Abstract
Trust-management subjects face the problem of discovering credential chain. In this paper, the distributed credential chain discovery algorithms in trust-management with parameterized roles are proposed. The algorithms extend the RT0’s and are goal-oriented also. Based on the concept of parameterized roles in RT1, they search the credential graph via the constant matching and variable solving mechanisms. The algorithms can perform chain discovery in most trust-management systems and can support the protection of access control policies during automated trust negotiation. Soundness and completeness of the algorithms are given.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Blaze, M., Feigenbaum, J., Lacy, J.: Decentralized trust management. In: Proceedings of the 17th Symposium of Security and Privacy, pp. 164–173. IEEE CS Press, Los Alamitos (1996)
Blaze, M., Feigenbaum, J., Ioannidis, J., Keromytis, A.: The KeyNote trust-management version 2. IETF RFC 2704 (September 1999)
Clarke, D., Elien, J.E., Ellison, C., Fredette, M., Morcos, A., Rivest, R.L.: Certificate chain discovery in SPKI/SDSI. Journal of Computer Security 9(4), 285–322 (2001)
Ellison, C., Frantz, B., Lampson, B., Rivest, R., Thomas, B., Ylonen, T.: SPKI certificate theory. IETF RFC 2693 (September 1999)
Li, N., Mitchel, J.C., Winsborough, W.H.: Design of a role-based trust-management framework. In: Proceedings of he 2002 IEEE Symposium on Security and Privacy, pp. 114–130. IEEE Computer Society Press, Los Alamitos (2002)
Li, N., Winsborough, W.H., Mitchell, J.C.: Distributed credential chain discovery in trust management. Journal of Computer Security 11(1), 35–86 (2003)
Li, N., Mitchell, J.C.: Datalog with constraints: A foundation for trust-management languages. In: Dahl, V., Wadler, P. (eds.) PADL 2003. LNCS, vol. 2562, pp. 58–73. Springer, Heidelberg (2002)
Jim, T.: SD3: a trust management system with certificate evaluation. In: Proceedings of the 2001 IEEE Symposium on Security and Privacy, pp. 106–115. IEEE Computer Society Press, Los Alamitos (2001)
Huachu, Y., Feigenbaum, J., LaMacchia, B., Resnick, P., Strauss, M.: REFEREE: Trust management for web applications. The World Wide Web Journal 2(3), 127–139 (1997)
Herzberg, A., Mass, Y., Michaeli, J., Naor, D., Ravid, Y.: Access contorl meets public key infrastructure, or: Assigning roles to strangers. In: IEEE Symposium on Security and Privacy (May 2000)
Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. IEEE Computer 29(2), 38–47 (1996)
Yao, W., Moody, K., Bacon, J.: A model of OASIS role-based access control and its support of active security. ACM Transactions on Information and System Security 5(4) (2002)
Giuri, L., Iglio, P.: Role templates for content-based access control. In: Proceedings of the Second ACM Workshop on Role-Based Access Control (RBAC 1997), November 1997, pp. 153–159 (1997)
Li, N., Winsborough, W.H., Mitchell, J.C.: Beyond proof-of-compliance: safety and availability analysis in trust management. In: Proceedings of the 2003 IEEE Symposium on Security and Privacy, pp. 123–139. IEEE Computer Society Press, Los Alamitos (2003)
Winsborough, W.H., Li, N.: Towards practical automated trust negotiation. In: Proceedings of the 3rd IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY 2002), pp. 92–103 (2002)
Seamons, K., Winslett, M., Yu, T.: Limiting the disclosure of access control policies during automated trust negotiation. In: Network and Distributed System Security Symposium, NDSS 2001 (2001)
Becker, M.Y., Sewell, P.: Cassandra: Distributed access control policies with tunable expressiveness. In: Proceedings of the Fifth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY 2004), pp. 159–168. IEEE Computer Society Press, Los Alamitos (2004); Appendix: Springer-Author Discount
Zhu, X., Wang, S., Hong, F., Liao, J.: Distributed credential chain discovery in trust-management with parameterized roles (2005), ftp://211.69.196.141/pub
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Zhu, X., Wang, S., Hong, F., Liao, J. (2005). Distributed Credential Chain Discovery in Trust-Management with Parameterized Roles. In: Desmedt, Y.G., Wang, H., Mu, Y., Li, Y. (eds) Cryptology and Network Security. CANS 2005. Lecture Notes in Computer Science, vol 3810. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11599371_27
Download citation
DOI: https://doi.org/10.1007/11599371_27
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-30849-2
Online ISBN: 978-3-540-32298-6
eBook Packages: Computer ScienceComputer Science (R0)