ACM Transactions on Computer Systems (TOCS)
A calculus for access control in distributed systems
ACM Transactions on Programming Languages and Systems (TOPLAS)
Authentication metric analysis and design
ACM Transactions on Information and System Security (TISSEC)
CCS '99 Proceedings of the 6th ACM conference on Computer and communications security
A lattice model of secure information flow
Communications of the ACM
Policy-directed certificate retrieval
Software—Practice & Experience
ConChord: Cooperative SDSI Certificate Storage and Name Resolution
IPTPS '01 Revised Papers from the First International Workshop on Peer-to-Peer Systems
Distributed credential chain discovery in trust management
Journal of Computer Security
Design of a Role-Based Trust-Management Framework
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Decentralized Trust Management
Decentralized Trust Management
Access control for the web via proof-carrying authorization
Access control for the web via proof-carrying authorization
Delegation Depth Control in Trust-Management System
AINA '05 Proceedings of the 19th International Conference on Advanced Information Networking and Applications - Volume 2
Risk assessment in distributed authorization
Proceedings of the 2005 ACM workshop on Formal methods in security engineering
Trust but verify: authorization for web services
SWS '04 Proceedings of the 2004 workshop on Secure web service
A survey of trust in internet applications
IEEE Communications Surveys & Tutorials
Authorization in trust management: Features and foundations
ACM Computing Surveys (CSUR)
Influence of attribute freshness on decision making in usage control
STM'10 Proceedings of the 6th international conference on Security and trust management
Risk-Based auto-delegation for probabilistic availability
DPM'11 Proceedings of the 6th international conference, and 4th international conference on Data Privacy Management and Autonomous Spontaneus Security
Hi-index | 0.00 |
Distributed authorization takes into account several elements, including certificates that may be provided by non-local actors. While most trust management systems treat all assertions as equally valid up to certificate authentication, realistic considerations may associate risk with some of these elements, for example some actors may be less trusted than others. Furthermore, practical online authorization may require certain levels of risk to be tolerated. In this paper, we introduce a trust management logic based on the system RT that incorporates formal risk assessment. This formalization allows risk levels to be associated with authorization, and authorization risk thresholds to be precisely specified and enforced. We also develop an algorithm for automatic authorization in a distributed environment, that is directed by risk considerations. A variety of practical applications are discussed.