A description logic-based policy compliance checker for trust negotiation

Automated trust negotiation (ATN) is an approach to regulating the gradual exchange of sensitive resources, which are protected by access control policies, between two strangers to establish mutual trust in open distributed systems. Policy compliance checkers of ATN determine which credentials satisfy an access control policy and whether a particular set of credentials satisfies the relevant policy. We propose a description logic-based approach to policy compliance checking, in which the description logic (DL) SℋOIN(D)$\mathcal {SHOIN(D)}$ is exploited to formalize credentials and policies of ATN, and the state-of-the-art DL reasoners are leveraged for policy compliance checking. By exploring the semantics of credentials and policies defined by DL, our approach can promote the success of a negotiation whenever it is semantically possible. As long as a policy can be satisfied, our approach can find the credentials satisfying the policy. These credentials can be either syntactically defined in the policy or semantically imply those defined. In addition, benefiting from DL reasoning, attribute delegations that are modeled as semantic relations among attributes can be retrieved by our approach as the evidence of a negotiator’s satisfaction of an access control policy. This evidence is quite necessary in the ATN environment where negotiators are usually strangers belonging to different domains without a common knowledge of delegations.

[1]  Ninghui Li,et al.  Safety in automated trust negotiation , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[2]  Marianne Winslett,et al.  Negotiating Trust on the Web , 2002, IEEE Internet Comput..

[3]  Ninghui Li,et al.  Design of a role-based trust-management framework , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[4]  Diego Calvanese,et al.  The Description Logic Handbook: Theory, Implementation, and Applications , 2003, Description Logic Handbook.

[5]  Marianne Winslett,et al.  Towards an efficient and language-agnostic compliance checker for trust negotiation systems , 2008, ASIACCS '08.

[6]  Elisa Bertino,et al.  /spl Xscr/-TNL: an XML-based language for trust negotiations , 2003, Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks.

[7]  Ninghui Li,et al.  Beyond proof-of-compliance: security analysis in trust management , 2005, JACM.

[8]  Marianne Winslett,et al.  PeerTrust: Automated Trust Negotiation for Peers on the Semantic Web , 2004, Secure Data Management.

[9]  Ninghui Li,et al.  Protecting sensitive attributes in automated trust negotiation , 2002, WPES '02.

[10]  Michael D. Jones,et al.  Responding to policies at runtime in TrustBuilder , 2004, Proceedings. Fifth IEEE International Workshop on Policies for Distributed Systems and Networks, 2004. POLICY 2004..

[11]  Peter Sewell,et al.  Cassandra: distributed access control policies with tunable expressiveness , 2004, Proceedings. Fifth IEEE International Workshop on Policies for Distributed Systems and Networks, 2004. POLICY 2004..

[12]  Khaled M. Khan,et al.  Compliance Checking for Usage-Constrained Credentials in Trust Negotiation Systems , 2012, ISC.

[13]  Elisa Bertino,et al.  A Flexible Approach to Multisession Trust Negotiations , 2012, IEEE Transactions on Dependable and Secure Computing.

[14]  Fabio Casati,et al.  Modeling Trust Negotiation for Web Services , 2009, Computer.

[15]  Marianne Winslett,et al.  Limiting the Disclosure of Access Control Policies during Automated Trust Negotiation , 2001, NDSS.

[16]  K.E. Seamons,et al.  Automated trust negotiation , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[17]  Ninghui Li,et al.  RT: a Role-based Trust-management framework , 2003, Proceedings DARPA Information Survivability Conference and Exposition.

[18]  Marianne Winslett,et al.  Interoperable strategies in automated trust negotiation , 2001, CCS '01.

[19]  Yarden Katz,et al.  Pellet: A practical OWL-DL reasoner , 2007, J. Web Semant..