p.257-268, March 08-12, 2005  [doi>10.1109/PERCOM.2005.37]
 
8
Leon Sterling , Ehud Shapiro, The art of Prolog: advanced programming techniques, MIT Press, Cambridge, MA, 1986
 
9
W. H. Winsborough, A. C. Squicciarini, and E. Bertino. Information Carrying Identity Proof Trees. Department of Computer Science Technical Report, Purdue University, August, 2007.

INDEX TERMS

Primary Classification:
  D. Software
  D.4 OPERATING SYSTEMS
      D.4.6 Security and Protection
          Subjects: Access controls

Additional Classification:
  D. Software
  D.4 OPERATING SYSTEMS
      D.4.6 Security and Protection
          Subjects: Authentication

  K. Computing Milieux
  K.6 MANAGEMENT OF COMPUTING AND INFORMATION SYSTEMS
      K.6.4 System Management
          Subjects: Centralization/decentralization


General Terms:
Security


Keywords:
identity proof, identity provenance, validation

Collaborative Colleagues:
Wiliam H. Winsborough: colleagues
Anna C. Squicciarini: colleagues
Elisa Bertino: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player