skip to main content
research-article

Maintaining control while delegating trust: Integrity constraints in trust management

Published:06 November 2009Publication History
Skip Abstract Section

Abstract

We introduce the use, monitoring, and enforcement of integrity constraints in trust management-style authorization systems. We consider what portions of the policy state must be monitored to detect violations of integrity constraints. Then, we address the fact that not all participants in a trust-management system can be trusted to assist in such monitoring, and show how many integrity constraints can be monitored in a conservative manner so that trusted participants detect and report if the system enters a policy state from which evolution in unmonitored portions of the policy could lead to a constraint violation.

Skip Supplemental Material Section

Supplemental Material

References

  1. Apt, K. R. 1997. From Logic Programming to Prolog. Prentice Hall, Upper Saddle River, NJ. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. Blaze, M., Feigenbaum, J., Ioannidis, J., and Keromytis, A. 1999a. The KeyNote trust management system, version 2. IETF RFC 2704.Google ScholarGoogle Scholar
  3. Blaze, M., Feigenbaum, J., Ioannidis, J., and Keromytis, A. 1999b. The role of trust management in distributed systems security. In Secure Internet Programming: Security Issues for Mobile and Distributed Objects, J. Vitek and C. Jensen, Eds. Springer-Verlag, Berlin, 185--210. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. Blaze, M., Feigenbaum, J., and Lacy, J. 1996. Decentralized trust management. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE, Los Alamitos, CA, 164--173. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. Clarke, D., Elien, J.-E., Ellison, C., Fredette, M., Morcos, A., and Rivest, R. 2001. Certificate chain discovery in SPKI/SDSI. J. Comput. Secur. 9, 4, 285--322. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. Dowling, W. F. and Gallier, J. H. 1984. Linear-time algorithms for testing the satisfiability of propositional horn formulae. J. Logic Program. 1, 3, 267--284.Google ScholarGoogle ScholarCross RefCross Ref
  7. Ellison, C., Frantz, B., Lampson, B., Rivest, R., Thomas, B., and Ylonen, T. 1999. SPKI certificate theory. IETF RFC 2693.Google ScholarGoogle Scholar
  8. Etalle, S. and Winsborough, W. H. 2005. Integrity constraints in trust management--extended abstract. In Proceedings of the 10th ACM Symposium on Access Control Models and Technologies (SACMAT'05). ACM, New York, 1--10. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. Godfrey, P., Grant, J., Gryz, J., and Minker, J. 1998. Integrity constraints: Semantics and applications. In Logics for Databases and Information Systems, J. Chomicki and G. Saake, Eds. Kluwer Academic, The Netherlands, 265--306. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. Gofman, M., Luo, R., Solomon, A., Zhang, Y., Yang, P., and Stoller, S. 2009. Rbac-pat: A policy analysis tool for role based access control. In Proceedings of the 15th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS'09). Springer-Verlag, Berlin. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. Gunter, C. and Jim, T. 2000. Policy-directed certificate retrieval. Softw. Pract. Exp. 30, 15, 1609--1640. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. Harrison, M., Ruzzo, W., and Ullman, J. 1976. Protection in operating systems. Comm. ACM 19, 8, 461--471. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. Jajodia, S. and Sandhu, R. 1991. Toward a multilevel secure relational data model. In Proceedings of the ACM International SIGMOD Conference on Management of Data. ACM, New York, 50--59. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. Jim, T. 2001. SD3: A trust management system with certified evaluation. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE, Los Alamitos, CA, 106--115. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. Kowalski, R., Sadri, F., and Soper, P. 1987. Integrity checking in deductive databases. In Proceedings of 13th International Conference on Very Large Databases (VLDB'97). Morgan Kaufmann, San Francisco, CA, 61--69. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. Li, N., Grosof, B., and Feigenbaum, J. 2003. Delegation logic: A logic-based approach to distributed authorization. ACM Trans. Inf. Syst. Secur. 6, 1, 128--171. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. Li, N., Mitchell, J., and Winsborough, W. 2002. Design of a role-based trust management framework. In Proceedings of the IEEE Symposium on Research in Security and Privacy. IEEE, Los Alamitos, CA, 114--130. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. Li, N. and Mitchell, J. C. 2003. Datalog with constraints: A foundation for trust management languages. In Proceedings of the 5th International Symposium on Practical Aspects of Declarative Languages (PADL'03). Springer-Verlag, Berlin, 58--73. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. Li, N., Mitchell, J. C., and Winsborough, W. H. 2005. Beyond proof-of-compliance: Security analysis in trust management. J. ACM 52, 3, 474--514. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. Li, N. and Tripunitara, M. V. 2006. Security analysis in role-based access control. ACM Trans. Inf. Syst. Secur. 9, 4, 391--420. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. Li, N., Winsborough, W., and Mitchell, J. 2003. Distributed credential chain discovery in trust management. J. Comput. Secur. 11, 1, 35--86. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. Lloyd, J. W., Sonenberg, L., and Topor, R. W. 1987. Integrity constraint checking in stratified databases. J. Logic Program. 4, 4, 331--343. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. Lloyd, J. W. and Topor, R. W. 1985. A basis for deductive database systems. J. Logic Program. 2, 2, 93--109.Google ScholarGoogle ScholarCross RefCross Ref
  24. Lloyd, J. W. and Topor, R. W. 1986. A basis for deductive database systems ii. J. Logic Program. 3, 1, 55--67. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. Olivé, A. 1991. Integrity constraints checking in deductive databases. In Proceedings of the 17th International Conference on Very Large Databases (VLDB'91). Morgan Kaufmann, San Francisco, CA, 513--523. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. Reith, M., Niu, J., and Winsborough, W. H. 2009. Towards practical analysis for trust management policy. In Proceedings of the ACM Symposium on Information, Computer and Communication Security (ASIACCS'09). ACM, New York. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. Rivest, R. and Lampson, B. 1996. SDSI—a simple distributed security infrastructure. http://theory.lcs.mit.edu/_rivest/sdsi11.html.Google ScholarGoogle Scholar
  28. Sandhu, R., Bhamidipati, V., and Munawer, Q. 1999. The arbac97 model for role-based administration of roles. ACM Trans. Inf. Syst. Secur. 2, 1, 105--135. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. Sandhu, R., Coyne, E., Feinstein, H., and Youman, C. 1996. Role-based access control models. IEEE Comput. 29, 2, 38--47. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. Sasturkar, A., Yang, P., Stoller, S. D., and Ramakrishnan, C. R. 2006. Policy analysis for administrative role based access control. In Proceedings of the 19th IEEE Computer Security Foundations Workshop (CSFW'06). IEEE, Los Alamitos, CA, 124--138. Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. Sistla, A. P. and Zhou, M. 2008. Analysis of dynamic policies. Inf. Comput. 206, 2--4, 185--212. Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. Stoller, S., Yang, P., Ramakrishnan, C. R., and Gofman, M. 2007. Efficient policy analysis for administrative role based access control. In Proceedings of the ACM Conference on Computer and Communication Security (CCS'07). ACM, New York, 445--455. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. Weeks, S. 2001. Understanding trust management systems. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE, Los Alamitos, CA, 94--105. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Maintaining control while delegating trust: Integrity constraints in trust management

          Recommendations

          Comments

          Login options

          Check if you have access through your login credentials or your institution to get full access on this article.

          Sign in

          Full Access

          • Published in

            cover image ACM Transactions on Information and System Security
            ACM Transactions on Information and System Security  Volume 13, Issue 1
            October 2009
            289 pages
            ISSN:1094-9224
            EISSN:1557-7406
            DOI:10.1145/1609956
            Issue’s Table of Contents

            Copyright © 2009 ACM

            Publisher

            Association for Computing Machinery

            New York, NY, United States

            Publication History

            • Published: 6 November 2009
            • Revised: 1 February 2009
            • Accepted: 1 February 2009
            • Received: 1 November 2006
            Published in tissec Volume 13, Issue 1

            Permissions

            Request permissions about this article.

            Request Permissions

            Check for updates

            Qualifiers

            • research-article
            • Research
            • Refereed

          PDF Format

          View or Download as a PDF file.

          PDF

          eReader

          View online with eReader.

          eReader
          About Cookies On This Site

          We use cookies to ensure that we give you the best experience on our website.

          Learn more

          Got it!