Abstract
We propose an approach to placing usage-constraints on RT credentials; issuers specify constraints by designing non-deterministic finite automata. We show by examples that this approach can express constraints of practical interest. We present a compliance checker in the presence of usage-constraints, especially for trust negotiation systems. Given an RT policy, the checker is able to find all minimal satisfying sets, each of which uses credentials in a way consistent with given constraints. The checker leverages answer set programming, a declarative logic programming paradigm, to model and solve the problem. We also show preliminary experimental results: supporting usage-constraints on credentials incurs affordable overheads and the checker responds efficiently.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Baral, C.: Knowledge Representation, Reasoning and Declarative Problem Solving. Cambridge University Press (2003)
Bauer, L., Garriss, S., Reiter, M.K.: Distributed proving in access-control systems. In: IEEE Symposium on Security and Privacy, pp. 81–95 (2005)
Bauer, L., Jia, L., Sharma, D.: Constraining credential usage in logic-based access control. In: CSF, pp. 154–168 (2010)
Becker, M.Y.: Information flow in credential systems. In: CSF, pp. 171–185 (2010)
Huth, M., Ryan, M.: Logic in Computer Science: modelling and reasoning about systems. Cambridge University Press (2004)
Lee, A.J., Winslett, M.: Towards an efficient and language-agnostic compliance checker for trust negotiation systems. In: ASIACCS, pp. 228–239 (2008)
Li, J., Li, N., Winsborough, W.H.: Automated trust negotiation using cryptographic credentials. ACM Trans. Inf. Syst. Secur. 13(1) (2009)
Li, N., Mitchell, J.C., Winsborough, W.H.: Design of a role-based trust-management framework. In: IEEE Symposium on Security and Privacy, pp. 114–130 (2002)
Seamons, K.E., Winslett, M., Yu, T., Smith, B., Child, E., Jacobson, J., Mills, H., Yu, L.: Requirements for policy languages for trust negotiation. In: POLICY, pp. 68–79 (2002)
Sipser, M.: Introduction to the Theory of Computation (2005)
Smith, B., Seamons, K.E., Jones, M.D.: Responding to policies at runtime in trustbuilder. In: POLICY, pp. 149–158 (2004)
Winsborough, W.H., Li, N.: Towards practical automated trust negotiation. In: POLICY, pp. 92–103 (2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Hu, J., Khan, K.M., Bai, Y., Zhang, Y. (2012). Compliance Checking for Usage-Constrained Credentials in Trust Negotiation Systems. In: Gollmann, D., Freiling, F.C. (eds) Information Security. ISC 2012. Lecture Notes in Computer Science, vol 7483. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-33383-5_18
Download citation
DOI: https://doi.org/10.1007/978-3-642-33383-5_18
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-33382-8
Online ISBN: 978-3-642-33383-5
eBook Packages: Computer ScienceComputer Science (R0)