Delegation depth control in trust-management system

Trust management system has been a promising approach to solve the access control problems in distributed systems. Delegation is a core concept in it and needs to be limited with respect to depth. In this paper, some different delegation depth control approaches in current trust management system are discussed. Then RT+/sub 0/ is introduced, which incorporates the integer delegation depth control into RT/sub 0/ The RT+/sub 0/ credential adds to RT/sub 0/ depth value, which provides a more expressive power. The changed semantics is formally defined by a translation from credential to datalog rules. The computational complexity analysis is given and it shows that the semantics is also algorithmically tractable.

[1]  Vijay Karamcheti,et al.  dRBAC: distributed role-based access control for dynamic coalition environments , 2002, Proceedings 22nd International Conference on Distributed Computing Systems.

[2]  Peter Sewell,et al.  Cassandra: distributed access control policies with tunable expressiveness , 2004, Proceedings. Fifth IEEE International Workshop on Policies for Distributed Systems and Networks, 2004. POLICY 2004..

[3]  Ninghui Li,et al.  Design of a role-based trust-management framework , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[4]  Ninghui Li,et al.  Distributed Credential Chain Discovery in Trust Management , 2003, J. Comput. Secur..

[5]  Ninghui Li,et al.  Beyond proof-of-compliance: safety and availability analysis in trust management , 2003, 2003 Symposium on Security and Privacy, 2003..

[6]  Trevor Jim,et al.  SD3: a trust management system with certified evaluation , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[7]  Roberto Tamassia,et al.  Role-based cascaded delegation , 2004, SACMAT '04.

[8]  Butler W. Lampson,et al.  SPKI Certificate Theory , 1999, RFC.

[9]  Joan Feigenbaum,et al.  Delegation logic: A logic-based approach to distributed authorization , 2003, TSEC.

[10]  Ninghui Li,et al.  Distributed credential chain discovery in trust management: extended abstract , 2001, CCS '01.