Authentication in distributed systems: theory and practice
ACM Transactions on Computer Systems (TOCS)
Selected papers of the 9th annual ACM SIGACT-SIGMOD-SIGART symposium on Principles of database systems
Delegation logic: A logic-based approach to distributed authorization
ACM Transactions on Information and System Security (TISSEC)
DATALOG with Constraints: A Foundation for Trust Management Languages
PADL '03 Proceedings of the 5th International Symposium on Practical Aspects of Declarative Languages
Using Authority Certificates to Create Management Structures
Revised Papers from the 9th International Workshop on Security Protocols
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Design of a Role-Based Trust-Management Framework
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Cassandra: Flexible Trust Management, Applied to Electronic Health Records
CSFW '04 Proceedings of the 17th IEEE workshop on Computer Security Foundations
Decentralized trust management
SP'96 Proceedings of the 1996 IEEE conference on Security and privacy
SP'88 Proceedings of the 1988 IEEE conference on Security and privacy
An authorization framework based on constrained delegation
ISPA'04 Proceedings of the Second international conference on Parallel and Distributed Processing and Applications
Trust management with safe privilege propagation
APPT'05 Proceedings of the 6th international conference on Advanced Parallel Processing Technologies
Hi-index | 0.00 |
Delegation is essential to the flexibility and scalability of trust management systems. But unrestricted delegation may result in privilege proliferation and breach the privacy of information systems. The delegation models of existing trust management systems can not avoid privilege transition, and being lack of effective constraints on delegation propagation, which may easily lead to privilege proliferation. In this paper, we propose a generalized constrained delegation model (GCDM), which uses typed privileges to control potential privilege transition, and restricts the propagation scope of delegation trees by a novel delegation constraint mechanism named spacial constraints. This paper also designs a rule-based trust management language named REAL05 to express the policies and semantics for GCDM. REAL05 supports flexible delegation policies while can control the potential privilege proliferation in subsequent delegations. Comprehensive samples and simulation results show that our approach is more controllable and practical.