Referee: trust management for Web applications
World Wide Web Journal - Special issue: Web security: a matter of trust
Regulating service access and information release on the Web
Proceedings of the 7th ACM conference on Computer and communications security
ACM Transactions on Information and System Security (TISSEC)
IEEE Internet Computing
Compliance Checking in the PolicyMaker Trust Management System
FC '98 Proceedings of the Second International Conference on Financial Cryptography
X -TNL: An XML-based Language for Trust Negotiations
POLICY '03 Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks
Design of a Role-Based Trust-Management Framework
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Requirements for Policy Languages for Trust Negotiation
POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
Towards Practical Automated Trust Negotiation
POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
Decentralized Trust Management
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
Access Control Meets Public Key Infrastructure, Or: Assigning Roles to Strangers
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
Trust-X: A Peer-to-Peer Framework for Trust Establishment
IEEE Transactions on Knowledge and Data Engineering
Responding to Policies at Runtime in TrustBuilder
POLICY '04 Proceedings of the Fifth IEEE International Workshop on Policies for Distributed Systems and Networks
Cassandra: Distributed Access Control Policies with Tunable Expressiveness
POLICY '04 Proceedings of the Fifth IEEE International Workshop on Policies for Distributed Systems and Networks
Distributed Proving in Access-Control Systems
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Automated trust negotiation using cryptographic credentials
Proceedings of the 12th ACM conference on Computer and communications security
CPOL: high-performance policy evaluation
Proceedings of the 12th ACM conference on Computer and communications security
PeerAccess: a logic for distributed authorization
Proceedings of the 12th ACM conference on Computer and communications security
Point-based trust: define how much privacy is worth
ICICS'06 Proceedings of the 8th international conference on Information and Communications Security
Towards a dynamic and composable model of trust
Proceedings of the 14th ACM symposium on Access control models and technologies
Trust negotiation: authorization for virtual organizations
Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies
Effective trust management through a hybrid logical and relational approach
ASIACCS '10 Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security
Privacy-preserving trust verification
Proceedings of the 15th ACM symposium on Access control models and technologies
Supporting privacy preferences in credential-based interactions
Proceedings of the 9th annual ACM workshop on Privacy in the electronic society
Receipt-mode trust negotiation: efficient authorization through outsourced interactions
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
Integrating trust management and access control in data-intensive Web applications
ACM Transactions on the Web (TWEB)
An XML-based protocol for improving trust negotiation between Web Services
Proceedings of the 27th Annual ACM Symposium on Applied Computing
Compliance checking for usage-constrained credentials in trust negotiation systems
ISC'12 Proceedings of the 15th international conference on Information Security
An ontology-based approach to automated trust negotiation
Computer Standards & Interfaces
| Hi-index | 0.00 |
To ensure that a trust negotiation succeeds whenever possible, authorization policy compliance checkers must be able to find all minimal sets of their owners' credentials that can be used to satisfy a given policy. If all of these sets can be found efficiently prior to choosing which set should be disclosed, many strategic benefits can also be realized. Unfortunately, solving this problem using existing compliance checkers is too inefficient to be useful in practice. Specifically, the overheads of finding all satisfying sets using existing approaches have been shown to rapidly grow exponentially in the size of the union of all satisfying sets of credentials for the policy, even after optimizations have been made to prune the search space for potential satisfying sets. In this paper, we describe the Clouseau compliance checker. Clouseau leverages efficient pattern-matching algorithms to find all satisfying sets of credentials for a given policy in time that grows as O(NA), where N is the number of satisfying sets for the policy and A is the average size of each satisfying set. We describe the design and implementation of the Clouseau compliance checker, evaluate its performance, and show that it vastly outperforms existing approaches to finding all satisfying sets of credentials. We then present a method for automatically compiling RT policies into a format suitable for analysis by Clouseau and prove its correctness and completeness.