Security without identification: transaction systems to make big brother obsolete
Communications of the ACM
A unified framework for enforcing multiple access control policies
SIGMOD '97 Proceedings of the 1997 ACM SIGMOD international conference on Management of data
A flexible authorization mechanism for relational data management systems
ACM Transactions on Information Systems (TOIS)
On SDSI's linked local name spaces
Journal of Computer Security
A logic for SDSI's linked local name spaces
Journal of Computer Security
An algebra for composing access control policies
ACM Transactions on Information and System Security (TISSEC)
Certificate chain discovery in SPKI?SDSI
Journal of Computer Security
Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy
Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy
Distributed Systems: Principles and Paradigms
Distributed Systems: Principles and Paradigms
ACM Transactions on Information and System Security (TISSEC)
Access Control: Policies, Models, and Mechanisms
FOSAD '00 Revised versions of lectures given during the IFIP WG 1.7 International School on Foundations of Security Analysis and Design on Foundations of Security Analysis and Design: Tutorial Lectures
Decentralized Trust Management
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
A compositional framework for access control policies enforcement
Proceedings of the 2003 ACM workshop on Formal methods in security engineering
Specification and enforcement of flexible security policy for active cooperation
Information Sciences: an International Journal
Mediator-free secure policy interoperation of exclusively-trusted multiple domains
ISPEC'08 Proceedings of the 4th international conference on Information security practice and experience
An approach for trusted interoperation in a multidomain environment
ATC'06 Proceedings of the Third international conference on Autonomic and Trusted Computing
Hi-index | 0.00 |
We describe a layered approach to access control for distributed and interoperable computing systems. Firstly, compound access control policies are conceptually specified, using the policy algebra proposed by Bonatti, Capitani di Vimercati and Samarati. Secondly, SPKI/SDSI is exploited to implement and to enforce a policy specification by means of credentials. Therefore, SPKI/SDSI is slightly extended, in particular in order to allow algebra expressions over local names as subjects in authorisation certificates and to deal with the subtraction operator of the algebra. Besides presenting the overall approach, the paper elaborates some details for a still powerful fraction of the policy algebra, thereby examining the correctness of the credential-based implementation.