ACM Transactions on Computer Systems (TOCS)
A calculus for access control in distributed systems
ACM Transactions on Programming Languages and Systems (TOPLAS)
CCS '99 Proceedings of the 6th ACM conference on Computer and communications security
A lattice model of secure information flow
Communications of the ACM
DATALOG with Constraints: A Foundation for Trust Management Languages
PADL '03 Proceedings of the 5th International Symposium on Practical Aspects of Declarative Languages
Distributed credential chain discovery in trust management
Journal of Computer Security
Design of a Role-Based Trust-Management Framework
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Decentralized Trust Management
Decentralized Trust Management
Access control for the web via proof-carrying authorization
Access control for the web via proof-carrying authorization
Trust but verify: authorization for web services
SWS '04 Proceedings of the 2004 workshop on Secure web service
A survey of trust in internet applications
IEEE Communications Surveys & Tutorials
Specifying distributed trust management in LolliMon
Proceedings of the 2006 workshop on Programming languages and analysis for security
Toward measuring network security using attack graphs
Proceedings of the 2007 ACM workshop on Quality of protection
Risk management for distributed authorization
Journal of Computer Security
Measuring the overall security of network configurations using attack graphs
Proceedings of the 21st annual IFIP WG 11.3 working conference on Data and applications security
RAR: A role-and-risk based flexible framework for secure collaboration
Future Generation Computer Systems
| Hi-index | 0.00 |
Distributed authorization takes into account several elements, including certificates that may be provided by non-local actors. While most trust management systems treat all assertions as equally valid up to certificate authentication, realistic considerations may associate risk with some of these elements; some actors may be less trusted than others, some elements may be more computationally expensive to obtain, and so forth. Furthermore, practical online authorization may require certain levels of risk to be tolerated. In this paper, we introduce a trust management logic that incorporates formal risk assessment. This formalization allows risk levels to be associated with authorization elements, and promotes development of a distributed authorization algorithm allowing tolerable levels of risk to be precisely specified and rigorously enforced.