Language based policy analysis in a SPKI Trust Management System.

SPKI/SDSI can be used to implement a Trust Management System, where the policy for resource access is distributively specified by multiple trusted entities. ... Agents in the system need a formal mechanism for understanding the current state of policy. ... While we give a logic to formulate policy analysis problems in the context of SPKI/SDSI we feel that full fledged languages for policy analysis in other distributed access control systems and trust management ...

doi:10.3233/jcs-2006-14402 fatcat:dkkkxnmnszfljo4r5ii6gdajke

In this paper we survey modern stateof-the-art in trust management authorization, focusing on features of policy and rights languages that provide the necessary expressiveness for modern practice. ... Trust management systems are frameworks for authorization in modern distributed systems, allowing remotely accessible resources to be protected by providers. ... In a survey of trust negotiation systems a list of requirements on trust negotiation policy languages is given in . ...

doi:10.1145/1380584.1380587 fatcat:4ablaejrwvccrpcarkf4cfrbiq

In this paper, we shall present a comparative analysis of various approaches of trust management in practice that integrates technology with other factors. ... The challenge is to see how in such a scenario trust can indeed be generated. ... Capability-based trust management systems Recently, capability-based access control approaches traditionally used in operating systems have been adapted for applications in distributed environments. ...

doi:10.1007/bf02706242 fatcat:lrtpl3qbfzgkxlmfiii7eju75i

Accordingly, we design and implement the event manager based on Jini and suggest three methods in which only right event consumer can listen to the event using Access-Control Lists and SPKI/SDSI certificates ... In the proposed method, our event manager controls the access of events by putting trust checking engine on Jini. ... Event Management System Based on JavaSpace Jini [5] is a middleware in composing the home networking. The purpose of Jini is to accomplish "Network plug and Work". ...

doi:10.1007/11596042_51 fatcat:otqqnn52wbhkdaaapgcost2aye

We compare SPKI/SDSI with RT C 1 , which is a language in the RT Role-based Trust-management framework that can be viewed as an extension of SDSI. ... SPKI/SDSI is a language for expressing distributed access control policy, derived from SPKI and SDSI. ... A Proofs Proposition 2 Given a set P of policy statements, if Th[P] |= m(K, A, K 1 ), then RS(P) K A ...

doi:10.1007/s10207-005-0073-0 fatcat:nk4zylxd4jcujnctmkvvdd3ynq

This work defines a security scheme, based on SPKI/SDSI chains of trust, for protecting mobile agent platforms in large-scale distributed systems. ... Due to the flexibility of the SPKI/SDSI certificate delegation infrastructures used, the proposed scheme provides a decentralized control for authorization and authentication. 1 http://lia.deis.unibo.it ... Acknowledgments The authors thank the "IFM (Instituto Fábrica do Milênio)" and "Chains of Trust" project (CNPq 552175/01-3) members for their contributions. ...

doi:10.1007/978-3-540-24625-1_12 fatcat:ht3ecvo3wnbghmmkxevwftilqm

In a distributed system, the principle of separation of policy and mechanism provides the flexibility to revise policies without altering mechanisms and vice versa. ... Techniques for policy analysis in the context of resource selection and authorization are also presented. ... We have demonstrated that the ClassAd language can be used to specify SPKI/SDSI authorization policies, and an enhanced gangmatching algorithm can be used to assemble SPKI/SDSI certificate chains correctly ...

doi:10.1007/978-3-642-27694-1_15 fatcat:khy3swjd4fgvhe2nzqfgg6jrhq

If the processing plan presented in were universally adopted, then SPKI would be a trust-management engine. ... Other Trust-Based Systems The REFEREE system of Chu et al. [1997] is like PolicyMaker in that it supports full programmability of assertions (policies and credentials). ...

doi:10.1201/9780203507223.ch47 fatcat:qwgaumynmvfwnk4zl2xapmz6r4

This way, trust management languages are a tool for describing credentials and specifying access control policies in a flexible and modifiable way. ... This paper discusses the expressive power of trust management languages, describes a new extension to Role-based Trust Managements language RT T , and evaluates the complexity of algorithm that is used ... a single role expression, do not exist in RT T or any other Role based Trust management language. ...

doi:10.1007/978-3-642-25106-1_12 fatcat:vnoxzrujgva3bl6dkataoo4x3q

Trust-management engines avoid the need to resolve "identities" in an authorization decision. Instead, they express privileges and restrictions in a programming language. ... We also report on our experience using trust-management engines in several distributed-system applications. -Authentication: In an operating system, the identity of a principal is well known. ... Architectures based on a trust-management system can be easily extended if, in the future, it becomes necessary to base access decisions on more complex rules than are captured by an ACL. ...

doi:10.1007/3-540-48749-2_8 fatcat:qwkjf2xv2nhz7oiemnzyx26z7y

We present SAFE, an integrated system for managing trust using a logic-based declarative language. ... Logical trust systems authorize each request by constructing a proof from a context---a set of authenticated logic statements representing credentials and policies issued by various principals in a networked ... Over time, the formal foundations of trust management systems have converged on logic-based declarative languages-trust logic. ...

arXiv:1510.04629v2 fatcat:5465cxr7jraspjaod63zos6bkm

Multiple Versions

We adopt the trust-management approach, in which "authorization" is viewed as a "proof-of-compliance" problem: Does a set of credentials prove that a request complies with a policy? ... We develop a logic-based language, called Delegation Logic (DL), to represent policies, credentials, and requests in distributed authorization. ... Acknowledgement The first author is currently supported by DARPA through SPAWAR contracts N66001-00-C-8015 and by DoD MURI "Semantics Consistency in Information Exchange" as ONR Grant N00014-97-1-0505. ...

doi:10.1145/605434.605438 fatcat:uunkgsqmmndwbnpltp3x5p2ofu

We address these issues in our design of a distributed access control mechanism for a people location system. ... To show feasibility of our design, we built an example implementation based on SPKI/SDSI certificates. Using measurements, we quantify the influence of access control on query processing time. ... SPKI/SDSI is a trust management system that supports decentralized specification and evaluation of security policies. ...

doi:10.1145/1108906.1108910 fatcat:kngzcf4zdrgxxar5ybkub6gg24

These ideas are implemented in the HIPer-Net framework enabling the creation and the management of customized confined execution environments in a large scale context. ... Based on the example of biomedical applications, the paper focuses on the security model of the HIPerNet system and develops the key aspects of our distributed security approach. ... The system assumes that resource nodes trust the VO manager through a preinstallation of manager's root CA certificate in all nodes. ...

doi:10.1109/ccgrid.2009.76 dblp:conf/ccgrid/PrimetGMKRGMH09 fatcat:ofjsa7bezbhqli6hevhlc3zmcq

in SPKI/SDSI, a well-known trust management framework designed to facilitate the development of secure and scalable distributed computing systems. ... This paper describes a systematic method for deriving efficient algorithms and precise time complexities from extended Datalog rules as it is applied to the analysis of trust management policies specified ... At the same time, logic-based languages and frameworks have been used increasingly for expressing security and trust management policies, e.g., [16, 19] . ...

doi:10.1145/1273920.1273950 dblp:conf/ppdp/HristovaTL07 fatcat:kpswe4qomratfibxt3kxfi6f7e

Language based policy analysis in a SPKI Trust Management System

Preserved Fulltext

Authorization in trust management

Preserved Fulltext

Trust management for e-transactions

Preserved Fulltext

The Design and Implementation of Secure Event Manager Using SPKI/SDSI Certificate [chapter]

Preserved Fulltext

Understanding SPKI/SDSI using first-order logic

Preserved Fulltext

Security Mechanisms for Mobile Agent Platforms Based on SPKI/SDSI Chains of Trust [chapter]

Preserved Fulltext

Distributed Policy Specification and Interpretation with Classified Advertisements [chapter]

Preserved Fulltext

Distributed Trust [chapter]

Preserved Fulltext

Trust Management Languages and Complexity [chapter]

Preserved Fulltext

The Role of Trust Management in Distributed Systems Security [chapter]

Preserved Fulltext

SAFE: A Declarative Trust Management System with Linked Credentials [article]

Preserved Fulltext

Other Versions

Delegation logic

Preserved Fulltext

Access control to people location information

Preserved Fulltext

A Scalable Security Model for Enabling Dynamic Virtual Private Execution Infrastructures on the Internet

Preserved Fulltext

Efficient trust management policy analysis from rules

Preserved Fulltext