Authorization in trust management: Features and foundations

Trust management systems are frameworks for authorization in modern distributed systems, allowing remotely accessible resources to be protected by providers. By allowing providers to specify policy, and access requesters to possess certain access rights, trust management automates the process of determining whether access should be allowed on the basis of policy, rights, and an authorization semantics. In this paper we survey modern state-of-the-art in trust management authorization, focusing on features of policy and rights languages that provide the necessary expressiveness for modern practice. We characterize systems in light of a generic structure that takes into account components of practical implementations. We emphasize systems that have a formal foundation, since security properties of them can be rigorously guaranteed. Underlying formalisms are reviewed to provide necessary background.

[1]  Butler W. Lampson,et al.  SDSI, A Simple Distributed Security Infrastructure Version 1. 1 , 1996 .

[2]  John D. DeTreville Making Certificates Programmable , 2002 .

[3]  Martín Abadi,et al.  A logic of authentication , 1989, Proceedings of the Royal Society of London. A. Mathematical and Physical Sciences.

[4]  D. Richard Kuhn,et al.  Role-Based Access Controls , 2009, ArXiv.

[5]  Marianne Winslett,et al.  Requirements for policy languages for trust negotiation , 2002, Proceedings Third International Workshop on Policies for Distributed Systems and Networks.

[6]  Joan Feigenbaum,et al.  The Role of Trust Management in Distributed Systems Security , 2001, Secure Internet Programming.

[7]  Marianne Winslett,et al.  No Registration Needed: How to Use Declarative Policies and Negotiation to Access Sensitive Resources on the Semantic Web , 2004, ESWS.

[8]  Dan Suciu,et al.  Dynamically distributed query evaluation , 2001, PODS.

[9]  Andrew W. Appel,et al.  Access control for the web via proof-carrying authorization , 2003 .

[10]  Jean Bacon,et al.  An Architecture for Distributed OASIS Services , 2000, Middleware.

[11]  Patrick D. McDaniel,et al.  A Response to ''Can We Eliminate Certificate Revocation Lists?'' , 2000, Financial Cryptography.

[12]  AbadiMartín,et al.  Authentication in the Taos operating system , 1993 .

[13]  David Kotz,et al.  Naming and sharing resources across administrative boundaries , 2000 .

[14]  Angelos D. Keromytis,et al.  Trust management for IPsec , 2002, TSEC.

[15]  Martín Abadi,et al.  A Calculus for Access Control in Distributed Systems , 1991, CRYPTO.

[16]  Joseph Y. Halpern,et al.  A logical reconstruction of SPKI , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[17]  Joan Feigenbaum,et al.  Nonmonotonicity, User Interfaces, and Risk Assessment in Certificate Revocation , 2002, Financial Cryptography.

[18]  Paul Resnick,et al.  PICS: Internet access controls without censorship , 1996, CACM.

[19]  Ninghui Li,et al.  RT: a Role-based Trust-management framework , 2003, Proceedings DARPA Information Survivability Conference and Exposition.

[20]  X Itu,et al.  Information technology-open systems interconnection-the directory: Public-key and attribute certific , 2000 .

[21]  Peter Sewell,et al.  Cassandra: flexible trust management, applied to electronic health records , 2004, Proceedings. 17th IEEE Computer Security Foundations Workshop, 2004..

[22]  Ninghui Li,et al.  Towards practical automated trust negotiation , 2002, Proceedings Third International Workshop on Policies for Distributed Systems and Networks.

[23]  Jon Howell,et al.  A Formal Semantics for SPKI , 2000, ESORICS.

[24]  Trevor Jim,et al.  SD3: a trust management system with certified evaluation , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[25]  Chuang-Hue Moh,et al.  ConChord: Cooperative SDSI Certificate Storage and Name Resolution , 2002, IPTPS.

[26]  Antti Huima,et al.  Using multimodal logic to express conflicting interests in security protocols in proceedings of DIMACS Workshop on Design and formal verification of security protocols , 1997 .

[27]  Pekka Nikander,et al.  Storing and Retrieving Internet Certificates , 1998 .

[28]  Angelos D. Keromytis,et al.  Experience with the KeyNote Trust Management System: Applications and Future Directions , 2003, iTrust.

[29]  David M. Eyers,et al.  Using trust and risk in role-based access control policies , 2004, SACMAT '04.

[30]  Ninghui Li,et al.  Safety in automated trust negotiation , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[31]  Carl A. Gunter,et al.  Policy-directed certificate retrieval , 2000, Softw. Pract. Exp..

[32]  Piero A. Bonatti,et al.  Advanced Policy Explanations on the Web , 2006, ECAI.

[33]  Joan Feigenbaum,et al.  Compliance Checking in the PolicyMaker Trust Management System , 1998, Financial Cryptography.

[34]  Marianne Winslett,et al.  Limiting the Disclosure of Access Control Policies during Automated Trust Negotiation , 2001, NDSS.

[35]  Martín Abadi,et al.  On SDSI's linked local name spaces , 1997, Proceedings 10th Computer Security Foundations Workshop.

[36]  P. A. Bonatti,et al.  Advanced Policy Queries , 2005 .

[37]  K.E. Seamons,et al.  Automated trust negotiation , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[38]  Carl A. Gunter,et al.  Generalized certificate revocation , 2000, POPL '00.

[39]  Stephen Weeks,et al.  Understanding trust management systems , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[40]  Moritz Y. Becker Cassandra: flexible trust management and its application to electronic health records , 2005 .

[41]  Carl A. Gunter,et al.  Authenticated Data Distribution Using Query Certiicate Managers , 1997 .

[42]  Joan Feigenbaum,et al.  Decentralized trust management , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[43]  Jeff Polakow,et al.  Specifying distributed trust management in LolliMon , 2006, PLAS '06.

[44]  Andrew W. Appel,et al.  Proof-carrying authentication , 1999, CCS '99.

[45]  Joan Feigenbaum,et al.  REFEREE: Trust Management for Web Applications , 1997, Comput. Networks.

[46]  Marianne Winslett,et al.  Assuring security and privacy for digital library transactions on the Web: client and server security policies , 1997, Proceedings of ADL '97 Forum on Research and Technology. Advances in Digital Libraries.

[47]  Joseph Y. Halpern,et al.  A Logic for SDSI's Linked Local Name Spaces , 2001, J. Comput. Secur..

[48]  Sushil Jajodia,et al.  Flexible support for multiple access control policies , 2001, TODS.

[49]  Joseph Y. Halpern,et al.  A logic for SDSI's linked local name spaces: preliminary version , 1999, Proceedings of the 12th IEEE Computer Security Foundations Workshop.

[50]  Marianne Winslett,et al.  Interoperable strategies in automated trust negotiation , 2001, CCS '01.

[51]  S. Levitus,et al.  US Government Printing Office , 1998 .

[52]  Joan Feigenbaum,et al.  The KeyNote Trust-Management System Version 2 , 1999, RFC.

[53]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[54]  Ninghui Li,et al.  Design of a role-based trust-management framework , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[55]  Piero A. Bonatti,et al.  Driving and monitoring provisional trust negotiation with metapolicies , 2005, Sixth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'05).

[56]  Ninghui Li,et al.  Distributed Credential Chain Discovery in Trust Management , 2003, J. Comput. Secur..

[57]  Marianne Winslett,et al.  PRUNES: an efficient and complete strategy for automated trust negotiation over the Internet , 2000, CCS.

[58]  Somesh Jha,et al.  Analysis of SPKI/SDSI certificates using model checking , 2002, Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15.

[59]  Ninghui Li,et al.  Understanding SPKI/SDSI using first-order logic , 2005, International Journal of Information Security.

[60]  Ninghui Li,et al.  DATALOG with Constraints: A Foundation for Trust Management Languages , 2003, PADL.

[61]  Peter Sewell,et al.  Cassandra: distributed access control policies with tunable expressiveness , 2004, Proceedings. Fifth IEEE International Workshop on Policies for Distributed Systems and Networks, 2004. POLICY 2004..

[62]  Rebecca N. Wright,et al.  An authentication logic supporting synchronization, revocation, and recency , 1996, CCS '96.

[63]  Stuart G. Stubblebine,et al.  Recent-secure authentication: enforcing revocation in distributed systems , 1995, Proceedings 1995 IEEE Symposium on Security and Privacy.

[64]  Zhao Jing-kai Access Control in an Open Distributed Environment , 2004 .

[65]  John DeTreville,et al.  Binder, a logic-based security language , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[66]  Elisa Bertino,et al.  A logical framework for reasoning about access control models , 2001, SACMAT '01.

[67]  Ninghui Li,et al.  Local names in SPKI/SDSI , 2000, Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13.

[68]  Georg Gottlob,et al.  Disjunctive datalog , 1997, TODS.

[69]  Scott F. Smith,et al.  A Component Security Infrastructure , 2005 .

[70]  Marianne Winslett,et al.  Negotiating Trust on the Web , 2002, IEEE Internet Comput..

[71]  Martín Abadi,et al.  Authentication in the Taos operating system , 1994, TOCS.

[72]  Martín Abadi,et al.  Logic in access control , 2003, 18th Annual IEEE Symposium of Logic in Computer Science, 2003. Proceedings..

[73]  Peter J. Stuckey,et al.  Memoing Evaluation for Constraint Extensions of Datalog , 1997 .

[74]  Xiaoyang Sean Wang,et al.  Risk management for distributed authorization , 2007, J. Comput. Secur..

[75]  Simon S. Lam,et al.  Authorizations in Distributed Systems: A New Approach , 1993, J. Comput. Secur..

[76]  Ninghui Li,et al.  Beyond proof-of-compliance: security analysis in trust management , 2005, JACM.

[77]  Butler W. Lampson,et al.  SPKI Certificate Theory , 1999, RFC.

[78]  Michael J. Maher,et al.  Constraint Logic Programming: A Survey , 1994, J. Log. Program..

[79]  Joan Feigenbaum,et al.  Delegation logic: A logic-based approach to distributed authorization , 2003, TSEC.

[80]  Mary Ellen Zurko,et al.  Separation of duty in role-based environments , 1997, Proceedings 10th Computer Security Foundations Workshop.

[81]  Ronald L. Rivest,et al.  SDSI - A Simple Distributed Security Infrastructure , 1996 .

[82]  共立出版株式会社 コンピュータ・サイエンス : ACM computing surveys , 1978 .

[83]  Ronald L. Rivest,et al.  Can We Eliminate Certificate Revocations Lists? , 1998, Financial Cryptography.

[84]  Lujo Bauer,et al.  A General and Flexible Access-Control System for the Web , 2002, USENIX Security Symposium.

[85]  J. Feigenbaum,et al.  The KeyNote trust management system version2, IETF RFC 2704 , 1999 .

[86]  Harriet S. Meyer,et al.  Protecting Privacy in Computerized Medical Information , 1994 .

[87]  Ronald L. Rivest,et al.  Certificate Chain Discovery in SPKI/SDSI , 2002, J. Comput. Secur..

[88]  Pierangela Samarati,et al.  Regulating service access and information release on the Web , 2000, CCS.

[89]  Jean Bacon,et al.  A model of OASIS role-based access control and its support for active security , 2001, TSEC.

[90]  Marianne Winslett,et al.  Internet Credential Acceptance Policies , 1997, APPIA-GULP-PRODE.

[91]  Amir Herzberg,et al.  Access control meets public key infrastructure, or: assigning roles to strangers , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[92]  Pierangela Samarati,et al.  Logics for Authorizations and Security , 2004 .

[93]  Pierangela Samarati,et al.  A Uniform Framework for Regulating Service Access and Information Release on the Web , 2002, J. Comput. Secur..