Database security
A unified framework for enforcing multiple access control policies
SIGMOD '97 Proceedings of the 1997 ACM SIGMOD international conference on Management of data
Referee: trust management for Web applications
World Wide Web Journal - Special issue: Web security: a matter of trust
An algebra for composing access control policies
ACM Transactions on Information and System Security (TISSEC)
A logic for uncertain probabilities
International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems
Web Services Security
Resolving Conflicts in Authorization Delegations
ACISP '02 Proceedings of the 7th Australian Conference on Information Security and Privacy
Proceedings of the International Workshop on Security Protocols
Compliance Checking in the PolicyMaker Trust Management System
FC '98 Proceedings of the Second International Conference on Financial Cryptography
The Eigentrust algorithm for reputation management in P2P networks
WWW '03 Proceedings of the 12th international conference on World Wide Web
Design of a Role-Based Trust-Management Framework
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Decentralized Trust Management
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
Using trust and risk in role-based access control policies
Proceedings of the ninth ACM symposium on Access control models and technologies
A user-centric anonymous authorisation framework in e-commerce environment
ICEC '04 Proceedings of the 6th international conference on Electronic commerce
Semantic constraints for trust transitivity
APCCM '05 Proceedings of the 2nd Asia-Pacific conference on Conceptual modelling - Volume 43
Conditional deduction under uncertainty
ECSQARU'05 Proceedings of the 8th European conference on Symbolic and Quantitative Approaches to Reasoning with Uncertainty
iTrust'05 Proceedings of the Third international conference on Trust Management
A survey of trust in internet applications
IEEE Communications Surveys & Tutorials
Using uncertainty in reputation methods to enforce cooperation in ad-hoc networks
WiSe '06 Proceedings of the 5th ACM workshop on Wireless security
A Mechanism for Identity Delegation at Authentication Level
NordSec '09 Proceedings of the 14th Nordic Conference on Secure IT Systems: Identity and Privacy in the Internet Age
A Composite Privacy Leakage Indicator
Wireless Personal Communications: An International Journal
A classification of trust systems
OTM'06 Proceedings of the 2006 international conference on On the Move to Meaningful Internet Systems: AWeSOMe, CAMS, COMINF, IS, KSinBIT, MIOS-CIAO, MONET - Volume Part I
Computing of trust in ad-hoc networks
CMS'06 Proceedings of the 10th IFIP TC-6 TC-11 international conference on Communications and Multimedia Security
| Hi-index | 0.00 |
Owners of systems and resources usually want to control who can access them. This must be based on having a process for authorising certain parties, combined with mechanisms for enforcing that only authorised parties are actually able to access those systems and resources. In distributed systems, the authorisation process can include negative authorisation (e.g. black listing), and delegation of authorisation rights, which potentially can lead to conflicts. This paper describes a method for giving authorisations through a delegation network, and where each delegation and authorisation is expressed in the form of a belief measure. An entity's total authorisation for a given resource object and access type can be derived by analysing the delegation network using subjective logic. Access decisions are made by comparing the derived authorisation measure with required threshold levels, which makes authorisations non-categorical. By setting the threshold level higher than the assigned measure of a single authorisation, it is possible to require multiple authorisations for accessing specifc resources. The model is simple, intuitive and algebraic.