Synchronisation in Trust Management Using Push Authorisation

Traditional trust management authorisation decisions for distributed technologies, are, in general, based on the history of the authorisations/computation to date. We consider this a pull authorisation strategy: the authorisation decision reflects the current and/or past authorisations. In this paper, we examine this pull strategy and propose an alternative form of authorisation in a distributed environment. Instead of 'pulling' the information required for the current authorisation decisions from the past, authorisation decisions are made to specify what will happen in the future. This strategy is called push authorisation. When a push decision is made, its result is pushed to just the relevant protection mechanisms. This approach allows the creation of distributed separation of duties policies, without requiring additional synchronisation between components in the execution. It allows present actions to inform future authorisation decisions, before those decisions must be made.

[1]  J. Feigenbaum,et al.  The KeyNote trust management system version2, IETF RFC 2704 , 1999 .

[2]  Vijayalakshmi Atluri,et al.  A Chinese wall security model for decentralized workflow systems , 2001, CCS '01.

[3]  Simon N. Foley,et al.  Secure Component Distribution Using WebCom , 2002, SEC.

[4]  C. Weissman Security controls in the ADEPT-50 time-sharing system , 1899, AFIPS '69 (Fall).

[5]  Butler W. Lampson,et al.  SPKI Certificate Theory , 1999, RFC.

[6]  Ronald L. Rivest,et al.  SDSI - A Simple Distributed Security Infrastructure , 1996 .

[7]  Michael J. Nash,et al.  The Chinese Wall security policy , 1989, Proceedings. 1989 IEEE Symposium on Security and Privacy.

[8]  Jim Alves-Foss,et al.  A Trace-Based Model of the Chinese Wall Security Policy , 1999 .

[9]  Michael J. Nash,et al.  Some conundrums concerning separation of duty , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[10]  John P. Morrison,et al.  WebCom-G: Grid Enabled Metacomputing , 2004, Neural Parallel Sci. Comput..

[11]  Joan Feigenbaum,et al.  The KeyNote Trust-Management System Version 2 , 1999, RFC.

[12]  S. Radia Naming policies in the Spring system , 1994, Proceedings of IEEE Workshop on Services for Distributed and Networked Environments.

[13]  John P. Morrison,et al.  Condensed graphs : unifying availability-driven, coercion-driven and control-driven computing , 1996 .

[14]  Simon N. Foley,et al.  Security in WebCom: addressing naming issues for a web services architecture , 2004, SWS '04.

[15]  D. B. Davis,et al.  Sun Microsystems Inc. , 1993 .