Risk management for distributed authorization

Distributed authorization takes into account several elements, including certificates that may be provided by non-local actors. While most trust management systems treat all assertions as equally valid up to certificate authentication, realistic considerations may associate risk with some of these elements, for example some actors may be less trusted than others. Furthermore, practical online authorization may require certain levels of risk to be tolerated. In this paper, we introduce a trust management logic based on the system RT that incorporates formal risk assessment. This formalization allows risk levels to be associated with authorization, and authorization risk thresholds to be precisely specified and enforced. We also develop an algorithm for automatic authorization in a distributed environment, that is directed by risk considerations. A variety of practical applications are discussed.

[1]  Ninghui Li,et al.  RT: a Role-based Trust-management framework , 2003, Proceedings DARPA Information Survivability Conference and Exposition.

[2]  Ronald L. Rivest,et al.  SDSI - A Simple Distributed Security Infrastructure , 1996 .

[3]  Xiaoyang Sean Wang,et al.  Risk assessment in distributed authorization , 2005, FMSE '05.

[4]  J. Feigenbaum,et al.  The KeyNote trust management system version2, IETF RFC 2704 , 1999 .

[5]  Joan Feigenbaum,et al.  Decentralized trust management , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[6]  Joan Feigenbaum,et al.  The KeyNote Trust-Management System Version 2 , 1999, RFC.

[7]  Michael K. Reiter,et al.  Authentication metric analysis and design , 1999, TSEC.

[8]  Carl A. Gunter,et al.  Policy-directed certificate retrieval , 2000, Softw. Pract. Exp..

[9]  Hong Fan,et al.  Delegation depth control in trust-management system , 2005, 19th International Conference on Advanced Information Networking and Applications (AINA'05) Volume 1 (AINA papers).

[10]  Martín Abadi,et al.  A Calculus for Access Control in Distributed Systems , 1991, CRYPTO.

[11]  Andrew W. Appel,et al.  Proof-carrying authentication , 1999, CCS '99.

[12]  Audun Jøsang,et al.  An Algebra for Assessing Trust in Certification Chains , 1999, NDSS.

[13]  Ninghui Li,et al.  Design of a role-based trust-management framework , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[14]  Ninghui Li,et al.  Distributed Credential Chain Discovery in Trust Management , 2003, J. Comput. Secur..

[15]  Dorothy E. Denning,et al.  A lattice model of secure information flow , 1976, CACM.

[16]  Audun J sang,et al.  An Algebra for Assessing Trust in Certi cation Chains , 1998 .

[17]  Martín Abadi,et al.  A logic of authentication , 1989, Proceedings of the Royal Society of London. A. Mathematical and Physical Sciences.

[18]  Somesh Jha,et al.  On generalized authorization problems , 2003, 16th IEEE Computer Security Foundations Workshop, 2003. Proceedings..

[19]  Xiaoyang Sean Wang,et al.  Trust but verify: authorization for web services , 2004, SWS '04.

[20]  Andrew W. Appel,et al.  Access control for the web via proof-carrying authorization , 2003 .

[21]  Scot Anderson CONSTRAINT DATALOG IN TRUST MANAGEMENT , 2003 .

[22]  Morris Sloman,et al.  A survey of trust in internet applications , 2000, IEEE Communications Surveys & Tutorials.

[23]  Butler W. Lampson,et al.  SPKI Certificate Theory , 1999, RFC.

[24]  Butler W. Lampson,et al.  A Global Authentication Service without Global Trust , 1986, 1986 IEEE Symposium on Security and Privacy.

[25]  Chuang-Hue Moh,et al.  ConChord: Cooperative SDSI Certificate Storage and Name Resolution , 2002, IPTPS.