Abstract
Trust management (TM) is a promising approach for authorization and access control in distributed systems, based on signed distributed policy statements expressed in a policy language. Although several TM languages are semantically equivalent to subsets of Datalog, Datalog is not suffciently expressive for ifne-grained control of structured resources. We define the class of linearly decomposable unary constraint domains, prove that Datalog extended with constraints in any combination of such constraint domains is tractable, and show that permissions associated with structured resources fall into this class. We also present a concrete declarative TM language, RT C 1 , based on constraint Datalog, and use constraint Datalog to analyze another TM system, KeyNote, which turns out to be less expressive than RT C 1 in significant respects, yet less tractable in the worst case. Although constraint Datalog has been studied in the context of constraint databases, TM applications involve different kinds of constraint domains and have different computational complexity requirements.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Olav Bandmann and Mads Dam. A note on SPKI’s authorization syntax. In Pre-Proceedings of 1st Annual PKI Research Workshop, April 2002. Available from http://www.cs.dartmouth.edu/~pki02/.
Elisa Bertino, Claudio Bettini, Elena Ferrari, and Pierangela Samarati. An access control model supporting periodicity constraints and temporal reasoning. ACM Transactions on Database Systems, 23(3):231–285, 1998.
Matt Blaze, Joan Feigenbaum, John Ioannidis, and Angelos D. Keromytis. The KeyNote trust-management system, version 2. IETF RFC 2704, September 1999.
Matt Blaze, Joan Feigenbaum, and Jack Lacy. Decentralized trust management. In Proceedings of the 1996 IEEE Symposium on Security and Privacy, pages 164–173. IEEE Computer Society Press, May 1996.
Jan Chomicki, Dina Goldin, Gabriel Kuper, and David Toman. Variable independence in constraint databases, November 2001. In final review for IEEE Transactions on Knowledge and Data Engineering.
John DeTreville. Binder, a logic-based security language. In Proceedings of the 2002 IEEE Symposium on Security and Privacy, pages 105–113. IEEE Computer Society Press, May 2002.
Carl Ellison, Bill Frantz, Butler Lampson, Ron Rivest, Brian Thomas, and Tatu Ylonen. SPKI certificate theory. IETF RFC 2693, September 1999.
Jonathan R. Howell. Naming and sharing resources acroos administrative boundaries. PhD thesis, Dartmouth College, May 2000.
Joxan Jaffar and Michael J. Maher. Constraint logic programming: A survey. Journal of Logic Programming, 19/20:503–580, 1994.
Trevor Jim. SD3: A trust management system with certified evaluation. In Proceedings of the 2001 IEEE Symposium on Security and Privacy, pages 106–115. IEEE Computer Society Press, May 2001.
Paris C. Kanellakis, Gabriel M. Kuper, and Peter Z. Revesz. Constraint query languages. Journal of Computer and System Sciences, 51(1):26–52, August 1995. Preliminary version appeared in Proceedings of the 9th ACM Symposium on Principles of Database Systems (PODS), 1990.
Gabriel Kuper, Leonid Libkin, and Jan Paredaens, editors. Constraint Databases. Springer, 2000.
Ninghui Li, Benjamin N. Grosof, and Joan Feigenbaum. A practically implementable and tractable Delegation Logic. In Proceedings of the 2000 IEEE Symposium on Security and Privacy, pages 27–42. IEEE Computer Society Press, May 2000.
Ninghui Li, Benjamin N. Grosof, and Joan Feigenbaum. Delegation Logic: A logicbased approach to distributed authorization. ACM Transaction on Information and System Security (TISSEC), February 2003. To appear.
Ninghui Li, John C. Mitchell, and William H. Winsborough. Design of a rolebased trust management framework. In Proceedings of the 2002 IEEE Symposium on Security and Privacy, pages 114–130. IEEE Computer Society Press, May 2002.
Ninghui Li, William H. Winsborough, and John C. Mitchell. Distributed credential chain discovery in trust management. To appear in Journal of Computer Security. Extended abstract appeared in Proceedings of the Eighth ACM Conference on Computer and Communications Security (CCS-8), November 2001.
Yuri V. Matiyasevich. Hilbert’s Tenth Problem. The MIT Press, 1993.
Peter Z. Revesz. Constraint databases: A survey. In L. Libkin and B. Thalheim, editors, Semantics in Databases, number 1358 in LNCS, pages 209–246. Springer, 1998.
Peter Z. Revesz. Safe Datalog queries with linear constraints. In Proceedings of the 4th International Conference on Principles and Practice of Constraint Programming (CP98), number 1520 in LNCS. Springer, 1998.
David Toman. Memoing evaluation for constraint extensions of Datalog. Constraints: An International Journal, 2:337–359, 1997.
David Toman and Jan Chomicki. Datalog with integer periodicity constraints. Journal of Logic programming, 35:263–290, 1994.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Li, N., Mitchell, J.C. (2003). Datalog with Constraints: A Foundation for Trust Management Languages. In: Dahl, V., Wadler, P. (eds) Practical Aspects of Declarative Languages. PADL 2003. Lecture Notes in Computer Science, vol 2562. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-36388-2_6
Download citation
DOI: https://doi.org/10.1007/3-540-36388-2_6
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-00389-2
Online ISBN: 978-3-540-36388-0
eBook Packages: Springer Book Archive