Risk management for distributed authorization

Authors:
Christian Skalka;X. Sean Wang;Peter Chapin
Affiliations:
Correspd. Department of Computer Science, University of Vermont, Burlington, VT 05405, USA. Tel.: +1 802 656 1920/ E-mail: skalka@cs.uvm.edu;-;University of Vermont
Venue:
Journal of Computer Security
Year:
2007

Citing 15
Cited 3

A logic of authentication

ACM Transactions on Computer Systems (TOCS)
A calculus for access control in distributed systems

ACM Transactions on Programming Languages and Systems (TOPLAS)
Authentication metric analysis and design

ACM Transactions on Information and System Security (TISSEC)
Proof-carrying authentication

CCS '99 Proceedings of the 6th ACM conference on Computer and communications security
A lattice model of secure information flow

Communications of the ACM
Policy-directed certificate retrieval

Software—Practice & Experience
ConChord: Cooperative SDSI Certificate Storage and Name Resolution

IPTPS '01 Revised Papers from the First International Workshop on Peer-to-Peer Systems
Distributed credential chain discovery in trust management

Journal of Computer Security
Design of a Role-Based Trust-Management Framework

SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Decentralized Trust Management

Decentralized Trust Management
Access control for the web via proof-carrying authorization

Access control for the web via proof-carrying authorization
Delegation Depth Control in Trust-Management System

AINA '05 Proceedings of the 19th International Conference on Advanced Information Networking and Applications - Volume 2
Risk assessment in distributed authorization

Proceedings of the 2005 ACM workshop on Formal methods in security engineering
Trust but verify: authorization for web services

SWS '04 Proceedings of the 2004 workshop on Secure web service
A survey of trust in internet applications

IEEE Communications Surveys & Tutorials

Authorization in trust management: Features and foundations

ACM Computing Surveys (CSUR)
Influence of attribute freshness on decision making in usage control

STM'10 Proceedings of the 6th international conference on Security and trust management
Risk-Based auto-delegation for probabilistic availability

DPM'11 Proceedings of the 6th international conference, and 4th international conference on Data Privacy Management and Autonomous Spontaneus Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

Distributed authorization takes into account several elements, including certificates that may be provided by non-local actors. While most trust management systems treat all assertions as equally valid up to certificate authentication, realistic considerations may associate risk with some of these elements, for example some actors may be less trusted than others. Furthermore, practical online authorization may require certain levels of risk to be tolerated. In this paper, we introduce a trust management logic based on the system RT that incorporates formal risk assessment. This formalization allows risk levels to be associated with authorization, and authorization risk thresholds to be precisely specified and enforced. We also develop an algorithm for automatic authorization in a distributed environment, that is directed by risk considerations. A variety of practical applications are discussed.