Skip to main content
SpringerLink
Log in

Database Issues in Trust Management and Trust Negotiation

  • Chapter
Handbook of Database Security

Summary

Trust management is the process of managing authorization decisions in a decentralized environment where many of the participants do not have reestablished trust relationships, such as logins and passwords, with one another. Trust management is important for enterprise-level and cross-organizational database applications such as supply chain management, enterprise resource planning, and customer relationship management. Trust management research may also interest the database research community because of the former’s a?nity for a Datalog-based world, in which a query (authorization request) launches a multi-site search for a proof of authorization. To complicate the process, sites have autonomy and may not always cooperate in proof construction; it is not always obvious where to ?nd the facts and rules needed to construct a proof; and attempts to access particular facts and rules may spawn new authorization requests.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
eBook
USD 16.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 119.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 169.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. ANSI. American National Standard for Information Technology – Role Based Access Control. ANSI INCITS 359-2004, February 2004.

    Google Scholar 

  2. Andrew W. Appel and Edward W. Felten. Proof-carrying authentication. In CCS ’99: Proceedings of the 6th ACM Conference on Computer and Communications Security, pages 52–62, New York, NY, USA, 1999. ACM Press.

    Google Scholar 

  3. Lujo Bauer, Scott Garriss, and Michael K. Reiter. Efficient proving for practical distributed access-control systems. In 12th European Symposium on Research in Computer Security (ESORICS), September 2007.

    Google Scholar 

  4. Lujo Bauer, Michael A. Schneider, and Edward W. Felten. A general and flexible access-control system for the web. In Proceedings of the 11th USENIX Security Symposium, pages 93–108, Berkeley, CA, USA, 2002. USENIX Association.

    Google Scholar 

  5. Moritz Y. Becker and Peter Sewell. Cassandra: Distributed access control policies with tunable expressiveness. In POLICY ’04: Proceedings of the Fifth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY’04), page 159, Washington, DC, USA, 2004. IEEE Computer Society.

    Google Scholar 

  6. Moritz Y. Becker and Peter Sewell. Cassandra: Flexible trust management, applied to electronic health records. In CSFW ’04: Proceedings of the 17th IEEE Computer Security Foundations Workshop (CSFW’04), page 139, Washington, DC, USA, 2004. IEEE Computer Society.

    Google Scholar 

  7. Elisa Bertino, Elena Ferrari, and Anna Cinzia Squicciarini. Trust-X: A peer-to-peer framework for trust establishment. IEEE Transactions on Knowledge and Data Engineering, 16(7):827–842, 2004.

    Article  Google Scholar 

  8. E. Bina, V. Jones, R. McCool, and M. Winslett. Secure Access to Data Over the Internet. In Conference on Parallel and Distributed Information Systems, September 1994.

    Google Scholar 

  9. Matt Blaze, Joan Feigenbaum, John Ioannidis, and Angelos D. Keromytis. The KeyNote trust-management system, version 2. IETF RFC 2704, September 1999.

    Google Scholar 

  10. Matt Blaze, Joan Feigenbaum, John Ioannidis, and Angelos D. Keromytis. The role of trust management in distributed systems. In Secure Internet Programming, volume 1603 of Lecture Notes in Computer Science, pages 185–210. Springer, 1999.

    Google Scholar 

  11. Matt Blaze, Joan Feigenbaum, and Jack Lacy. Decentralized trust management. In Proceedings of the 1996 IEEE Symposium on Security and Privacy, pages 164–173. IEEE Computer Society Press, May 1996.

    Google Scholar 

  12. Piero Bonatti and Daniel Olmedilla. Driving and monitoring provisional trust negotiation with metapolicies. In POLICY ’05: Proceedings of the Sixth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY’05), pages 14–23, Washington, DC, USA, 2005. IEEE Computer Society.

    Google Scholar 

  13. Piero A. Bonatti and Daniel Olmedilla. Policy Language Specification. deliverable I2-D2, ISI- Knowledge-Based Systems, University of Hannover, 2005.

    Google Scholar 

  14. Piero A. Bonatti and Pierangela Samarati. A uniform framework for regulating service access and information release on the web. J. Comput. Secur., 10(3):241–271, 2002.

    Google Scholar 

  15. R. Bradshaw, J. Holt, and K. E. Seamons. Concealing complex policies with hidden credentials. In Eleventh ACM Conference on Computer and Communications Security, October 2004.

    Google Scholar 

  16. Stefan Brands. Rethinking Public Key Infrastructures and Digital Certificates; Building in Privacy. MIT Press, 2000.

    Google Scholar 

  17. Jan Camenisch and Els Van Herreweghen. Design and implementation of the Idemix anonymous credential system. In ACM Computer and Communication Security, 2002.

    Google Scholar 

  18. Dwaine Clarke, Jean-Emile Elien, Carl Ellison, Matt Fredette, Alexander Morcos, and Ronald L. Rivest. Certificate chain discovery in SPKI/SDSI. Journal of Computer Security, 9(4):285–322, 2001.

    Google Scholar 

  19. Jason Cornwell, Ian Fette, Gary Hsieh, Madhu Prabaker, Jinghai Rao, Karen Tang, Kami Vaniea, Lujo Bauer, Lorrie Cranor, Jason Hong, Bruce McLaren, Mike Reiter, and Norman Sadeh. User-controllable security and privacy for pervasive computing. In Eighth IEEE Workshop on Mobile Computing Systems and Applications (HotMobile), February 2007.

    Google Scholar 

  20. Jack B. Dennis and Earl C. Van Horn. Programming semantics for multiprogrammed computations. Commun. ACM, 9(3):143–155, 1966.

    Article  Google Scholar 

  21. John De Treville. Binder, a logic-based security language. In Proceedings of the 2002 IEEE Symposium on Security and Privacy, pages 105–113. IEEE Computer Society Press, May 2002.

    Google Scholar 

  22. Carl Ellison, Bill Frantz, Butler Lampson, Ron Rivest, Brian Thomas, and Tatu Ylonen. SPKI certificate theory. IETF RFC 2693, September 1999.

    Google Scholar 

  23. David F. Ferraiolo, Janet A. Cuigini, and D. Richard Kuhn. Role-based access control (RBAC): Features and motivations. In Proceedings of the 11th Annual Computer Security Applications Conference (ACSAC’95), December 1995.

    Google Scholar 

  24. Keith Frikken, Mikhail Atallah, and Jiangtao Li. Attribute-based access control with hidden policies and hidden credentials. IEEE Transactions on Computers (TC), 55(10), 2006.

    Google Scholar 

  25. Carl A. Gunter and Trevor Jim. Policy-directed certificate retrieval. Software: Practice & Experience, 30(15):1609–1640, September 2000.

    Article  MATH  Google Scholar 

  26. R. J. Hayton, J. M. Bacon, and K. Moody. Access control in an open distributed environment. In IEEE Symposium of Security and Privacy, pages 3–14, ‘1998.

    Google Scholar 

  27. Amir Herzberg, Yosi Mass, Joris Mihaeli, Dalit Naor, and Yiftach Ravid. Access control meets public key infrastructure, or: Assigning roles to strangers. In Proceedings of the 2000 IEEE Symposium on Security and Privacy, pages 2–14. IEEE Computer Society Press, May 2000.

    Google Scholar 

  28. John A. Hine, Walt Yao, Jean Bacon, and Ken Moody. An architecture for distributed oasis services. In Middleware ’00: IFIP/ACM International Conference on Distributed systems platforms, pages 104–120, Secaucus, NJ, USA, 2000. Springer-Verlag New York, Inc.

    Google Scholar 

  29. J. Holt and K. E. Seamons. Selective disclosure credential sets. Cryptology ePrint Archive, 2002.

    Google Scholar 

  30. Jason Holt, Robert W. Bradshaw, Kent E. Seamons, and Hilarie Orman. Hidden credentials. In Workshop on Privacy in the Electronic Society (WPES), 2003.

    Google Scholar 

  31. Russell Housely, Warwick Ford, Tim Polk, and David Solo. Internet X.509 public key infrastructure certificate and CRL profile. IETF Request for Comments RFC-2459, January 1999.

    Google Scholar 

  32. Trevor Jim. SD3: A trust management system with certified evaluation. In Proceedings of the 2001 IEEE Symposium on Security and Privacy, pages 106–115. IEEE Computer Society Press, May 2001.

    Google Scholar 

  33. Trevor Jim and Dan Suciu. Dynamically distributed query evaluation. In PODS ’01: Proceedings of the twentieth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems, pages 28–39, New York, NY, USA, 2001. ACM Press.

    Google Scholar 

  34. A. Jsang, R. Ismail, and C. Boyd. A survey of trust and reputation systems for online service provision. Decision Support Systems, 43(2):618–644, March 2007.

    Article  Google Scholar 

  35. Apu Kapadia, Geetanjali Sampemane, and Roy H. Campbell. KNOW why your access was denied: Regulating feedback for usable security. In Proceedings of the ACM Conference on Computers and Communication Security (CCS), pages 52–61, Washington, DC, Oct 2004.

    Google Scholar 

  36. H. Koshutanski and F. Massacci. An interactive trust management and negotiation scheme. In Theo Dimitrakos and Fabio Martinelli, editors, Formal Aspects of Security and Trust, pages 139–152. KAP, 2004.

    Google Scholar 

  37. Adam J. Lee, Kazuhiro Minami, and Marianne Winslett. Lightweight consistency enforcement schemes for distributed proofs with hidden subtrees. In 12th ACM Symposium on Access Control Models and Technologies (SACMAT 2007), June 2007.

    Google Scholar 

  38. Adam J. Lee and Marianne Winslett. Open problems for usable and secure open systems. In Workshop on Usability Research Challenges for Cyberinfrastructure and Tools held in conjunction with ACM CHI, April 2006.

    Google Scholar 

  39. Jiangtao Li and Ninghui Li. OACerts: Oblivious attribute certificates. IEEE Transactions on Dependable and Secure Computing (TDSC), 3(4), 2006.

    Google Scholar 

  40. Jiangtao Li, Ninghui Li, XiaoFeng Wang, and Ting Yu. Denial of Service Attacks and Defenses in Decentralized Trust Management. In 2nd IEEE International Conference on Security and Privacy in Communication Networks (SecureComm), August 2006.

    Google Scholar 

  41. Jiangtao Li, Ninghui Li, and William Winsborough. Automated trust negotiation using cryptographic credentials. ACM Transactions on Information and System Security (TISSEC), 2007.

    Google Scholar 

  42. Ninghui Li, Wenliang Du, and Dan Boneh. Oblivious signature-based envelope. In PODC ’03: Proceedings of the twenty-second annual symposium on Principles of distributed computing, pages 182–189, New York, NY, USA, 2003. ACM Press.

    Google Scholar 

  43. Ninghui Li, Benjamin N. Grosof, and Joan Feigenbaum. Delegation Logic: A logic-based approach to distributed authorization. ACM Transaction on Information and System Security, 6(1):128–171, February 2003.

    Article  Google Scholar 

  44. Ninghui Li and John C. Mitchell. Datalog with constraints: A foundation for trust management languages. In Proceedings of the Fifth International Symposium on Practical Aspects of Declarative Languages (PADL 2003), number 2562 in LNCS, pages 58–73. Springer, January 2003.

    Google Scholar 

  45. Ninghui Li and John C. Mitchell. RT: A role-based trust-management framework. In The Third DARPA Information Survivability Conference and Exposition (DISCEX III). IEEE Computer Society Press, April 2003.

    Google Scholar 

  46. Ninghui Li, John C. Mitchell, and William H. Winsborough. Design of a role-based trust management framework. In Proceedings of the 2002 IEEE Symposium on Security and Privacy, pages 114–130. IEEE Computer Society Press, May 2002.

    Google Scholar 

  47. Ninghui Li, William H. Winsborough, and John C. Mitchell. Distributed credential chain discovery in trust management (extended abstract). In Proceedings of the Eighth ACM Conference on Computer and Communications Security (CCS-8), pages 156–165. ACM Press, November 2001.

    Google Scholar 

  48. Ninghui Li, William H. Winsborough, and John C. Mitchell. Beyond proof-of-compliance: Safety and availability analysis in trust management. In Proceedings of IEEE Symposium on Security and Privacy, pages 123–139. IEEE Computer Society Press, May 2003.

    Google Scholar 

  49. Ninghui Li, William H. Winsborough, and John C. Mitchell. Distributed credential chain discovery in trust management. Journal of Computer Security, 11(1):35–86, February 2003.

    Google Scholar 

  50. Ziqing Mao, Ninghui Li, and William H. Winsborough. Distributed credential chain discovery in trust management with parameterized roles and constraints. In 2006 International Conference on Information and Communications Security (ICICS 2006), December 2006.

    Google Scholar 

  51. Kazuhiro Minami and David Kotz. Secure context-sensitive authorization. Journal of Pervasive and Mobile Computing, 1(1), March 2005.

    Google Scholar 

  52. Lars E. Olson, Michael J. Rosulek, and Marianne Winslett. Harvesting Credentials in Trust Negotiation as an Honest-But-Curious Adversary. In ACM Workshop on Privacy in the Electronic Society (WPES), 2007.

    Google Scholar 

  53. Jeff Polakow and Christian Skalka. Specifying distributed trust management in Lollimon. In PLAS ’06: Proceedings of the 2006 Workshop on Programming Languages and Analysis for Security, pages 37–46, New York, NY, USA, 2006. ACM Press.

    Google Scholar 

  54. Ronald L. Rivest and Bulter Lampson. SDSI — a simple distributed security infrastructure, October 1996. Available at http://theory.lcs.mit.edu/ensuremath rivest/sdsi11.html.

    Google Scholar 

  55. T. Ryutov, L. Zhou, C. Neuman, T. Leithead, and K. E. Seamons. Adaptive trust negotiation and access control. In 10th ACM Symposium on Access Control Models and Technologies, June 2005.

    Google Scholar 

  56. Ravi S. Sandhu, Venkata Bhamidipati, and Qamar Munawer. The ARBAC97 model for role-based aministration of roles. ACM Transactions on Information and Systems Security, 2(1):105–135, February 1999.

    Article  Google Scholar 

  57. K. E. Seamons, M. Winslett, T. Yu, L. Yu, and R. Jarvis. Protecting privacy during on-line trust negotiation. In Proceedings of the 2nd Workshop on Privacy Enhancing Technologies, April 2002.

    Google Scholar 

  58. Kent Seamons, Marianne Winslett, Ting Yu, B. Smith, E. Child, J. Jacobson, H. Mills, and Lina Yu. Requirements for policy languages for trust negotiation. In Third IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY’02), pages 68–79, June 2002.

    Google Scholar 

  59. A. C. Squicciarini, E. Bertino, and E. Ferrari. Achieving Privacy with an Ontology-Based Approach in Trust Negotiations. IEEE Transaction on Dependable and Secure Computing (TDSC), 3(1):13–30, 2006.

    Article  Google Scholar 

  60. A. C. Squicciarini, E. Bertino, E. Ferrari, F. Paci, and B. Thuraisingham. PP-Trust-X: A System for Privacy Preserving Trust Negotiations. ACM Transactions on Information and System Security (TISSEC), 10(3), July 2007.

    Google Scholar 

  61. David Toman. Memoing evaluation for constraint extensions of datalog. Constraints and databases, pages 99–121, 1998.

    Google Scholar 

  62. William H. Winsborough and Ninghui Li. Towards practical automated trust negotiation. In Proceedings of the Third International Workshop on Policies for Distributed Systems and Networks (Policy 2002), pages 92–103. IEEE Computer Society Press, June 2002.

    Google Scholar 

  63. William H. Winsborough and Ninghui Li. Safety in automated trust negotiation. In Proceedings of the IEEE Symposium on Security and Privacy, pages 147–160, May 2004.

    Google Scholar 

  64. William H. Winsborough, Kent E. Seamons, and Vicki E. Jones. Automated trust negotiation. In DARPA Information Survivability Conference and Exposition, volume I, pages 88–102. IEEE Press, January 2000.

    Google Scholar 

  65. Marianne Winslett. An introduction to trust negotiation. In Proceedings of iTrust, pages 275–283, 2003.

    Google Scholar 

  66. Marianne Winslett, Charles C. Zhang, and Piero A. Bonatti. Peeraccess: a logic for distributed authorization. In CCS ’05: Proceedings of the 12th ACM Conference on Computer and Communications Security, pages 168–179, New York, NY, USA, 2005. ACM Press.

    Google Scholar 

  67. Walt Yao, Ken Moody, and Jean Bacon. A model of oasis role-based access control and its support for active security. In SACMAT ’01: Proceedings of the sixth ACM Symposium on Access Control Models and Technologies, pages 171–181, New York, NY, USA, 2001. ACM Press.

    Google Scholar 

  68. Ting Yu, Marianne Winslett, and Kent E. Seamons. Supporting structured credentials and sensitive policies through interoperable strategies for automated trust negotiation. ACM Transactions on Information System Security, 6(1):1–42, 2003.

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, University of Texas at San Antonio, San Antonio

    Dongyi Li & William Winsborough

  2. Department of Computer Science, University of Illinois at Urbana-Champaign, Urbana-Champaign

    Marianne Winslett & Ragib Hasan

Authors
  1. Dongyi Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. William Winsborough
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Marianne Winslett
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Ragib Hasan
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Dept. of Computer Science, University of California at Davis, One Shields Avenue, Davis, CA 95616-8562

    Michael Gertz

  2. George Mason University Center for Secure Information Systems Research I, Suite 417, Fairfax, VA 22030-4444

    Sushil Jajodia

Rights and permissions

Reprints and permissions

Copyright information

© 2008 Springer Science+Business Media, LLC.

About this chapter

Cite this chapter

Li, D., Winsborough, W., Winslett, M., Hasan, R. (2008). Database Issues in Trust Management and Trust Negotiation. In: Gertz, M., Jajodia, S. (eds) Handbook of Database Security. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-48533-1_4

Download citation

  • DOI: https://doi.org/10.1007/978-0-387-48533-1_4

  • Publisher Name: Springer, Boston, MA

  • Print ISBN: 978-0-387-48532-4

  • Online ISBN: 978-0-387-48533-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation