Compliance checking for usage-constrained credentials in trust negotiation systems

Authors:
Jinwei Hu;Khaled M. Khan;Yun Bai;Yan Zhang
Affiliations:
Department of Computer Science, TU Darmstadt, Germany;Department of Computer Science and Engineering, Qatar University, Qatar;School of Computing and Mathematics, University of Western Sydney, Australia;School of Computing and Mathematics, University of Western Sydney, Australia
Venue:
ISC'12 Proceedings of the 15th international conference on Information Security
Year:
2012

Citing 11
Cited 0

Knowledge Representation, Reasoning, and Declarative Problem Solving

Knowledge Representation, Reasoning, and Declarative Problem Solving
Design of a Role-Based Trust-Management Framework

SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Requirements for Policy Languages for Trust Negotiation

POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
Towards Practical Automated Trust Negotiation

POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
Logic in Computer Science: Modelling and Reasoning about Systems

Logic in Computer Science: Modelling and Reasoning about Systems
Responding to Policies at Runtime in TrustBuilder

POLICY '04 Proceedings of the Fifth IEEE International Workshop on Policies for Distributed Systems and Networks
Distributed Proving in Access-Control Systems

SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Towards an efficient and language-agnostic compliance checker for trust negotiation systems

Proceedings of the 2008 ACM symposium on Information, computer and communications security
Automated trust negotiation using cryptographic credentials

ACM Transactions on Information and System Security (TISSEC)
Constraining Credential Usage in Logic-Based Access Control

CSF '10 Proceedings of the 2010 23rd IEEE Computer Security Foundations Symposium
Information Flow in Credential Systems

CSF '10 Proceedings of the 2010 23rd IEEE Computer Security Foundations Symposium

Quantified Score

Hi-index	0.00

Visualization

Abstract

We propose an approach to placing usage-constraints on RT credentials; issuers specify constraints by designing non-deterministic finite automata. We show by examples that this approach can express constraints of practical interest. We present a compliance checker in the presence of usage-constraints, especially for trust negotiation systems. Given an RT policy, the checker is able to find all minimal satisfying sets, each of which uses credentials in a way consistent with given constraints. The checker leverages answer set programming, a declarative logic programming paradigm, to model and solve the problem. We also show preliminary experimental results: supporting usage-constraints on credentials incurs affordable overheads and the checker responds efficiently.