Towards a credential-based implementation of compound access control policies

We describe a layered approach to access control for distributed and interoperable computing systems. Firstly, compound access control policies are conceptually specified, using the policy algebra proposed by Bonatti, Capitani di Vimercati and Samarati. Secondly, SPKI/SDSI is exploited to implement and to enforce a policy specification by means of credentials. Therefore, SPKI/SDSI is slightly extended, in particular in order to allow algebra expressions over local names as subjects in authorisation certificates and to deal with the subtraction operator of the algebra. Besides presenting the overall approach, the paper elaborates some details for a still powerful fraction of the policy algebra, thereby examining the correctness of the credential-based implementation.

[1]  Sabrina De Capitani di Vimercati,et al.  Access Control: Policies, Models, and Mechanisms , 2000, FOSAD.

[2]  David Chaum,et al.  Security without identification: transaction systems to make big brother obsolete , 1985, CACM.

[3]  Marianne Winslett An Introduction to Automated Trust Establishment , 2002, GI Jahrestagung.

[4]  Stefan Brands,et al.  Digital Identity Management based on Digital Credentials , 2002, GI Jahrestagung.

[5]  Hussein Zedan,et al.  A compositional framework for access control policies enforcement , 2003, FMSE '03.

[6]  Ronald L. Rivest,et al.  Certificate Chain Discovery in SPKI/SDSI , 2002, J. Comput. Secur..

[7]  Andrew S. Tanenbaum,et al.  Distributed systems: Principles and Paradigms , 2001 .

[8]  Elisa Bertino,et al.  A unified framework for enforcing multiple access control policies , 1997, SIGMOD '97.

[9]  Ronald L. Rivest,et al.  SDSI - A Simple Distributed Security Infrastructure , 1996 .

[10]  Elisa Bertino,et al.  A flexible authorization mechanism for relational data management systems , 1999, TOIS.

[11]  Marianne Winslett,et al.  Supporting structured credentials and sensitive policies through interoperable strategies for automated trust negotiation , 2003, TSEC.

[12]  André Årnes Public Key Certificate Revocation Schemes , 2000 .

[13]  Sabrina De Capitani di Vimercati,et al.  An algebra for composing access control policies , 2002, TSEC.

[14]  Joan Feigenbaum,et al.  Decentralized trust management , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[15]  Simon S. Lam,et al.  Authorizations in Distributed Systems: A New Approach , 1993, J. Comput. Secur..

[16]  Joseph Y. Halpern,et al.  A Logic for SDSI's Linked Local Name Spaces , 2001, J. Comput. Secur..

[17]  Martín Abadi,et al.  On SDSI's linked local name spaces , 1997, Proceedings 10th Computer Security Foundations Workshop.

[18]  Joan Feigenbaum,et al.  Nonmonotonicity, User Interfaces, and Risk Assessment in Certificate Revocation , 2002, Financial Cryptography.

[19]  Butler W. Lampson,et al.  SPKI Certificate Theory , 1999, RFC.

[20]  Stefan A. Brands,et al.  Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy , 2000 .

[21]  Joachim Biskup,et al.  A Hybrid PKI Model: Application to Secure Mediation , 2002, DBSec.

[22]  Butler W. Lampson,et al.  Simple Public Key Certificate , 1998 .

[23]  Joan Feigenbaum,et al.  The Role of Trust Management in Distributed Systems Security , 2001, Secure Internet Programming.

[24]  Pierangela Samarati Enriching Access Control to Support Credential-Based Specificatons , 2002, GI Jahrestagung.

[25]  Ronald L. Rivest,et al.  Can We Eliminate Certificate Revocations Lists? , 1998, Financial Cryptography.

[26]  Ninghui Li,et al.  Understanding SPKI/SDSI using first-order logic , 2003, 16th IEEE Computer Security Foundations Workshop, 2003. Proceedings..

[27]  Martin Nemzow,et al.  Rethinking Public Key Infrastructures and Digital Certificates and Privacy , 2001 .