Summary
Trust management is the process of managing authorization decisions in a decentralized environment where many of the participants do not have reestablished trust relationships, such as logins and passwords, with one another. Trust management is important for enterprise-level and cross-organizational database applications such as supply chain management, enterprise resource planning, and customer relationship management. Trust management research may also interest the database research community because of the former’s a?nity for a Datalog-based world, in which a query (authorization request) launches a multi-site search for a proof of authorization. To complicate the process, sites have autonomy and may not always cooperate in proof construction; it is not always obvious where to ?nd the facts and rules needed to construct a proof; and attempts to access particular facts and rules may spawn new authorization requests.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
ANSI. American National Standard for Information Technology – Role Based Access Control. ANSI INCITS 359-2004, February 2004.
Andrew W. Appel and Edward W. Felten. Proof-carrying authentication. In CCS ’99: Proceedings of the 6th ACM Conference on Computer and Communications Security, pages 52–62, New York, NY, USA, 1999. ACM Press.
Lujo Bauer, Scott Garriss, and Michael K. Reiter. Efficient proving for practical distributed access-control systems. In 12th European Symposium on Research in Computer Security (ESORICS), September 2007.
Lujo Bauer, Michael A. Schneider, and Edward W. Felten. A general and flexible access-control system for the web. In Proceedings of the 11th USENIX Security Symposium, pages 93–108, Berkeley, CA, USA, 2002. USENIX Association.
Moritz Y. Becker and Peter Sewell. Cassandra: Distributed access control policies with tunable expressiveness. In POLICY ’04: Proceedings of the Fifth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY’04), page 159, Washington, DC, USA, 2004. IEEE Computer Society.
Moritz Y. Becker and Peter Sewell. Cassandra: Flexible trust management, applied to electronic health records. In CSFW ’04: Proceedings of the 17th IEEE Computer Security Foundations Workshop (CSFW’04), page 139, Washington, DC, USA, 2004. IEEE Computer Society.
Elisa Bertino, Elena Ferrari, and Anna Cinzia Squicciarini. Trust-X: A peer-to-peer framework for trust establishment. IEEE Transactions on Knowledge and Data Engineering, 16(7):827–842, 2004.
E. Bina, V. Jones, R. McCool, and M. Winslett. Secure Access to Data Over the Internet. In Conference on Parallel and Distributed Information Systems, September 1994.
Matt Blaze, Joan Feigenbaum, John Ioannidis, and Angelos D. Keromytis. The KeyNote trust-management system, version 2. IETF RFC 2704, September 1999.
Matt Blaze, Joan Feigenbaum, John Ioannidis, and Angelos D. Keromytis. The role of trust management in distributed systems. In Secure Internet Programming, volume 1603 of Lecture Notes in Computer Science, pages 185–210. Springer, 1999.
Matt Blaze, Joan Feigenbaum, and Jack Lacy. Decentralized trust management. In Proceedings of the 1996 IEEE Symposium on Security and Privacy, pages 164–173. IEEE Computer Society Press, May 1996.
Piero Bonatti and Daniel Olmedilla. Driving and monitoring provisional trust negotiation with metapolicies. In POLICY ’05: Proceedings of the Sixth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY’05), pages 14–23, Washington, DC, USA, 2005. IEEE Computer Society.
Piero A. Bonatti and Daniel Olmedilla. Policy Language Specification. deliverable I2-D2, ISI- Knowledge-Based Systems, University of Hannover, 2005.
Piero A. Bonatti and Pierangela Samarati. A uniform framework for regulating service access and information release on the web. J. Comput. Secur., 10(3):241–271, 2002.
R. Bradshaw, J. Holt, and K. E. Seamons. Concealing complex policies with hidden credentials. In Eleventh ACM Conference on Computer and Communications Security, October 2004.
Stefan Brands. Rethinking Public Key Infrastructures and Digital Certificates; Building in Privacy. MIT Press, 2000.
Jan Camenisch and Els Van Herreweghen. Design and implementation of the Idemix anonymous credential system. In ACM Computer and Communication Security, 2002.
Dwaine Clarke, Jean-Emile Elien, Carl Ellison, Matt Fredette, Alexander Morcos, and Ronald L. Rivest. Certificate chain discovery in SPKI/SDSI. Journal of Computer Security, 9(4):285–322, 2001.
Jason Cornwell, Ian Fette, Gary Hsieh, Madhu Prabaker, Jinghai Rao, Karen Tang, Kami Vaniea, Lujo Bauer, Lorrie Cranor, Jason Hong, Bruce McLaren, Mike Reiter, and Norman Sadeh. User-controllable security and privacy for pervasive computing. In Eighth IEEE Workshop on Mobile Computing Systems and Applications (HotMobile), February 2007.
Jack B. Dennis and Earl C. Van Horn. Programming semantics for multiprogrammed computations. Commun. ACM, 9(3):143–155, 1966.
John De Treville. Binder, a logic-based security language. In Proceedings of the 2002 IEEE Symposium on Security and Privacy, pages 105–113. IEEE Computer Society Press, May 2002.
Carl Ellison, Bill Frantz, Butler Lampson, Ron Rivest, Brian Thomas, and Tatu Ylonen. SPKI certificate theory. IETF RFC 2693, September 1999.
David F. Ferraiolo, Janet A. Cuigini, and D. Richard Kuhn. Role-based access control (RBAC): Features and motivations. In Proceedings of the 11th Annual Computer Security Applications Conference (ACSAC’95), December 1995.
Keith Frikken, Mikhail Atallah, and Jiangtao Li. Attribute-based access control with hidden policies and hidden credentials. IEEE Transactions on Computers (TC), 55(10), 2006.
Carl A. Gunter and Trevor Jim. Policy-directed certificate retrieval. Software: Practice & Experience, 30(15):1609–1640, September 2000.
R. J. Hayton, J. M. Bacon, and K. Moody. Access control in an open distributed environment. In IEEE Symposium of Security and Privacy, pages 3–14, ‘1998.
Amir Herzberg, Yosi Mass, Joris Mihaeli, Dalit Naor, and Yiftach Ravid. Access control meets public key infrastructure, or: Assigning roles to strangers. In Proceedings of the 2000 IEEE Symposium on Security and Privacy, pages 2–14. IEEE Computer Society Press, May 2000.
John A. Hine, Walt Yao, Jean Bacon, and Ken Moody. An architecture for distributed oasis services. In Middleware ’00: IFIP/ACM International Conference on Distributed systems platforms, pages 104–120, Secaucus, NJ, USA, 2000. Springer-Verlag New York, Inc.
J. Holt and K. E. Seamons. Selective disclosure credential sets. Cryptology ePrint Archive, 2002.
Jason Holt, Robert W. Bradshaw, Kent E. Seamons, and Hilarie Orman. Hidden credentials. In Workshop on Privacy in the Electronic Society (WPES), 2003.
Russell Housely, Warwick Ford, Tim Polk, and David Solo. Internet X.509 public key infrastructure certificate and CRL profile. IETF Request for Comments RFC-2459, January 1999.
Trevor Jim. SD3: A trust management system with certified evaluation. In Proceedings of the 2001 IEEE Symposium on Security and Privacy, pages 106–115. IEEE Computer Society Press, May 2001.
Trevor Jim and Dan Suciu. Dynamically distributed query evaluation. In PODS ’01: Proceedings of the twentieth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems, pages 28–39, New York, NY, USA, 2001. ACM Press.
A. Jsang, R. Ismail, and C. Boyd. A survey of trust and reputation systems for online service provision. Decision Support Systems, 43(2):618–644, March 2007.
Apu Kapadia, Geetanjali Sampemane, and Roy H. Campbell. KNOW why your access was denied: Regulating feedback for usable security. In Proceedings of the ACM Conference on Computers and Communication Security (CCS), pages 52–61, Washington, DC, Oct 2004.
H. Koshutanski and F. Massacci. An interactive trust management and negotiation scheme. In Theo Dimitrakos and Fabio Martinelli, editors, Formal Aspects of Security and Trust, pages 139–152. KAP, 2004.
Adam J. Lee, Kazuhiro Minami, and Marianne Winslett. Lightweight consistency enforcement schemes for distributed proofs with hidden subtrees. In 12th ACM Symposium on Access Control Models and Technologies (SACMAT 2007), June 2007.
Adam J. Lee and Marianne Winslett. Open problems for usable and secure open systems. In Workshop on Usability Research Challenges for Cyberinfrastructure and Tools held in conjunction with ACM CHI, April 2006.
Jiangtao Li and Ninghui Li. OACerts: Oblivious attribute certificates. IEEE Transactions on Dependable and Secure Computing (TDSC), 3(4), 2006.
Jiangtao Li, Ninghui Li, XiaoFeng Wang, and Ting Yu. Denial of Service Attacks and Defenses in Decentralized Trust Management. In 2nd IEEE International Conference on Security and Privacy in Communication Networks (SecureComm), August 2006.
Jiangtao Li, Ninghui Li, and William Winsborough. Automated trust negotiation using cryptographic credentials. ACM Transactions on Information and System Security (TISSEC), 2007.
Ninghui Li, Wenliang Du, and Dan Boneh. Oblivious signature-based envelope. In PODC ’03: Proceedings of the twenty-second annual symposium on Principles of distributed computing, pages 182–189, New York, NY, USA, 2003. ACM Press.
Ninghui Li, Benjamin N. Grosof, and Joan Feigenbaum. Delegation Logic: A logic-based approach to distributed authorization. ACM Transaction on Information and System Security, 6(1):128–171, February 2003.
Ninghui Li and John C. Mitchell. Datalog with constraints: A foundation for trust management languages. In Proceedings of the Fifth International Symposium on Practical Aspects of Declarative Languages (PADL 2003), number 2562 in LNCS, pages 58–73. Springer, January 2003.
Ninghui Li and John C. Mitchell. RT: A role-based trust-management framework. In The Third DARPA Information Survivability Conference and Exposition (DISCEX III). IEEE Computer Society Press, April 2003.
Ninghui Li, John C. Mitchell, and William H. Winsborough. Design of a role-based trust management framework. In Proceedings of the 2002 IEEE Symposium on Security and Privacy, pages 114–130. IEEE Computer Society Press, May 2002.
Ninghui Li, William H. Winsborough, and John C. Mitchell. Distributed credential chain discovery in trust management (extended abstract). In Proceedings of the Eighth ACM Conference on Computer and Communications Security (CCS-8), pages 156–165. ACM Press, November 2001.
Ninghui Li, William H. Winsborough, and John C. Mitchell. Beyond proof-of-compliance: Safety and availability analysis in trust management. In Proceedings of IEEE Symposium on Security and Privacy, pages 123–139. IEEE Computer Society Press, May 2003.
Ninghui Li, William H. Winsborough, and John C. Mitchell. Distributed credential chain discovery in trust management. Journal of Computer Security, 11(1):35–86, February 2003.
Ziqing Mao, Ninghui Li, and William H. Winsborough. Distributed credential chain discovery in trust management with parameterized roles and constraints. In 2006 International Conference on Information and Communications Security (ICICS 2006), December 2006.
Kazuhiro Minami and David Kotz. Secure context-sensitive authorization. Journal of Pervasive and Mobile Computing, 1(1), March 2005.
Lars E. Olson, Michael J. Rosulek, and Marianne Winslett. Harvesting Credentials in Trust Negotiation as an Honest-But-Curious Adversary. In ACM Workshop on Privacy in the Electronic Society (WPES), 2007.
Jeff Polakow and Christian Skalka. Specifying distributed trust management in Lollimon. In PLAS ’06: Proceedings of the 2006 Workshop on Programming Languages and Analysis for Security, pages 37–46, New York, NY, USA, 2006. ACM Press.
Ronald L. Rivest and Bulter Lampson. SDSI — a simple distributed security infrastructure, October 1996. Available at http://theory.lcs.mit.edu/ensuremath rivest/sdsi11.html.
T. Ryutov, L. Zhou, C. Neuman, T. Leithead, and K. E. Seamons. Adaptive trust negotiation and access control. In 10th ACM Symposium on Access Control Models and Technologies, June 2005.
Ravi S. Sandhu, Venkata Bhamidipati, and Qamar Munawer. The ARBAC97 model for role-based aministration of roles. ACM Transactions on Information and Systems Security, 2(1):105–135, February 1999.
K. E. Seamons, M. Winslett, T. Yu, L. Yu, and R. Jarvis. Protecting privacy during on-line trust negotiation. In Proceedings of the 2nd Workshop on Privacy Enhancing Technologies, April 2002.
Kent Seamons, Marianne Winslett, Ting Yu, B. Smith, E. Child, J. Jacobson, H. Mills, and Lina Yu. Requirements for policy languages for trust negotiation. In Third IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY’02), pages 68–79, June 2002.
A. C. Squicciarini, E. Bertino, and E. Ferrari. Achieving Privacy with an Ontology-Based Approach in Trust Negotiations. IEEE Transaction on Dependable and Secure Computing (TDSC), 3(1):13–30, 2006.
A. C. Squicciarini, E. Bertino, E. Ferrari, F. Paci, and B. Thuraisingham. PP-Trust-X: A System for Privacy Preserving Trust Negotiations. ACM Transactions on Information and System Security (TISSEC), 10(3), July 2007.
David Toman. Memoing evaluation for constraint extensions of datalog. Constraints and databases, pages 99–121, 1998.
William H. Winsborough and Ninghui Li. Towards practical automated trust negotiation. In Proceedings of the Third International Workshop on Policies for Distributed Systems and Networks (Policy 2002), pages 92–103. IEEE Computer Society Press, June 2002.
William H. Winsborough and Ninghui Li. Safety in automated trust negotiation. In Proceedings of the IEEE Symposium on Security and Privacy, pages 147–160, May 2004.
William H. Winsborough, Kent E. Seamons, and Vicki E. Jones. Automated trust negotiation. In DARPA Information Survivability Conference and Exposition, volume I, pages 88–102. IEEE Press, January 2000.
Marianne Winslett. An introduction to trust negotiation. In Proceedings of iTrust, pages 275–283, 2003.
Marianne Winslett, Charles C. Zhang, and Piero A. Bonatti. Peeraccess: a logic for distributed authorization. In CCS ’05: Proceedings of the 12th ACM Conference on Computer and Communications Security, pages 168–179, New York, NY, USA, 2005. ACM Press.
Walt Yao, Ken Moody, and Jean Bacon. A model of oasis role-based access control and its support for active security. In SACMAT ’01: Proceedings of the sixth ACM Symposium on Access Control Models and Technologies, pages 171–181, New York, NY, USA, 2001. ACM Press.
Ting Yu, Marianne Winslett, and Kent E. Seamons. Supporting structured credentials and sensitive policies through interoperable strategies for automated trust negotiation. ACM Transactions on Information System Security, 6(1):1–42, 2003.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2008 Springer Science+Business Media, LLC.
About this chapter
Cite this chapter
Li, D., Winsborough, W., Winslett, M., Hasan, R. (2008). Database Issues in Trust Management and Trust Negotiation. In: Gertz, M., Jajodia, S. (eds) Handbook of Database Security. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-48533-1_4
Download citation
DOI: https://doi.org/10.1007/978-0-387-48533-1_4
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-48532-4
Online ISBN: 978-0-387-48533-1
eBook Packages: Computer ScienceComputer Science (R0)