Abstract
The family of Role-based Trust management languages is used for representing security policies by defining a formalism, which uses credentials to handle trust in decentralized, distributed access control systems. A credential provides information about the privileges of users and the security policies issued by one or more trusted authorities. The main topic of this paper is RT⊖, a language which provides a carefully controlled form of non-monotonicity. The core part of the paper defines two different semantics of RT⊖ language – a relational, set-theoretic semantics for the language, and an inference system, which is a kind of operational semantics. The set-theoretic semantics maps roles to a set of entity names. In the operational semantics credentials can be derived from an initial set of credentials using a set of inference rules. The soundness and the completeness of the inference system with respect to the set-theoretic semantics of RT⊖ will be proven.
Publisher
National Institute of Telecommunications
Reference17 articles.
1. M. R. Czenko et al., ”Nonmonotonic Trust Management for P2P Applications”, in Proc. 1st Int. Worksh. Secur. Trust Manag. STM 2005, Milan, Italy, 2005.
2. R. S. Sandhu, E. J. Coyne, H. L. Feinstein, and C. E. Youman, ”Role-based access control models”, IEEE Comp., vol. 29, pp. 38–47, 1996.
3. M. Blaze, J. Feigenbaum, and M. Strauss, ”Compliance checking in the PolicyMaker trust management system”, in Proc. 2nd Int. Conf. Financial Cryptogr., London, UK, 1998, pp. 254–274.
4. M. Blaze, J. Feigenbaum, and A. D. Keromytis, ”The role of trust management in distributed systems security” in Secure Internet Programming, J. Vitek, C. Damsgaard Jensen, Eds. London: Springer, 1999, pp. 185–210.
5. D. Clarke et al., ”Certificate chain discovery in SPKI/SDSI”, J. Comp. Secur., vol. 9, pp. 285–322, 2001.