Abstract
Automated trust negotiation (ATN) is an approach to regulating the gradual exchange of sensitive resources, which are protected by access control policies, between two strangers to establish mutual trust in open distributed systems. Policy compliance checkers of ATN determine which credentials satisfy an access control policy and whether a particular set of credentials satisfies the relevant policy. We propose a description logic-based approach to policy compliance checking, in which the description logic (DL) \(\mathcal {SHOIN(D)}\) is exploited to formalize credentials and policies of ATN, and the state-of-the-art DL reasoners are leveraged for policy compliance checking. By exploring the semantics of credentials and policies defined by DL, our approach can promote the success of a negotiation whenever it is semantically possible. As long as a policy can be satisfied, our approach can find the credentials satisfying the policy. These credentials can be either syntactically defined in the policy or semantically imply those defined. In addition, benefiting from DL reasoning, attribute delegations that are modeled as semantic relations among attributes can be retrieved by our approach as the evidence of a negotiator’s satisfaction of an access control policy. This evidence is quite necessary in the ATN environment where negotiators are usually strangers belonging to different domains without a common knowledge of delegations.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Baader F, Calvanese D, McGuinness DL, Nardi D, Patel-Schneider PF (eds) (2003) The Description Logic Handbook: Theory, Implementation, and Applications. Cambridge University Press, Cambridge
Becker MY, Sewell P (2004) Cassandra: Distributed access control policies with tunable expressiveness. In: POLICY, pp 159–168. IEEE Computer Society
Bertino E, Ferrari E, Squicciarini A C (2003) X-tnl: An xml-based language for trust negotiations. In: POLICY, pp 81–84. IEEE Computer Society
Hu J, Khan KM, Bai Y, Zhang Y (2012) Compliance checking for usage-constrained credentials in trust negotiation systems. In: Information Security Conference 2012
Lee AJ, Winslett M (2008) Towards an efficient and language-agnostic compliance checker for trust negotiation systems. In: Proceedings of the 2008 ACM symposium on information, computer and communications security, ASIACCS 2008, Tokyo, Japan, March 18-20, vol 2008, pp 228–239
Li N, Mitchell JC (2003) Rt: A role-based trust-management framework. In: 3rd DARPA information survivability conference and exposition (DISCEX-III 2003), 22-24 April 2003, Washington, DC, USA, p 201–
Li N, Mitchell JC, Winsborough WH (2002) Design of a role-based trust-management framework. In: Proceedings of the 2002 IEEE symposium on security and privacy, SP ’02, p 114–, Washington, DC. IEEE Computer Society, USA
Li N, Mitchell JC, Winsborough WH (2005) Beyond proof-of-compliance: security analysis in trust management. Journal of the ACM 52(3):474–514
Nejdl W, Olmedilla D, Winslett M (2004) Peertrust: Automated trust negotiation for peers on the semantic web. In: Secure Data Management, volume 3178 of Lecture Notes in Computer Science, pages 118–132. Springer
Seamons KE, Winslett M, Yu T (2001) Limiting the disclosure of access control policies during automated trust negotiation. In: Proceedings of the network and distributed system security symposium, NDSS 2001, San Diego, California, USA
Sirin E, Parsia B, Grau BC, Kalyanpur A, Katz Y (2007) Pellet: A practical owl-dl reasoner. J Web Semant 5(2):51–53
Skogsrud H, Nezhad HRM, Benatallah B, Casati F (2009) Modeling trust negotiation for web services. IEEE Computer 42(2):54–61
Smith B, Seamons KE, Jones MD (2004) Responding to policies at runtime in trustbuilder. In: Proceedings of the international workshop on 5th IEEE policies for distributed systems and networks, POLICY 2004, pp 149–158. IEEE
Squicciarini AC, Bertino E, Trombetta A, Braghin S (2012) A flexible approach to multisession trust negotiations. IEEE Trans Dependable Sec Comput 9(1):16–29
Winsborough W, Seamons K, Jones V (2000) Automated trust negotiation. In: DARPA Information Survivability Conference and Exposition. Vol. I. IEEE Press, Piscataway, New Jersey, 2000, pp 88–102
Winsborough WH, Li N (2002) Protecting sensitive attributes in automated trust negotiation. In: Proceedings of the 2002 ACM workshop on privacy in the electronic society, WPES 2002, Washington, DC, USA, November 21, 2002, pp 41–51
Winsborough WH, Li N (2006) Safety in automated trust negotiation. ACM Transactions on Information and System Security 9(3):352–390
Winslett M, Yu T, Seamons KE, Hess A, Jacobson J, Jarvis R, Smith B, Yu L (2002) Negotiating trust in the web. Internet Computing IEEE 6(6):30–37
Yu T, Winslett M, Seamons KE (2001) Interoperable strategies in automated trust negotiation. In: Proceedings of the 8th ACM conference on computer and communications security, Philadelphia, Pennsylvania, USA, November 6–8, 2001, pp 146–155
Acknowledgments
This work was partially supported by the National Natural Science Foundation of China (Grant No. U1135004, 61170080), Guangdong Province Universities and Colleges Pearl River Scholar Funded Scheme (2011), Guangdong Provincial Natural Science Foundation (No. 2014A030308006), and 973 Program (Grant No. 2014CB360501).
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Liu, X., Tang, S. & Chen, S. A description logic-based policy compliance checker for trust negotiation. Peer-to-Peer Netw. Appl. 9, 372–383 (2016). https://doi.org/10.1007/s12083-015-0343-1
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12083-015-0343-1