Trust management with safe privilege propagation

Authors:
Gang Yin;Huai-min Wang;Tao Liu;Ming-feng Chen;Dian-xi Shi
Affiliations:
School of Computer Science, National University of Defense Technology, China;School of Computer Science, National University of Defense Technology, China;School of Electronic Science and Engineering, National University of Defense Technology, China;China Xi’an Satellite Control Center;School of Computer Science, National University of Defense Technology, China
Venue:
APPT'05 Proceedings of the 6th international conference on Advanced Parallel Processing Technologies
Year:
2005

Citing 7
Cited 1

Constraint query languages

Selected papers of the 9th annual ACM SIGACT-SIGMOD-SIGART symposium on Principles of database systems
Delegation logic: A logic-based approach to distributed authorization

ACM Transactions on Information and System Security (TISSEC)
Design of a Role-Based Trust-Management Framework

SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
SD3: A Trust Management System with Certified Evaluation

SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Cassandra: Flexible Trust Management, Applied to Electronic Health Records

CSFW '04 Proceedings of the 17th IEEE workshop on Computer Security Foundations
Decentralized trust management

SP'96 Proceedings of the 1996 IEEE conference on Security and privacy
Towards more controllable and practical delegation

MMM-ACNS'05 Proceedings of the Third international conference on Mathematical Methods, Models, and Architectures for Computer Network Security

A framework for modeling restricted delegation in service oriented architecture

TrustBus'06 Proceedings of the Third international conference on Trust, Privacy, and Security in Digital Business

Quantified Score

Hi-index	0.00

Visualization

Abstract

Trust management uses delegation to enable decentralized authorization across administrative domains. Delegation passes one’s authority over resources to trusted entities and thus enables more flexible and scalable authorization. However, unrestricted delegation may result in privilege proliferation and breach the privacy of information systems. The delegation models of existing trust management systems do not provide effective control on delegation propagation, and the correctness of constraint enforcement mechanisms is not formally analyzed, which may lead to privilege proliferation. In this paper, we propose a role-based constrained delegation model (RCDM), which restricts the propagation scope of delegation trees by a novel delegation constraint mechanism named spacial constraint. This paper also introduces a rule-based language to specify the policies and the deduction algorithm for constrained delegation defined in RCDM. The soundness and completeness properties of the deduction algorithm ensure the safety and availability of our delegation model.