Knowledge Representation, Reasoning, and Declarative Problem Solving
Knowledge Representation, Reasoning, and Declarative Problem Solving
Design of a Role-Based Trust-Management Framework
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Requirements for Policy Languages for Trust Negotiation
POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
Towards Practical Automated Trust Negotiation
POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
Logic in Computer Science: Modelling and Reasoning about Systems
Logic in Computer Science: Modelling and Reasoning about Systems
Responding to Policies at Runtime in TrustBuilder
POLICY '04 Proceedings of the Fifth IEEE International Workshop on Policies for Distributed Systems and Networks
Distributed Proving in Access-Control Systems
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Towards an efficient and language-agnostic compliance checker for trust negotiation systems
Proceedings of the 2008 ACM symposium on Information, computer and communications security
Automated trust negotiation using cryptographic credentials
ACM Transactions on Information and System Security (TISSEC)
Constraining Credential Usage in Logic-Based Access Control
CSF '10 Proceedings of the 2010 23rd IEEE Computer Security Foundations Symposium
Information Flow in Credential Systems
CSF '10 Proceedings of the 2010 23rd IEEE Computer Security Foundations Symposium
Hi-index | 0.00 |
We propose an approach to placing usage-constraints on RT credentials; issuers specify constraints by designing non-deterministic finite automata. We show by examples that this approach can express constraints of practical interest. We present a compliance checker in the presence of usage-constraints, especially for trust negotiation systems. Given an RT policy, the checker is able to find all minimal satisfying sets, each of which uses credentials in a way consistent with given constraints. The checker leverages answer set programming, a declarative logic programming paradigm, to model and solve the problem. We also show preliminary experimental results: supporting usage-constraints on credentials incurs affordable overheads and the checker responds efficiently.