ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Using trust and risk in role-based access control policies
Full text PdfPdf (222 KB)
Source Symposium on Access Control Models and Technologies archive
Proceedings of the ninth ACM symposium on Access control models and technologies table of contents
Yorktown Heights, New York, USA
SESSION: Access management for distributed systems table of contents
Pages: 156 - 162  
Year of Publication: 2004
ISBN:1-58113-872-5
Authors
Nathan Dimmock  University of Cambridge, Cambridge, UK
András Belokosztolszki  University of Cambridge, Cambridge, UK
David Eyers  University of Cambridge, Cambridge, UK
Jean Bacon  University of Cambridge, Cambridge, UK
Ken Moody  University of Cambridge, Cambridge, UK
Sponsors
ACM: Association for Computing Machinery
SIGSAC: ACM Special Interest Group on Security, Audit, and Control
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): ,   Downloads (12 Months): ,   Citation Count: 14
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/990036.990062
What is a DOI?

ABSTRACT

Emerging trust and risk management systems provide a framework for principals to determine whether they will exchange resources, without requiring a complete definition of their credentials and intentions. Most distributed access control architectures have far more rigid policy rules, yet in many respects aim to solve a similar problem. This paper elucidates the similarities between trust management and distributed access control systems by demonstrating how the OASIS access control system and its rôle-based policy language can be extended to make decisions on the basis of trust and risk analyses rather than on the basis of credentials alone. We apply our new model to the prototypical example of a file storage and publication service for the Grid, and test it using our Prolog-based OASIS implementation.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
Alfarez Abdul-Rahman , Stephen Hailes, Supporting Trust in Virtual Communities, Proceedings of the 33rd Hawaii International Conference on System Sciences-Volume 6, p.6007, January 04-07, 2000
2
Karl Aberer , Zoran Despotovic, Managing trust in a peer-2-peer information system, Proceedings of the tenth international conference on Information and knowledge management, October 05-10, 2001, Atlanta, Georgia, USA  [doi>10.1145/502585.502638]
 
3
Ashton Applewhite. Getting the Grid. IEEE Distributed Systems Online, May 2002.
 
4
Jean Bacon , Ken Moody , Walt Yao, Access Control and Trust in the Use of Widely Distributed Services, Proceedings of the IFIP/ACM International Conference on Distributed Systems Platforms Heidelberg, p.295-310, November 12-16, 2001
5
Jean Bacon , Ken Moody , Walt Yao, A model of OASIS role-based access control and its support for active security, ACM Transactions on Information and System Security (TISSEC), v.5 n.4, p.492-540, November 2002  [doi>10.1145/581271.581276]
 
6
Matt Blaze , Joan Feigenbaum , Jack Lacy, Decentralized Trust Management, Proceedings of the 1996 IEEE Symposium on Security and Privacy, p.164, May 06-08, 1996
 
7
Marco Carbone, Mogens Nielsen, and Vladimiro Sassone. A formal model for trust in dynamic networks. Research Series RS-03-04, BRICS, Department of Computer Science, University of Aarhus, January 2003. EU Project SECURE IST-2001-32486 Deliverable 1.1.
 
8
Nathan Dimmock, How much is "enough"? Risk in Trust-Based Access Control, Proceedings of the Twelfth International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises, p.281, June 09-11, 2003
 
9
Tyrone Grandison and Morris Sloman. A survey of trust in internet applications. IEEE Communications Society, Surveys and Tutorials, 3(4), 2000.
 
10
ISO/IEC JTC1/SC22 Working Group. ISO/IEC 9899 - Programming languages - C, 1999.
 
11
Audun Jøsang, A logic for uncertain probabilities, International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems, v.9 n.3, p.279-311, June 2001
 
12
Audun Jøsang, Elizabeth Gray, and Michael Kinateder. Analysing topologies of transitive trust. In Proceedings of the Workshop of Formal Aspects of Security and Trust (FAST), September 2003.
 
13
Lalana Kagal , Tim Finin , Anupam Joshi, Trust-Based Security in Pervasive Computing Environments, Computer, v.34 n.12, p.154-157, December 2001  [doi>10.1109/2.970591]
 
14
Ninghui Li , John C. Mitchell , William H. Winsborough, Design of a Role-Based Trust-Management Framework, Proceedings of the 2002 IEEE Symposium on Security and Privacy, p.114, May 12-15, 2002
 
15
Jean-Marc Seigneur, Stephen Farrell, Christian Damsgaard Jensen, Elizabeth Gray, and Chen Yong. End-to-end trust in pervasive computing starts with recognition. In Proceedings of the First International Conference on Security in Pervasive Computing, 2003.
 
16
Li Xiong and Ling Liu. Building trust in decentralized peer-to-peer electronic communities. In The 5th International Conference on Electronic Commerce Research, October 2002.
 
17
Walt Teh-Ming Yao. Fidelis: A policy-driven trust management framework. In Proc. of the 1st Intern'l Conf. on Trust Management, number 2692 in LNCS. Springer-Verlag, May 2003.
18
Bin Yu , Munindar P. Singh, An evidential model of distributed reputation management, Proceedings of the first international joint conference on Autonomous agents and multiagent systems: part 1, July 15-19, 2002, Bologna, Italy  [doi>10.1145/544741.544809]
 
19
Bharat K. Bhargava , Yuhui Zhong, Authorization Based on Evidence and Trust, Proceedings of the 4th International Conference on Data Warehousing and Knowledge Discovery, p.94-103, September 04-06, 2002

CITED BY  14
Rafae Bhatti , Elisa Bertino , Arif Ghafoor, A Trust-Based Context-Aware Access Control Model for Web-Services, Distributed and Parallel Databases, v.18 n.1, p.83-105, July 2005
Zaid Dwaikat , Francesco Parisi-Presicce, Risky trust: risk-based analysis of software systems, ACM SIGSOFT Software Engineering Notes, v.30 n.4, July 2005
Yanjun Zuo , Brajendra Panda, Component based trust management in the context of a virtual organization, Proceedings of the 2005 ACM symposium on Applied computing, March 13-17, 2005, Santa Fe, New Mexico
Audun Jøsang , Dieter Gollmann , Richard Au, A method for access authorisation through delegation networks, Proceedings of the 2006 Australasian workshops on Grid computing and e-research, p.165-174, January 16-19, 2006, Hobart, Tasmania, Australia
Bader Ali , Wilfred Villegas , Muthucumaru Maheswaran, A trust based approach for protecting user data in social networks, Proceedings of the 2007 conference of the center for advanced studies on Collaborative research, October 22-25, 2007, Richmond Hill, Ontario, Canada
Tsung-Yi Chen , Yuh-Min Chen , Chin-Bin Wang , Hui-Chuan Chu , Huimei Yang, Secure resource sharing on cross-organization collaboration using a novel trust method, Robotics and Computer-Integrated Manufacturing, v.23 n.4, p.421-435, August, 2007
Carlos Sanchez , Le Gruenwald , Mauricio Sanchez, A Monte Carlo framework to evaluate context based security policies in pervasive mobile environments, Proceedings of the 6th ACM international workshop on Data engineering for wireless and mobile access, June 10-10, 2007, Beijing, China
Mohammad Gias Uddin , Mohammad Zulkernine, UMLtrust: towards developing trust-aware software, Proceedings of the 2008 ACM symposium on Applied computing, March 16-20, 2008, Fortaleza, Ceara, Brazil
Mohammad Gias Uddin , Mohammad Zulkernine , Sheikh Iqbal Ahamed, CAT: a context-aware trust model for open and dynamic systems, Proceedings of the 2008 ACM symposium on Applied computing, March 16-20, 2008, Fortaleza, Ceara, Brazil
Peter C. Chapin , Christian Skalka , X. Sean Wang, Authorization in trust management: Features and foundations, ACM Computing Surveys (CSUR), v.40 n.3, p.1-48, August 2008
Zhengping Wu , Alfred C. Weaver, Using web service enhancements to bridge business trust relationships, Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services, October 30-November 01, 2006, Markham, Ontario, Canada
Achim D. Brucker , Helmut Petritsch, Extending access control models with break-glass, Proceedings of the 14th ACM symposium on Access control models and technologies, June 03-05, 2009, Stresa, Italy
Mohammad Gias Uddin , Mohammad Zulkernine, ATM: an automatic trust monitoring algorithm for service software, Proceedings of the 2009 ACM symposium on Applied Computing, March 08-12, 2009, Honolulu, Hawaii
Li Yang , Alma Cemerlic, Integrating Dirichlet reputation into usage control, Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies, April 13-15, 2009, Oak Ridge, Tennessee

INDEX TERMS

Primary Classification:
  C. Computer Systems Organization
  C.2 COMPUTER-COMMUNICATION NETWORKS
      C.2.4 Distributed Systems

Additional Classification:
  D. Software
  D.4 OPERATING SYSTEMS
      D.4.6 Security and Protection
          Subjects: Access controls


General Terms:
Security


Keywords:
OASIS, SECURE, access control, risk, trust

Collaborative Colleagues:
Nathan Dimmock: colleagues
András Belokosztolszki: colleagues
David Eyers: colleagues
Jean Bacon: colleagues
Ken Moody: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player