Relational-based calculus for trust management in networked services

This paper considers the use of local policy enforcement in communication networks. Compliance with the security policy is important, especially if the system is based on the concept of Public Key Certificate. Our approach discusses the design of a trust management scheme that integrates a model for the specification of entities and actions, a mechanism for identifying users, authorizations, and delegations, and a compliance engine. The model is based on the use of an axiomatic representation of security requirements. The compliance engine integrates a relational calculus that allows proof and verification. Three cases are addressed to validate the model: the anonymous payment system, clinical information system, and distributed firewall systems.

[1]  Joan Feigenbaum,et al.  Decentralized trust management , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[2]  Jasper Becker,et al.  Joint Research Centre , 1982, Nature.

[3]  Joan Feigenbaum,et al.  The KeyNote Trust-Management System Version 2 , 1999, RFC.

[4]  J. Feigenbaum,et al.  The KeyNote trust management system version2, IETF RFC 2704 , 1999 .

[5]  Antonis C. Kakas,et al.  A Simple Declarative Language for Describing Narratives With Actions , 1997, J. Log. Program..

[6]  Ian Oppermann,et al.  Guest editorial spread spectrum for global communications II , 2000, IEEE J. Sel. Areas Commun..

[7]  Benjamin N. Grosof,et al.  A practically implementable and tractable delegation logic , 2000, S&P 2000.

[8]  Carlton R. Davis Ipsec: Securing Vpns , 2001 .

[9]  Hugo Krawczyk,et al.  Design, implementation, and deployment of the iKP secure electronic payment system , 2000, IEEE Journal on Selected Areas in Communications.

[10]  Angelos D. Keromytis,et al.  Implementing a distributed firewall , 2000, CCS.

[11]  Morris Sloman,et al.  A survey of trust in internet applications , 2000, IEEE Communications Surveys & Tutorials.

[12]  Joan Feigenbaum,et al.  Compliance Checking in the PolicyMaker Trust Management System , 1998, Financial Cryptography.

[13]  Tom Austin PKI : A Wiley Tech Brief , 2000 .

[14]  Joseph Y. Halpern,et al.  A logical reconstruction of SPKI , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[15]  Martín Abadi,et al.  A logic of authentication , 1990, TOCS.

[16]  Butler W. Lampson,et al.  SPKI Certificate Theory , 1999, RFC.

[17]  Ross J. Anderson,et al.  Clinical system security: interim guidelines , 1996, BMJ.

[18]  Jean H. Gallier,et al.  Logic for Computer Science: Foundations of Automatic Theorem Proving , 1985 .

[19]  Carl M. Ellison,et al.  SPKI Requirements , 1999, RFC.

[20]  Russ Housley,et al.  Internet X.509 Public Key Infrastructure Certificate and CRL Profile , 1999, RFC.