Towards a credential-based implementation of compound access control policies

Authors:
Joachim Biskup;Sandra Wortmann
Affiliations:
University of Dortmund, Dortmund, Germany;University of Dortmund, Dortmund, Germany
Venue:
Proceedings of the ninth ACM symposium on Access control models and technologies
Year:
2004

Citing 13
Cited 3

Security without identification: transaction systems to make big brother obsolete

Communications of the ACM
A unified framework for enforcing multiple access control policies

SIGMOD '97 Proceedings of the 1997 ACM SIGMOD international conference on Management of data
A flexible authorization mechanism for relational data management systems

ACM Transactions on Information Systems (TOIS)
On SDSI's linked local name spaces

Journal of Computer Security
A logic for SDSI's linked local name spaces

Journal of Computer Security
An algebra for composing access control policies

ACM Transactions on Information and System Security (TISSEC)
Certificate chain discovery in SPKI?SDSI

Journal of Computer Security
Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy

Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy
Distributed Systems: Principles and Paradigms

Distributed Systems: Principles and Paradigms
Supporting structured credentials and sensitive policies through interoperable strategies for automated trust negotiation

ACM Transactions on Information and System Security (TISSEC)
Access Control: Policies, Models, and Mechanisms

FOSAD '00 Revised versions of lectures given during the IFIP WG 1.7 International School on Foundations of Security Analysis and Design on Foundations of Security Analysis and Design: Tutorial Lectures
Decentralized Trust Management

SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
A compositional framework for access control policies enforcement

Proceedings of the 2003 ACM workshop on Formal methods in security engineering

Specification and enforcement of flexible security policy for active cooperation

Information Sciences: an International Journal
Mediator-free secure policy interoperation of exclusively-trusted multiple domains

ISPEC'08 Proceedings of the 4th international conference on Information security practice and experience
An approach for trusted interoperation in a multidomain environment

ATC'06 Proceedings of the Third international conference on Autonomic and Trusted Computing

Quantified Score

Hi-index	0.00

Visualization

Abstract

We describe a layered approach to access control for distributed and interoperable computing systems. Firstly, compound access control policies are conceptually specified, using the policy algebra proposed by Bonatti, Capitani di Vimercati and Samarati. Secondly, SPKI/SDSI is exploited to implement and to enforce a policy specification by means of credentials. Therefore, SPKI/SDSI is slightly extended, in particular in order to allow algebra expressions over local names as subjects in authorisation certificates and to deal with the subtraction operator of the algebra. Besides presenting the overall approach, the paper elaborates some details for a still powerful fraction of the policy algebra, thereby examining the correctness of the credential-based implementation.