Skip to main content
SpringerLink
Log in

Selective Disclosure in Datalog-Based Trust Management

  • Conference paper
Book cover Security and Trust Management (STM 2013)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8203))

Included in the following conference series:

  • 691 Accesses

Abstract

Credential-based and policy-based access control, also called trust management, is an elegant solution for access control in open decentralised systems. Existing solutions support very expressive policy languages, but suffer from usability and privacy issues. We present a light extension of Datalog-based trust management that supports both legacy authentication mechanisms and anonymous credentials. We motivate our design decisions and demonstrate the effectiveness of our language through a prototype implementation.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 54.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 72.00
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Lampson, B.W.: Protection. Operating Systems Review 8(1), 18–24 (1974)

    Article  Google Scholar 

  2. Miller, M., Yee, K.P., Shapiro, J., Inc, C.: Capability Myths Demolished. Technical report, Johns Hopkins University Systems Research Laboratory (2003)

    Google Scholar 

  3. Lee, A.J., Winslett, M., Basney, J., Welch, V.: The Traust Authorization Service. ACM Trans. Inf. Syst. Secur. 11(1) (2008)

    Google Scholar 

  4. Blaze, M., Feigenbaum, J., Keromytis, A.D.: The Role of Trust Management in Distributed Systems Security. In: Vitek, J. (ed.) Secure Internet Programming. LNCS, vol. 1603, pp. 185–210. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  5. di Vimercati, S.D.C., Foresti, S., Jajodia, S., Paraboschi, S., Psaila, G., Samarati, P.: Integrating trust management and access control in data-intensive Web applications. TWEB 6(2), 6 (2012)

    Article  Google Scholar 

  6. Brands, S.: Rethinking Public Key Infrastructures and Digital Certificates. MIT Press (2000)

    Google Scholar 

  7. Chaum, D.: Security Without Identification: Transaction Systems to Make Big Brother obsolete. Communications of the ACM 28(10), 1030–1044 (1985)

    Article  Google Scholar 

  8. Camenisch, J.L., Lysyanskaya, A.: An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 93–118. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  9. Bellovin, S.M., Merritt, M.: Augmented Encrypted Key Exchange: A Password-Based Protocol Secure against Dictionary Attacks and Password File Compromise. In: Denning, D.E., Pyle, R., Ganesan, R., Sandhu, R.S., Ashby, V. (eds.) ACM Conference on Computer and Communications Security, pp. 244–250. ACM (1993)

    Google Scholar 

  10. Camenisch, J., Casati, N., Gross, T., Shoup, V.: Credential Authenticated Identification and Key Exchange. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 255–276. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  11. Blazy, O., Chevalier, C., Pointcheval, D., Vergnaud, D.: Efficient UC-Secure Authenticated Key-Exchange for Algebraic Languages. IACR Cryptology ePrint Archive 2012, 284 (2012)

    Google Scholar 

  12. Ardagna, C.A., Camenisch, J., Kohlweiss, M., Leenes, R., Neven, G., Priem, B., Samarati, P., Sommer, D., Verdicchio, M.: Exploiting cryptography for privacy-enhanced access control: A result of the PRIME Project. Journal of Computer Security 18(1), 123–160 (2010)

    Google Scholar 

  13. PrimeLife Project (2012), http://www.primelife.eu/ (accessed in December 2012)

  14. Li, J., Li, N., Winsborough, W.: Automated trust negotiation using cryptographic credentials. In: Proceedings of the 12th ACM conference on Computer and Communications Security, pp. 46–57. ACM (2005)

    Google Scholar 

  15. Camenisch, J., Mödersheim, S., Neven, G., Preiss, F.S., Sommer, D.: A card requirements language enabling privacy-preserving access control. In: Joshi, J.B.D., Carminati, B. (eds.) SACMAT, pp. 119–128. ACM (2010)

    Google Scholar 

  16. Frikken, K.B., Li, J., Atallah, M.J.: Trust Negotiation with Hidden Credentials, Hidden Policies, and Policy Cycles. In: NDSS. The Internet Society (2006)

    Google Scholar 

  17. Peirce, C.S.: Abduction and Induction. In: Buchler, J. (ed.) Philosophical Writings of Peirce. Dover Publications, Oxford (1955)

    Google Scholar 

  18. Belenkiy, M., Camenisch, J., Chase, M., Kohlweiss, M., Lysyanskaya, A., Shacham, H.: Randomizable Proofs and Delegatable Anonymous Credentials. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 108–125. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  19. Bichsel, P., Camenisch, J., Groß, T., Shoup, V.: Anonymous credentials on a standard Java card. In: Al-Shaer, E., Jha, S., Keromytis, A.D. (eds.) ACM Conference on Computer and Communications Security, pp. 600–610. ACM (2009)

    Google Scholar 

  20. Schnorr, C.: Efficient Signature Generation for Smart Cards. Journal of Cryptology 4(3), 239–252 (1991)

    Article  MathSciNet  Google Scholar 

  21. Chaum, D., Pedersen, T.P.: Wallet databases with observers. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 89–105. Springer, Heidelberg (1993)

    Chapter  Google Scholar 

  22. Camenisch, J.L., Lysyanskaya, A.: A Signature Scheme with Efficient Protocols. In: Cimato, S., Galdi, C., Persiano, G. (eds.) SCN 2002. LNCS, vol. 2576, pp. 268–289. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  23. Camenisch, J., Krenn, S., Shoup, V.: A Framework for Practical Universally Composable Zero-Knowledge Protocols. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 449–467. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  24. Abe, M., Fuchsbauer, G., Groth, J., Haralambiev, K., Ohkubo, M.: Structure-Preserving Signatures and Commitments to Group Elements. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 209–236. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  25. Robinson, J.: A machine-oriented logic based on the resolution principle. Journal of the ACM (JACM) 12(1), 23–41 (1965)

    Article  MATH  Google Scholar 

  26. Ceri, S., Gottlob, G., Tanca, L.: What You Always Wanted to Know About Datalog (And Never Dared to Ask). IEEE Transactions on Knowledge and Data Engineering 1(1), 146–166 (1989)

    Article  Google Scholar 

  27. Li, N., Mitchell, J.C.: DATALOG with Constraints: A Foundation for Trust Management Languages. In: Dahl, V. (ed.) PADL 2003. LNCS, vol. 2562, pp. 58–73. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  28. Becker, M.Y., Nanz, S.: The role of abduction in declarative authorization policies. In: Hudak, P., Warren, D.S. (eds.) PADL 2008. LNCS, vol. 4902, pp. 84–99. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  29. Camenisch, J., Kiayias, A., Yung, M.: On the Portability of Generalized Schnorr Proofs. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 425–442. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  30. Groth, J., Sahai, A.: Efficient Non-interactive Proof Systems for Bilinear Groups. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 415–432. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  31. Kissner, L., Song, D.: Privacy-Preserving Set Operations. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 241–257. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  32. Camenisch, J.L., Damgård, I.B.: Verifiable encryption, group encryption, and their applications to separable group signatures and signature sharing schemes. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 331–345. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  33. Camenisch, J., Dubovitskaya, M., Lehmann, A., Neven, G., Paquin, C., Preiss, F.-S.: Concepts and Languages for Privacy-Preserving Attribute-Based Authentication. In: Fischer-Hübner, S., de Leeuw, E., Mitchell, C. (eds.) IDMAN 2013. IFIP AICT, vol. 396, pp. 34–52. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  34. Ardagna, C.A., di Vimercati, S.D.C., Foresti, S., Paraboschi, S., Samarati, P.: Minimising disclosure of client information in credential-based interactions. IJIPSI 1(2/3), 205–233 (2012)

    Article  Google Scholar 

  35. Lee, A.J., Winslett, M.: Towards an efficient and language-agnostic compliance checker for trust negotiation systems. In: Proceedings of the 2008 ACM Symposium on Information, Computer and Communications Security, pp. 228–239. ACM (2008)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Cambridge University, UK

    Nik Sultana

  2. Microsoft Research, Cambridge, UK

    Moritz Y. Becker & Markulf Kohlweiss

Authors
  1. Nik Sultana
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Moritz Y. Becker
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Markulf Kohlweiss
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Telematics, University of Freiburg, Friedrichstraße 50, 79098, Freiburg, Germany

    Rafael Accorsi

  2. Centre for Information Technology, Fondazione Bruno Kessler ( FBK), via Sommarive 18, 38123, Trento, Italy

    Silvio Ranise

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Sultana, N., Becker, M.Y., Kohlweiss, M. (2013). Selective Disclosure in Datalog-Based Trust Management. In: Accorsi, R., Ranise, S. (eds) Security and Trust Management. STM 2013. Lecture Notes in Computer Science, vol 8203. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-41098-7_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-41098-7_11

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-41097-0

  • Online ISBN: 978-3-642-41098-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation