skip to main content
10.1145/2752952.2752968acmconferencesArticle/Chapter ViewAbstractPublication PagessacmatConference Proceedingsconference-collections
research-article

A Logic of Trust for Reasoning about Delegation and Revocation

Published: 01 June 2015 Publication History

Abstract

In ownership-based access control frameworks with the possibility of delegating permissions and administrative rights, chains of delegated accesses will form. There are different ways to treat these delegation chains when revoking rights, which give rise to different revocation schemes. Hagström et al. [8] proposed a framework for classifying revocation schemes, in which the different revocation schemes are defined graph-theoretically; they motivate the revocation schemes in this framework by presenting various scenarios in which the agents have different reasons for revocating. This paper is based on the observation that there are some problems with Hagström et al.'s definitions of the revocation schemes, which have led us to propose a refined framework with new graph-theoretic definitions of the revocation schemes. In order to formally study the merits and demerits of various definitions of revocation schemes, we propose to apply the axiomatic method originating in social choice theory to revocation schemes. For formulating an axiom, i.e. a desirable property of revocation frameworks, we propose a logic, Trust Delegation Logic TDL), with which one can formalize the different reasons an agent may have for performing a revocation. We show that our refined graph-theoretic definitions of the revocation schemes, unlike Hagström et al.'s original definitions, satisfy the desirable property that can be formulated using TDL.

References

[1]
G. Aucher, S. Barker, G. Boella, V. Genovese, and L. van der Torre. Dynamics in Delegation and Revocation Schemes: A Logical Approach. In Y. Li, editor, Data and Applications Security and Privacy XXV, volume 6818 of Lecture Notes in Computer Science, pages 90--105. Springer Berlin Heidelberg, 2011.
[2]
E. Bertino, S. Jajodia, and P. Samarati. A Non-timestamped Authorization Model for Data Management Systems. In Proceedings of the 3rd ACM Conference on Computer and Communications Security, CCS '96, pages 169--178, New York, NY, USA, 1996. ACM.
[3]
E. Bertino, P. Samarati, and S. Jajodia. An extended authorization model for relational databases. Knowledge and Data Engineering, IEEE Transactions on, 9(1):85--101, Jan 1997.
[4]
R. Demolombe. Reasonig about trust: A formal logical framework. In C. Jensen, S. Poslad, and T. Dimitrakos, editors, Trust Management, volume 2995 of Lecture Notes in Computer Science, pages 291--303. 2004.
[5]
M. Denecker. The Well-Founded Semantics Is the Principle of Inductive Definition. In J. Dix, L. del Cerro, and U. Furbach, editors, Logics in Artificial Intelligence, volume 1489 of Lecture Notes in Computer Science, pages 1--16. Springer Berlin Heidelberg, 1998.
[6]
R. Fagin. On an Authorization Mechanism. ACM Trans. Database Syst., 3(3):310--319, Sept. 1978.
[7]
P. P. Griffiths and B. W. Wade. An Authorization Mechanism for a Relational Database System. ACM Trans. Database Syst., 1(3):242--255, Sept. 1976.
[8]
Å. Hagström, S. Jajodia, F. Parisi-Presicce, and D. Wijesekera. Revocations-A Classification. In Proceedings of the 14th IEEE Workshop on Computer Security Foundations, CSFW '01, pages 44--, Washington, DC, USA, 2001. IEEE Computer Society.
[9]
B. Jayaraman and D. Jana. Set constructors, finite sets, and logical semantics. The Journal of Logic Programming, pages 55--77, 1999.
[10]
W. Rautenberg. A Concise Introduction to Mathematical Logic. Springer, 2006.
[11]
C. Ruan and V. Varadharajan. Resolving Conflicts in Authorization Delegations. In L. M. Batten and J. Seberry, editors, ACISP, volume 2384 of Lecture Notes in Computer Science, pages 271--285. Springer, 2002.

Cited By

View all
  • (2019)Owner-Centric Sharing of Physical Resources, Data, and Data-Driven Insights in Digital EcosystemsProceedings of the 24th ACM Symposium on Access Control Models and Technologies10.1145/3322431.3326326(73-81)Online publication date: 28-May-2019
  • (2017)Postulates for Revocation SchemesProceedings of the 6th International Conference on Principles of Security and Trust - Volume 1020410.1007/978-3-662-54455-6_11(232-252)Online publication date: 22-Apr-2017
  • (2016)Distributed autoepistemic logic and its application to access controlProceedings of the Twenty-Fifth International Joint Conference on Artificial Intelligence10.5555/3060621.3060800(1286-1292)Online publication date: 9-Jul-2016
  • Show More Cited By

Index Terms

  1. A Logic of Trust for Reasoning about Delegation and Revocation

    Recommendations

    Comments

    Information & Contributors

    Information

    Published In

    cover image ACM Conferences
    SACMAT '15: Proceedings of the 20th ACM Symposium on Access Control Models and Technologies
    June 2015
    242 pages
    ISBN:9781450335560
    DOI:10.1145/2752952
    Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

    Sponsors

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 01 June 2015

    Permissions

    Request permissions for this article.

    Check for updates

    Author Tags

    1. access control
    2. delegation
    3. logic
    4. revocation
    5. trust

    Qualifiers

    • Research-article

    Funding Sources

    • Fond National de la Recherche Luxembourg

    Conference

    SACMAT '15
    Sponsor:

    Acceptance Rates

    SACMAT '15 Paper Acceptance Rate 17 of 59 submissions, 29%;
    Overall Acceptance Rate 177 of 597 submissions, 30%

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • Downloads (Last 12 months)6
    • Downloads (Last 6 weeks)1
    Reflects downloads up to 17 Jan 2025

    Other Metrics

    Citations

    Cited By

    View all
    • (2019)Owner-Centric Sharing of Physical Resources, Data, and Data-Driven Insights in Digital EcosystemsProceedings of the 24th ACM Symposium on Access Control Models and Technologies10.1145/3322431.3326326(73-81)Online publication date: 28-May-2019
    • (2017)Postulates for Revocation SchemesProceedings of the 6th International Conference on Principles of Security and Trust - Volume 1020410.1007/978-3-662-54455-6_11(232-252)Online publication date: 22-Apr-2017
    • (2016)Distributed autoepistemic logic and its application to access controlProceedings of the Twenty-Fifth International Joint Conference on Artificial Intelligence10.5555/3060621.3060800(1286-1292)Online publication date: 9-Jul-2016
    • (2016)Resilient Delegation Revocation with Precedence for Predecessors Is NP-Complete2016 IEEE 29th Computer Security Foundations Symposium (CSF)10.1109/CSF.2016.37(432-442)Online publication date: Jun-2016

    View Options

    Login options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Media

    Figures

    Other

    Tables

    Share

    Share

    Share this Publication link

    Share on social media