The complexity of promise problems with applications to public-key cryptography
Information and Control
PICS: Internet access controls without censorship
Communications of the ACM
Safe kernel extensions without run-time checking
OSDI '96 Proceedings of the second USENIX symposium on Operating systems design and implementation
Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Referee: trust management for Web applications
World Wide Web Journal - Special issue: Web security: a matter of trust
The Java Language Specification
The Java Language Specification
Compliance Checking in the PolicyMaker Trust Management System
FC '98 Proceedings of the Second International Conference on Financial Cryptography
Decentralized Trust Management
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
Introducing new Internet services: why and how
IEEE Network: The Magazine of Global Internetworking
The SwitchWare active network architecture
IEEE Network: The Magazine of Global Internetworking
A secure active network environment architecture: realization in SwitchWare
IEEE Network: The Magazine of Global Internetworking
Distributed access-rights management with delegation certificates
Secure Internet programming
Mutual protection of co-operating agents
Secure Internet programming
Secure Internet programming
IWAN '00 Proceedings of the Second International Working Conference on Active Networks
Certificate Distribution with Local Autonomy
IWAN '00 Proceedings of the Second International Working Conference on Active Networks
Access Control: Policies, Models, and Mechanisms
FOSAD '00 Revised versions of lectures given during the IFIP WG 1.7 International School on Foundations of Security Analysis and Design on Foundations of Security Analysis and Design: Tutorial Lectures
CAiSE '02/ WES '02 Revised Papers from the International Workshop on Web Services, E-Business, and the Semantic Web
Different Smartcard-Based Approaches to Physical Access Control
InfraSec '02 Proceedings of the International Conference on Infrastructure Security
Trustworthy service composition: challenges and research questions
AAMAS'02 Proceedings of the 2002 international conference on Trust, reputation, and security: theories and practice
Nexus authorization logic (NAL): Design rationale and applications
ACM Transactions on Information and System Security (TISSEC)
Access control via belnap logic: Intuitive, expressive, and analyzable policy composition
ACM Transactions on Information and System Security (TISSEC)
Implementing credential networks
iTrust'06 Proceedings of the 4th international conference on Trust Management
On complexity of grammars related to the safety problem
ICALP'06 Proceedings of the 33rd international conference on Automata, Languages and Programming - Volume Part II
PDTM: a policy-driven trust management framework in distributed systems
CIS'05 Proceedings of the 2005 international conference on Computational Intelligence and Security - Volume Part II
A formalization of distributed authorization with delegation
ACISP'05 Proceedings of the 10th Australasian conference on Information Security and Privacy
Trust-Based secure workflow path construction
ICSOC'05 Proceedings of the Third international conference on Service-Oriented Computing
Role-Based delegation with negative authorization
APWeb'06 Proceedings of the 8th Asia-Pacific Web conference on Frontiers of WWW Research and Development
Toward a broader view of security protocols
SP'04 Proceedings of the 12th international conference on Security Protocols
An authorization framework based on constrained delegation
ISPA'04 Proceedings of the Second international conference on Parallel and Distributed Processing and Applications
A delegation model for designing collaborative multi-agent systems
KES'05 Proceedings of the 9th international conference on Knowledge-Based Intelligent Information and Engineering Systems - Volume Part II
Modeling public key infrastructures in the real world
EuroPKI'05 Proceedings of the Second European conference on Public Key Infrastructure
Leftist grammars and the chomsky hierarchy
FCT'05 Proceedings of the 15th international conference on Fundamentals of Computation Theory
A behavior characteristics-based reputation evaluation method for grid entities
EGC'05 Proceedings of the 2005 European conference on Advances in Grid Computing
Combining trust and risk to reduce the cost of attacks
iTrust'05 Proceedings of the Third international conference on Trust Management
Semantic access control model: a formal specification
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
Reducing the dependence of SPKI/SDSI on PKI
ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security
Transfer of trust in event-based reputation systems
Theoretical Computer Science
Cryptographic protocol to establish trusted history of interactions
ESAS'06 Proceedings of the Third European conference on Security and Privacy in Ad-Hoc and Sensor Networks
Weighted pushdown systems and trust-management systems
TACAS'06 Proceedings of the 12th international conference on Tools and Algorithms for the Construction and Analysis of Systems
A distributed authorization system with mobile usage control policies
EUROCAST'11 Proceedings of the 13th international conference on Computer Aided Systems Theory - Volume Part I
Toward a trust management model for a configurable body sensor platform
Proceedings of the 6th International Conference on Body Area Networks
The semantics of role-based trust management languages
CEE-SET'09 Proceedings of the 4th IFIP TC 2 Central and East European conference on Advances in Software Engineering Techniques
A trust and context aware access control model for web services conversations
TrustBus'07 Proceedings of the 4th international conference on Trust, Privacy and Security in Digital Business
A logic for state-modifying authorization policies
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
DEAL: A Distributed Authorization Language for Ambient Intelligence
International Journal of Ambient Computing and Intelligence
A multi-dimensional and event-based model for trust computation in the social web
SocInfo'12 Proceedings of the 4th international conference on Social Informatics
Trust management of services in cloud environments: Obstacles and solutions
ACM Computing Surveys (CSUR)
Adaptiveness and social-compliance in trust management within virtual communities
Web Intelligence and Agent Systems - Web Intelligence and Communities
Information flow in trust management systems
Journal of Computer Security - CSF 2010
Hi-index | 0.00 |
Existing authorization mechanisms fail to provide powerful and robust tools for handling security at the scale necessary for today's Internet. These mechanisms are coming under increasing strain from the development and deployment of systems that increase the programmability of the Internet. Moreover, this "increased flexibility through programmability" trend seems to be accelerating with the advent of proposals such as Active Networking and Mobile Agents. The trust-management approach to distributed-system security was developed as an answer to the inadequacy of traditional authorization mechanisms. Trust-management engines avoid the need to resolve "identities" in an authorization decision. Instead, they express privileges and restrictions in a programming language. This allows for increased flexibility and expressibility, as well as standardization of modern, scalable security mechanisms. Further advantages of the trust-management approach include proofs that requested transactions comply with local policies and system architectures that encourage developers and administrators to consider an application's security policy carefully and specify it explicitly. In this paper, we examine existing authorization mechanisms and their inadequacies. We introduce the concept of trust management, explain its basic principles, and describe some existing trust-management engines, including PoHcyMaker and KeyNote. We also report on our experience using trust-management engines in several distributed-system applications.