245 Hits in 3.1 sec

Language based policy analysis in a SPKI Trust Management System

Arun K. Eamani, A. Prasad Sistla
2006 Journal of Computer Security  
SPKI/SDSI can be used to implement a Trust Management System, where the policy for resource access is distributively specified by multiple trusted entities.  ...  Agents in the system need a formal mechanism for understanding the current state of policy.  ...  While we give a logic to formulate policy analysis problems in the context of SPKI/SDSI we feel that full fledged languages for policy analysis in other distributed access control systems and trust management  ... 
doi:10.3233/jcs-2006-14402 fatcat:dkkkxnmnszfljo4r5ii6gdajke

Authorization in trust management

Peter C. Chapin, Christian Skalka, X. Sean Wang
2008 ACM Computing Surveys  
In this paper we survey modern stateof-the-art in trust management authorization, focusing on features of policy and rights languages that provide the necessary expressiveness for modern practice.  ...  Trust management systems are frameworks for authorization in modern distributed systems, allowing remotely accessible resources to be protected by providers.  ...  In a survey of trust negotiation systems a list of requirements on trust negotiation policy languages is given in .  ... 
doi:10.1145/1380584.1380587 fatcat:4ablaejrwvccrpcarkf4cfrbiq

Trust management for e-transactions

Vishwas Patil, R. K. Shyamasundar
2005 Sadhana (Bangalore)  
In this paper, we shall present a comparative analysis of various approaches of trust management in practice that integrates technology with other factors.  ...  The challenge is to see how in such a scenario trust can indeed be generated.  ...  Capability-based trust management systems Recently, capability-based access control approaches traditionally used in operating systems have been adapted for applications in distributed environments.  ... 
doi:10.1007/bf02706242 fatcat:lrtpl3qbfzgkxlmfiii7eju75i

The Design and Implementation of Secure Event Manager Using SPKI/SDSI Certificate [chapter]

YoungLok Lee, HyungHyo Lee, Seungyong Lee, HeeMan Park, BongNam Noh
2005 Lecture Notes in Computer Science  
Accordingly, we design and implement the event manager based on Jini and suggest three methods in which only right event consumer can listen to the event using Access-Control Lists and SPKI/SDSI certificates  ...  In the proposed method, our event manager controls the access of events by putting trust checking engine on Jini.  ...  Event Management System Based on JavaSpace Jini [5] is a middleware in composing the home networking. The purpose of Jini is to accomplish "Network plug and Work".  ... 
doi:10.1007/11596042_51 fatcat:otqqnn52wbhkdaaapgcost2aye

Understanding SPKI/SDSI using first-order logic

Ninghui Li, John C. Mitchell
2005 International Journal of Information Security  
We compare SPKI/SDSI with RT C 1 , which is a language in the RT Role-based Trust-management framework that can be viewed as an extension of SDSI.  ...  SPKI/SDSI is a language for expressing distributed access control policy, derived from SPKI and SDSI.  ...  A Proofs Proposition 2 Given a set P of policy statements, if Th[P] |= m(K, A, K 1 ), then RS(P) K A  ... 
doi:10.1007/s10207-005-0073-0 fatcat:nk4zylxd4jcujnctmkvvdd3ynq

Security Mechanisms for Mobile Agent Platforms Based on SPKI/SDSI Chains of Trust [chapter]

Michelle S. Wangham, Joni da Silva Fraga, Rafael R. Obelheiro, Galeno A. Jung, Elizabeth Fernandes
2004 Lecture Notes in Computer Science  
This work defines a security scheme, based on SPKI/SDSI chains of trust, for protecting mobile agent platforms in large-scale distributed systems.  ...  Due to the flexibility of the SPKI/SDSI certificate delegation infrastructures used, the proposed scheme provides a decentralized control for authorization and authentication. 1  ...  Acknowledgments The authors thank the "IFM (Instituto Fábrica do Milênio)" and "Chains of Trust" project (CNPq 552175/01-3) members for their contributions.  ... 
doi:10.1007/978-3-540-24625-1_12 fatcat:ht3ecvo3wnbghmmkxevwftilqm

Distributed Policy Specification and Interpretation with Classified Advertisements [chapter]

Nicholas Coleman
2012 Lecture Notes in Computer Science  
In a distributed system, the principle of separation of policy and mechanism provides the flexibility to revise policies without altering mechanisms and vice versa.  ...  Techniques for policy analysis in the context of resource selection and authorization are also presented.  ...  We have demonstrated that the ClassAd language can be used to specify SPKI/SDSI authorization policies, and an enhanced gangmatching algorithm can be used to assemble SPKI/SDSI certificate chains correctly  ... 
doi:10.1007/978-3-642-27694-1_15 fatcat:khy3swjd4fgvhe2nzqfgg6jrhq

Distributed Trust [chapter]

John Ioannidis, Angelos Keromytis
2004 The Practical Handbook of Internet Computing  
If the processing plan presented in were universally adopted, then SPKI would be a trust-management engine.  ...  Other Trust-Based Systems The REFEREE system of Chu et al. [1997] is like PolicyMaker in that it supports full programmability of assertions (policies and credentials).  ... 
doi:10.1201/9780203507223.ch47 fatcat:qwgaumynmvfwnk4zl2xapmz6r4

Trust Management Languages and Complexity [chapter]

Krzysztof Sacha
2011 Lecture Notes in Computer Science  
This way, trust management languages are a tool for describing credentials and specifying access control policies in a flexible and modifiable way.  ...  This paper discusses the expressive power of trust management languages, describes a new extension to Role-based Trust Managements language RT T , and evaluates the complexity of algorithm that is used  ...  a single role expression, do not exist in RT T or any other Role based Trust management language.  ... 
doi:10.1007/978-3-642-25106-1_12 fatcat:vnoxzrujgva3bl6dkataoo4x3q

The Role of Trust Management in Distributed Systems Security [chapter]

Matt Blaze, Joan Feigenbaum, John Ioannidis, Angelos D. Keromytis
1999 Lecture Notes in Computer Science  
Trust-management engines avoid the need to resolve "identities" in an authorization decision. Instead, they express privileges and restrictions in a programming language.  ...  We also report on our experience using trust-management engines in several distributed-system applications. -Authentication: In an operating system, the identity of a principal is well known.  ...  Architectures based on a trust-management system can be easily extended if, in the future, it becomes necessary to base access decisions on more complex rules than are captured by an ACL.  ... 
doi:10.1007/3-540-48749-2_8 fatcat:qwkjf2xv2nhz7oiemnzyx26z7y

SAFE: A Declarative Trust Management System with Linked Credentials [article]

Vamsi Thummala, Jeff Chase
2015 arXiv   pre-print
We present SAFE, an integrated system for managing trust using a logic-based declarative language.  ...  Logical trust systems authorize each request by constructing a proof from a context---a set of authenticated logic statements representing credentials and policies issued by various principals in a networked  ...  Over time, the formal foundations of trust management systems have converged on logic-based declarative languages-trust logic.  ... 
arXiv:1510.04629v2 fatcat:5465cxr7jraspjaod63zos6bkm

Delegation logic

Ninghui Li, Benjamin N. Grosof, Joan Feigenbaum
2003 ACM Transactions on Privacy and Security  
We adopt the trust-management approach, in which "authorization" is viewed as a "proof-of-compliance" problem: Does a set of credentials prove that a request complies with a policy?  ...  We develop a logic-based language, called Delegation Logic (DL), to represent policies, credentials, and requests in distributed authorization.  ...  Acknowledgement The first author is currently supported by DARPA through SPAWAR contracts N66001-00-C-8015 and by DoD MURI "Semantics Consistency in Information Exchange" as ONR Grant N00014-97-1-0505.  ... 
doi:10.1145/605434.605438 fatcat:uunkgsqmmndwbnpltp3x5p2ofu

Access control to people location information

Urs Hengartner, Peter Steenkiste
2005 ACM Transactions on Privacy and Security  
We address these issues in our design of a distributed access control mechanism for a people location system.  ...  To show feasibility of our design, we built an example implementation based on SPKI/SDSI certificates. Using measurements, we quantify the influence of access control on query processing time.  ...  SPKI/SDSI is a trust management system that supports decentralized specification and evaluation of security policies.  ... 
doi:10.1145/1108906.1108910 fatcat:kngzcf4zdrgxxar5ybkub6gg24

A Scalable Security Model for Enabling Dynamic Virtual Private Execution Infrastructures on the Internet

Pascale Vicat-Blanc Primet, Jean-Patrick Gelas, Olivier Mornard, Guilherme Koslovski, Vincent Roca, Lionel Giraud, Johan Montagnat, Tram Truong Huu
2009 2009 9th IEEE/ACM International Symposium on Cluster Computing and the Grid  
These ideas are implemented in the HIPer-Net framework enabling the creation and the management of customized confined execution environments in a large scale context.  ...  Based on the example of biomedical applications, the paper focuses on the security model of the HIPerNet system and develops the key aspects of our distributed security approach.  ...  The system assumes that resource nodes trust the VO manager through a preinstallation of manager's root CA certificate in all nodes.  ... 
doi:10.1109/ccgrid.2009.76 dblp:conf/ccgrid/PrimetGMKRGMH09 fatcat:ofjsa7bezbhqli6hevhlc3zmcq

Efficient trust management policy analysis from rules

Katia Hristova, K. Tuncay Tekle, Yanhong A. Liu
2007 Proceedings of the 9th ACM SIGPLAN international conference on Principles and practice of declarative programming - PPDP '07  
in SPKI/SDSI, a well-known trust management framework designed to facilitate the development of secure and scalable distributed computing systems.  ...  This paper describes a systematic method for deriving efficient algorithms and precise time complexities from extended Datalog rules as it is applied to the analysis of trust management policies specified  ...  At the same time, logic-based languages and frameworks have been used increasingly for expressing security and trust management policies, e.g., [16, 19] .  ... 
doi:10.1145/1273920.1273950 dblp:conf/ppdp/HristovaTL07 fatcat:kpswe4qomratfibxt3kxfi6f7e
« Previous Showing results 1 — 15 out of 245 results