Authorization in trust management

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Authorization in trust management: Features and foundations

Full text

Pdf (446 KB)

Source

ACM Computing Surveys (CSUR) archive
Volume 40 , Issue 3 (August 2008) table of contents

Article No. 9

Year of Publication: 2008

ISSN:0360-0300

Authors

Peter C. Chapin	University of Vermont, Burlington, VT
Christian Skalka	University of Vermont, Burlington, VT
X. Sean Wang	University of Vermont, Burlington, VT

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 67, Downloads (12 Months): 852, Citation Count: 0

Additional Information:

abstract references index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1380584.1380587 What is a DOI?

ABSTRACT

Trust management systems are frameworks for authorization in modern distributed systems, allowing remotely accessible resources to be protected by providers. By allowing providers to specify policy, and access requesters to possess certain access rights, trust management automates the process of determining whether access should be allowed on the basis of policy, rights, and an authorization semantics. In this paper we survey modern state-of-the-art in trust management authorization, focusing on features of policy and rights languages that provide the necessary expressiveness for modern practice. We characterize systems in light of a generic structure that takes into account components of practical implementations. We emphasize systems that have a formal foundation, since security properties of them can be rigorously guaranteed. Underlying formalisms are reviewed to provide necessary background.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Martín Abadi, On SDSI's linked local name spaces, Journal of Computer Security, v.6 n.1-2, p.3-21, Sept. 1998
	2	Martín Abadi, Logic in Access Control, Proceedings of the 18th Annual IEEE Symposium on Logic in Computer Science, p.228, June 22-25, 2003
	3	Martín Abadi , Michael Burrows , Butler Lampson , Gordon Plotkin, A calculus for access control in distributed systems, ACM Transactions on Programming Languages and Systems (TOPLAS), v.15 n.4, p.706-734, Sept. 1993 [doi>10.1145/155183.155225]
	4	Sameer Ajmani , Dwaine E. Clarke , Chuang-Hue Moh , Steven Richman, ConChord: Cooperative SDSI Certificate Storage and Name Resolution, Revised Papers from the First International Workshop on Peer-to-Peer Systems, p.141-154, March 07-08, 2002
	5	Andrew W. Appel , Edward W. Felten, Proof-carrying authentication, Proceedings of the 6th ACM conference on Computer and communications security, p.52-62, November 01-04, 1999, Kent Ridge Digital Labs, Singapore [doi>10.1145/319709.319718]
	6	Jean Bacon , Ken Moody , Walt Yao, A model of OASIS role-based access control and its support for active security, ACM Transactions on Information and System Security (TISSEC), v.5 n.4, p.492-540, November 2002 [doi>10.1145/581271.581276]
	7	Ljudevit Bauer , Andrew W. Appel, Access control for the web via proof-carrying authorization, Princeton University, Princeton, NJ, 2003
	8	Lujo Bauer , Michael A. Schneider , Edward W. Felten, A General and Flexible Access-Control System for the Web, Proceedings of the 11th USENIX Security Symposium, p.93-108, August 05-09, 2002
	9	Becker, M. Y. 2005. Cassandra: Flexible trust management and its application to electronic health records. Tech. rep. 648, University of Cambridge.
	10	Cassandra: Distributed Access Control Policies with Tunable Expressiveness, Proceedings of the Fifth IEEE International Workshop on Policies for Distributed Systems and Networks, p.159, June 07-09, 2004
	11	Moritz Y. Becker , Peter Sewell, Cassandra: Flexible Trust Management, Applied to Electronic Health Records, Proceedings of the 17th IEEE workshop on Computer Security Foundations, p.139, June 28-30, 2004 [doi>10.1109/CSFW.2004.7]
	12	Elisa Bertino , Barbara Catania , Elena Ferrari , Paolo Perlasca, A logical framework for reasoning about access control models, ACM Transactions on Information and System Security (TISSEC), v.6 n.1, p.71-127, February 2003 [doi>10.1145/605434.605437]
	13	M. Blaze , J. Feigenbaum , J. Ioannidis , A. Keromytis, The KeyNote Trust-Management System Version 2, RFC Editor, 1999
	14	Matt Blaze , Joan Feigenbaum , John Ioannidis , Angelos D. Keromytis, The role of trust management in distributed systems security, Secure Internet programming: security issues for mobile and distributed objects, Springer-Verlag, London, 2001
	15	Matt Blaze , Joan Feigenbaum , Jack Lacy, Decentralized Trust Management, Proceedings of the 1996 IEEE Symposium on Security and Privacy, p.164, May 06-08, 1996
	16	Matt Blaze , Joan Feigenbaum , Martin Strauss, Compliance Checking in the PolicyMaker Trust Management System, Proceedings of the Second International Conference on Financial Cryptography, p.254-274, February 23-25, 1998
	17	Trust management for IPsec, ACM Transactions on Information and System Security (TISSEC), v.5 n.2, p.95-118, May 2002 [doi>10.1145/505586.505587]
	18	Blaze, M., Ioannidis, J., and Keromytis, A. D. 2003. Experience with the keynote trust management system: Applications and future directions. In Proceedings of the 1st International Conference on Trust Management. Springer-Verlag, 284--300.
	19	Bonatti, P. and Olmedilla, D. 2005a. Policy language specification. REWERSE Deliverable I2-D2, http://rewerse.net/deliverables.html.
	20	Piero Bonatti , Pierangela Samarati, Regulating service access and information release on the Web, Proceedings of the 7th ACM conference on Computer and communications security, p.134-143, November 01-04, 2000, Athens, Greece [doi>10.1145/352600.352620]
	21	Piero A. Bonatti , Pierangela Samarati, A uniform framework for regulating service access and information release on the web, Journal of Computer Security, v.10 n.3, p.241-271, 2002
	22	Bonatti, P. and Samarati, P. 2003. Logics for authorizations and security. In Logics for Emerging Applications of Databases, J. Chomicki, R. van der Meyden, and G. Saake, Eds. Springer-Verlag.
	23	Piero Bonatti , Daniel Olmedilla, Driving and Monitoring Provisional Trust Negotiation with Metapolicies, Proceedings of the Sixth IEEE International Workshop on Policies for Distributed Systems and Networks, p.14-23, June 06-08, 2005 [doi>10.1109/POLICY.2005.13]
	24	Bonatti, P. A., Olmedilla, D., and Peer, J. 2006. Advanced policy queries. In Proceedings of the 17th European Conference on Artificial Intelligence. IOS Press, 200--204.
	25	Michael Burrows , Martin Abadi , Roger Needham, A logic of authentication, ACM Transactions on Computer Systems (TOCS), v.8 n.1, p.18-36, Feb. 1990 [doi>10.1145/77648.77649]
	26	Yang-Hua Chu , Joan Feigenbaum , Brian LaMacchia , Paul Resnick , Martin Strauss, Referee: trust management for Web applications, World Wide Web Journal, v.2 n.3, p.127-139, Summer 1997
	27	Dwaine Clarke , Jean-Emile Elien , Carl Ellison , Matt Fredette , Alexander Morcos , Ronald L. Rivest, Certificate chain discovery in SPKI?SDSI, Journal of Computer Security, v.9 n.4, p.285-322, January 2001
	28	John DeTreville, Binder, a Logic-Based Security Language, Proceedings of the 2002 IEEE Symposium on Security and Privacy, p.105, May 12-15, 2002
	29	DeTreville, J. 2002b. Making certificates programmable. In Proceedings of the 1st Annual PKI Workshop. Hanover, NH.
	30	Nathan Dimmock , András Belokosztolszki , David Eyers , Jean Bacon , Ken Moody, Using trust and risk in role-based access control policies, Proceedings of the ninth ACM symposium on Access control models and technologies, June 02-04, 2004, Yorktown Heights, New York, USA [doi>10.1145/990036.990062]
	31	Thomas Eiter , Georg Gottlob , Heikki Mannila, Disjunctive datalog, ACM Transactions on Database Systems (TODS), v.22 n.3, p.364-418, Sept. 1997 [doi>10.1145/261124.261126]
	32	C. Ellison , B. Frantz , B. Lampson , R. Rivest , B. Thomas , T. Ylonen, SPKI Certificate Theory, RFC Editor, 1999
	33	Ferraiolo, D. and Kuhn, R. 1992. Role-based access controls. In 15th NIST-NCSC National Computer Security Conference. 554--563.
	34	Gavriloaie, R., Nejdl, W., Olmedilla, D., Seamons, K. E., and Winslett, M. 2004. No registration needed: How to use declarative policies and negotiation to access sensitive resources on the semantic Web. In Proceedings of the 1st European Semantic Web Symposium. Lecture Notes in Computer Science, vol. 3053. Springer, 342--356.
	35	Gunter, C. A. and Jim, T. 1997. Design of an application-level security infrastructure. In Proceedings of the DIMACS Workshop on Design and Formal Verification of Security Protocols.
	36	Carl A. Gunter , Trevor Jim, Generalized certificate revocation, Proceedings of the 27th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, p.316-329, January 19-21, 2000, Boston, MA, USA [doi>10.1145/325694.325736]
	37	Carl A. Gunter , Trevor Jim, Policy-directed certificate retrieval, Software—Practice & Experience, v.30 n.15, p.1609-1640, Dec. 2000 [doi>10.1002/1097-024X(200012)30:15<1609::AID-SPE334>3.0.CO;2-5]
	38	Gunter, C. A., Jim, T., and Wang, B.-Y. 1997. Authenticated data distribution using query certificate managers. unpublished extended abstract.
	39	Joseph Y. Halpern , Ron Van der Meyden, A Logic for SDSI's Linked Local Name Spaces: Preliminary Version, Proceedings of the 12th IEEE workshop on Computer Security Foundations, p.111, June 28-30, 1999
	40	Joseph Y. Halpern , Ron Van der Meyden, A Logical Reconstruction of SPKI, Proceedings of the 14th IEEE workshop on Computer Security Foundations, p.59, June 11-13, 2001
	41	Hayton, R. J., Bacon, J. M., and Moody, K. 1998. OASIS: Access control in an open distributed environment. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE Computer Society Press, 3--14.
	42	Amir Herzberg , Yosi Mass , Joris Michaeli , Yiftach Ravid , Dalit Naor, Access Control Meets Public Key Infrastructure, Or: Assigning Roles to Strangers, Proceedings of the 2000 IEEE Symposium on Security and Privacy, p.2, May 14-17, 2000
	43	John A. Hine , Walt Yao , Jean Bacon , Ken Moody, An architecture for distributed OASIS services, IFIP/ACM International Conference on Distributed systems platforms, p.104-120, April 03-07, 2000, New York, New York, United States
	44	Jonathan R. Howell , David Kotz, Naming and sharing resources across administrative boundaries, Dartmouth College, Hanover, NH, 2000
	45	Jon Howell , David Kotz, A Formal Semantics for SPKI, Dartmouth College, Hanover, NH, 2000
	46	International Telecommunications Union. 2000. Information Technology—Open Systems Interconnection—The Directory: Public Key and Attribute Certificate Frameworks. International Telecommunications Union.
	47	International Telecommunications Union 2001. Information Technology—Open Systems Interconnection—The Directory: Overview of Concepts, Models, and Services. International Telecommunications Union.
	48	Jaffar, J. and Maher, M. J. 1994. Constraint logic programming: A survey. J. Logic Program. 19/20, 503--581.
	49	Sushil Jajodia , Pierangela Samarati , Maria Luisa Sapino , V. S. Subrahmanian, Flexible support for multiple access control policies, ACM Transactions on Database Systems (TODS), v.26 n.2, p.214-260, June 2001 [doi>10.1145/383891.383894]
	50	S. Jha , T. Reps, Analysis of SPKI/SDSI Certificates Using Model Checking, Proceedings of the 15th IEEE workshop on Computer Security Foundations, p.129, June 24-26, 2002
	51	Trevor Jim, SD3: A Trust Management System with Certified Evaluation, Proceedings of the 2001 IEEE Symposium on Security and Privacy, p.106, May 14-16, 2001
	52	Trevor Jim , Dan Suciu, Dynamically distributed query evaluation, Proceedings of the twentieth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems, p.28-39, May 2001, Santa Barbara, California, United States [doi>10.1145/375551.375557]
	53	Ninghui Li, Local Names in SPKI/SDSI, Proceedings of the 13th IEEE workshop on Computer Security Foundations, p.2, July 03-05, 2000
	54	Ninghui Li , Joan Feigenbaum, Nonmonotonicity, User Interfaces, and Risk Assessment in Certificate Revocation, Proceedings of the 5th International Conference on Financial Cryptography, p.166-177, February 19-22, 2002
	55	Ninghui Li , Benjamin N. Grosof , Joan Feigenbaum, Delegation logic: A logic-based approach to distributed authorization, ACM Transactions on Information and System Security (TISSEC), v.6 n.1, p.128-171, February 2003 [doi>10.1145/605434.605438]
	56	Ninghui Li , C. Mitchell, Understanding SPKI/SDSI using first-order logic, International Journal of Information Security, v.5 n.1, p.48-64, January 2006 [doi>10.1007/s10207-005-0073-0]
	57	Ninghui Li , John C. Mitchell, DATALOG with Constraints: A Foundation for Trust Management Languages, Proceedings of the 5th International Symposium on Practical Aspects of Declarative Languages, p.58-73, January 13-14, 2003
	58	Li, N. and Mitchell, J. C. 2003b. RT: A role-based trust-management framework. In Proceedings of the 3rd DARPA Information Survivability Conference and Exposition. IEEE Computer Society Press, 201--212.
	59	Ninghui Li , John C. Mitchell , William H. Winsborough, Design of a Role-Based Trust-Management Framework, Proceedings of the 2002 IEEE Symposium on Security and Privacy, p.114, May 12-15, 2002
	60	Ninghui Li , John C. Mitchell , William H. Winsborough, Beyond proof-of-compliance: security analysis in trust management, Journal of the ACM (JACM), v.52 n.3, p.474-514, May 2005 [doi>10.1145/1066100.1066103]
	61	Ninghui Li , William H. Winsborough , John C. Mitchell, Distributed credential chain discovery in trust management, Journal of Computer Security, v.11 n.1, p.35-86, February 2003
	62	Liu, Y. D. and Smith, S. 2002. A component security infrastructure. In Proceedings of the Foundations of Computer Security Workshop.
	63	Patrick McDaniel , Aviel D. Rubin, A Response to ''Can We Eliminate Certificate Revocation Lists?'', Proceedings of the 4th International Conference on Financial Cryptography, p.245-258, February 20-24, 2000
	64	George C. Necula, Proof-carrying code, Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, p.106-119, January 15-17, 1997, Paris, France [doi>10.1145/263699.263712]
	65	Nikander, P. and Viljanen, L. 1998. Storing and retrieving internet certificates. In Proceedings of the 3rd Nordic Workshop on Secure IT Systems.
	66	OASIS. 2006a. OASIS eXtensible access control markup language technical committee. http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml.
	67	OASIS. 2006b. OASIS security services technical committee. http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security.
	68	OASIS. 2006c. OASIS Web services security technical committee. http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=wss.
	69	Office of Technology Assessment. 1993. Protecting Privacy in Computerized Medical Information. OTA-TCT-576. U.S. Government Printing Office.
	70	Jeff Polakow , Christian Skalka, Specifying distributed trust management in LolliMon, Proceedings of the 2006 workshop on Programming languages and analysis for security, June 10-10, 2006, Ottawa, Ontario, Canada [doi>10.1145/1134744.1134753]
	71	Paul Resnick , James Miller, PICS: Internet access controls without censorship, Communications of the ACM, v.39 n.10, p.87-93, Oct. 1996 [doi>10.1145/236156.236175]
	72	Ronald L. Rivest, Can We Eliminate Certificate Revocations Lists?, Proceedings of the Second International Conference on Financial Cryptography, p.178-183, February 23-25, 1998
	73	Rivest, R. L. and Lampson, B. 1996a. SDSI—A simple distributed security infrastructure. version 1.0. http://theory.lcs.mit.edu/~rivest/sdsi10.html.
	74	Rivest, R. L. and Lampson, B. 1996b. SDSI—A simple distributed security infrastructure. version 1.1. http://theory.lcs.mit.edu/~rivest/sdsi11.html.
	75	Ravi S. Sandhu , Edward J. Coyne , Hal L. Feinstein , Charles E. Youman, Role-Based Access Control Models, Computer, v.29 n.2, p.38-47, February 1996 [doi>10.1109/2.485845]
	76	Seamons, K., Winsborough, W., and Winslett, M. 1997. Internet credential acceptance policies. In Proceedings of the Workshop on Logic Programming for Internet Applications. Leuven, Belgium.
	77	Seamons, K., Winslett, M., and Yu, T. 2001. Limiting the disclosure of access control policies during automated trust negotiation.
	78	K. Seamons , M. Winslett , T. Yu , B. Smith , E. Child , J. Jacobson , H. Mills , L. Yu, Requirements for Policy Languages for Trust Negotiation, Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02), p.68, June 05-07, 2002
	79	Richard Simon , Mary Ellen Zurko, Separation of Duty in Role-based Environments, Proceedings of the 10th IEEE workshop on Computer Security Foundations, p.183, June 10-12, 1997
	80	Christian Skalka , X. Sean Wang , Peter Chapin, Risk management for distributed authorization, Journal of Computer Security, v.15 n.4, p.447-489, September 2007
	81	S. G. Stubblebine, Recent-secure authentication: enforcing revocation in distributed systems, Proceedings of the 1995 IEEE Symposium on Security and Privacy, p.224, May 08-10, 1995
	82	Stuart G. Stubblebine , Rebecca N. Wright, An authentication logic supporting synchronization, revocation, and recency, Proceedings of the 3rd ACM conference on Computer and communications security, p.95-105, March 14-15, 1996, New Delhi, India [doi>10.1145/238168.238195]
	83	David Toman, Memoing Evaluation for Constraint Extensions of Datalog, Constraints, v.2 n.3-4, p.337-359, 1997 [doi>10.1023/A:1009799613661]
	84	Stephen Weeks, Understanding Trust Management Systems, Proceedings of the 2001 IEEE Symposium on Security and Privacy, p.94, May 14-16, 2001
	85	N. Li , W. Winsborough, Towards Practical Automated Trust Negotiation, Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02), p.92, June 05-07, 2002
	86	Winsborough, W. H. and Li, N. 2004. Safety in automated trust negotiation. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE Computer Society, 147.
	87	Winsborough, W. H., Seamons, K. E., and Jones, V. E. 2000. Automated trust negotiation. In Procedings of the DARPA Information Survivability Conference and Exposition. Vol. 1. IEEE Computer Society, 88--102.
	88	Marianne Winslett , Neil Ching , Vicki Jones , Igor Slepchin, Assuring security and privacy for digital library transactions on the Web: client and server security policies, Proceedings of the IEEE international forum on Research and technology advances in digital libraries, p.140-151, May 07-09, 1997, Washington, D.C., United States
	89	Marianne Winslett , Ting Yu , Kent E. Seamons , Adam Hess , Jared Jacobson , Ryan Jarvis , Bryan Smith , Lina Yu, Negotiating Trust on the Web, IEEE Internet Computing, v.6 n.6, p.30-37, November 2002 [doi>10.1109/MIC.2002.1067734]
	90	Edward Wobber , Martín Abadi , Michael Burrows , Butler Lampson, Authentication in the Taos operating system, ACM SIGOPS Operating Systems Review, v.27 n.5, p.256-269, Dec. 1993
	91	Woo, T. Y. C. and Lam, S. S. 1993. Authorizations in distributed systems: A new approach. J. Comput. Secur. 2, 2-3, 107--136.
	92	XSB Inc. 2006. XSB home page. http://xsb.sourceforge.net.
	93	Ting Yu , Xiaosong Ma , Marianne Winslett, PRUNES: an efficient and complete strategy for automated trust negotiation over the Internet, Proceedings of the 7th ACM conference on Computer and communications security, p.210-219, November 01-04, 2000, Athens, Greece [doi>10.1145/352600.352633]
	94	Ting Yu , Marianne Winslett , Kent E. Seamons, Interoperable strategies in automated trust negotiation, Proceedings of the 8th ACM conference on Computer and Communications Security, November 05-08, 2001, Philadelphia, PA, USA [doi>10.1145/501983.502004]