Towards more controllable and practical delegation

Authors:
Gang Yin;Huaimin Wang;Dianxi Shi;Haiya Gu
Affiliations:
Department of Computer Science, National University of Defense Technology, Changsha, China;Department of Computer Science, National University of Defense Technology, Changsha, China;Department of Computer Science, National University of Defense Technology, Changsha, China;Agricultural Bank of China, Hunan Branch, China
Venue:
MMM-ACNS'05 Proceedings of the Third international conference on Mathematical Methods, Models, and Architectures for Computer Network Security
Year:
2005

Citing 11
Cited 1

Authentication in distributed systems: theory and practice

ACM Transactions on Computer Systems (TOCS)
Constraint query languages

Selected papers of the 9th annual ACM SIGACT-SIGMOD-SIGART symposium on Principles of database systems
Delegation logic: A logic-based approach to distributed authorization

ACM Transactions on Information and System Security (TISSEC)
DATALOG with Constraints: A Foundation for Trust Management Languages

PADL '03 Proceedings of the 5th International Symposium on Practical Aspects of Declarative Languages
Using Authority Certificates to Create Management Structures

Revised Papers from the 9th International Workshop on Security Protocols
Constrained Delegation

SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Design of a Role-Based Trust-Management Framework

SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Cassandra: Flexible Trust Management, Applied to Electronic Health Records

CSFW '04 Proceedings of the 17th IEEE workshop on Computer Security Foundations
Decentralized trust management

SP'96 Proceedings of the 1996 IEEE conference on Security and privacy
Cascaded authentication

SP'88 Proceedings of the 1988 IEEE conference on Security and privacy
An authorization framework based on constrained delegation

ISPA'04 Proceedings of the Second international conference on Parallel and Distributed Processing and Applications

Trust management with safe privilege propagation

APPT'05 Proceedings of the 6th international conference on Advanced Parallel Processing Technologies

Quantified Score

Hi-index	0.00

Visualization

Abstract

Delegation is essential to the flexibility and scalability of trust management systems. But unrestricted delegation may result in privilege proliferation and breach the privacy of information systems. The delegation models of existing trust management systems can not avoid privilege transition, and being lack of effective constraints on delegation propagation, which may easily lead to privilege proliferation. In this paper, we propose a generalized constrained delegation model (GCDM), which uses typed privileges to control potential privilege transition, and restricts the propagation scope of delegation trees by a novel delegation constraint mechanism named spacial constraints. This paper also designs a rule-based trust management language named REAL05 to express the policies and semantics for GCDM. REAL05 supports flexible delegation policies while can control the potential privilege proliferation in subsequent delegations. Comprehensive samples and simulation results show that our approach is more controllable and practical.