Abstract
The amount of data available electronically to a multitude of users has been increasing dramatically over the last few years. The size and dynamics of the user community set requirements that cannot be easily solved by traditional access control solutions. A promising approach for supporting access control in open environments is trust management.
This chapter provides an overview of the most significant approaches for managing and negotiating trust between parties. We start by introducing the basic concepts on which trust management systems are built, describing their relationships with access control. We then illustrate credential-based access control languages together with a description of different trust negotiation strategies. We conclude the chapter with a brief overview of reputation-based systems.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
K. Aberer, Z. Despotovic (2001). Managing trust in a peer-2-peer information system. In Proc. of the Tenth International Conference on Information and Knowledge Management (CIKM 2001), Atlanta, Georgia.
R. Aringhieri, E. Damiani, S. De Capitani di Vimercati, S. Paraboschi, P. Samarati (2006). Fuzzy techniques for trust and reputation management in anonymous peer-to-peer systems. Journal of the American Society for Information Science and Technology (JASIST), 57(4):528–537.
M. Blaze, J. Feigenbaum, J. Ioannidis, A.D. Keromytis (1999). The role of trust management in distributed systems security. Secure Internet Programming, pp. 79–97.
M. Blaze, J. Feigenbaum, J. Ioannidis, A.D. Keromytis (1999). The KeyNote Trust Management System (Version 2), Internet RFC 2704 edition.
M. Blaze, J. Feigenbaum, J. Lacy (1996). Decentralized trust management. In Proc. of the 17th Symposium on Security and Privacy, Oakland, California, USA.
P. Bonatti, P. Samarati (2002). A unified framework for regulating access and information release on the web. Journal of Computer Security, 10(3):241–272.
CCITT (Consultative Committee on International Telegraphy and Telephony) (1988). Recommendation X.509: The Directory—Authentication Framework.
Y. Chu, J. Feigenbaum, B. LaMacchia, P. Resnick, M. Strauss (1997). REFEREE: Trust management for web applications. The World Wide Web Journal, 2(3):127–139.
E. Damiani, S. De Capitani di Vimercati, S. Paraboschi, P. Samarati (2003). Managing and sharing servents’ reputations in p2p systems. IEEE Transactions on Data and Knowledge Engineering, 15(4):840–854.
C.M. Ellison, B. Frantz, B. Lampson, R.L. Rivest, B.M. Thomas, T. Ylonen (1999). SPKI certificate theory. RFC 2693.
B. Gladman, C. Ellison, N. Bohm (1999). Digital signatures, certificates and electronic commerce. http://ya.com/bg/digsig.pdf.
M. Gupta, O. Judge, M. Ammar (2003). A reputation system for peer-to-peer networks. In Proc. of the ACM 13th International Workshop on Network and Operating Systems Support for Digital Audio and Video, Monterey, California, USA.
K. Irwin, T. Yu (2005). Preventing attribute information leakage in automated trust negotiation. In Proc. of the 12th ACM Conference on Computer and Communications Security, Alexandria, VA, USA.
A. Jøsang (1996). The right type of trust for distributed systems. In Proc. of the 1996 Workshop on New Security Paradigms, Lake Arrowhead, CA.
N. Li, J.C. Mitchell, W.H. Winsborough (2005). Beyond proof-of-compliance: Security analysis in trust management. Journal of the ACM, 52(3):474–514.
N. Li, W.H. Winsborough, J.C. Mitchell (2003). Distributed credential chain discovery in trust management. Journal of Computer Security, 11(1):35–86.
M. Minoux (1988). LTUR: A Simplified Linear-Time Unit Resolution Algorithm for Horn Formulae and Computer Implementation. Inf. Process. Lett., 29(1):1–12.
J. Ni, N. Li, W.H. Winsborough (2005). Automated trust negotiation using cryptographic credentials. In Proc. of the 12th ACM Conference on Computer and Communications Security, Alexandria, VA, USA.
A. Oram edt. (2001). Peer-to-Peer: Harnessing the Power of Disruptive Technologies. O’Reilly & Associates.
P. Resnick, R. Zeckhauser, E. Friedman, K. Kuwabara (2000). Reputation systems. Communications of the ACM, 43(12):45–48.
T. Ryutov, L. Zhou, C. Neuman, T. Leithead, K.E. Seamons (2005). Adaptive trust negotiation and access control. In Proc. of the 10th ACM Symposium on Access Control Models and Technologies, Stockholm, Sweden.
K. Seamons, M. Winslett, T. Yu (2001). Limiting the disclosure of access control policies during automated trust negotiation. In Proc. of the Network and Distributed System Security Symposium (NDSS 2001), San Diego, CA, USA.
K.E. Seamons, W. Winsborough, M. Winslett (1997). Internet credential acceptance policies. In Proc. of the Workshop on Logic Programming for Internet Applications, Leuven, Belgium.
K.E. Seamons, M. Winslett, T. Yu, B. Smith, E. Child, J. Jacobson, H. Mills, L. Yu (2002). Requirements for policy languages for trust negotiation. In Proc. of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY 2002), Monterey, CA.
Security and trust management (2005). http://www.ercim.org/publication/Ercim News/enw63/.
T.W. van der Horst, T. Sundelin, K.E. Seamons, C.D. Knutson (2004). Mobile trust negotiation: Authentication and authorization in dynamic mobile networks. In Proc. of the Eighth IFIP Conference on Communications and Multimedia Security, Lake Windermere, England.
Y. Wang, J. Vassileva (2003). Trust and reputation model in peer-to-peer networks. In Proc. of the Third International Conference on Peer-to-Peer Computing, Linköping, Sweden.
L. Wang, D. Wijesekera, S. Jajodia (2004). A logic-based framework for attribute based access control. In Proc. of the 2004 ACM Workshop on Formal Methods in Security Engineering, Washington DC, USA.
M. Winslett, N. Ching, V. Jones, I. Slepchin (1997). Assuring security and privacy for digital library transactions on the web: Client and server security policies. In Proc. of the ADL’ 97 — Forum on Research and Tech. Advances in Digital Libraries, Washington, DC.
L. Xiong, L. Liu (2003). A reputation-based trust model for peer-to-peer ecommerce communities. In Proc. of the IEEE International Conference on E-Commerce, Newport Beach, California.
T. Yu, X. Ma, M. Winslett (2000). An efficient complete strategy for automated trust negotiation over the internet. In Proc. of the 7th ACM Computer and Communication Security, Athens, Greece.
T. Yu, M. Winslett (2003). A unified scheme for resource protection in automated trust negotiation. In Proc. of the IEEE Symposium on Security and Privacy, Berkeley, California.
T. Yu, M. Winslett, K.E. Seamons (2001). Interoperable strategies in automated trust negotiation. In Proc. of the 8th ACM Conference on Computer and Communications Security, Philadelphia, Pennsylvania.
T. Yu, M. Winslett, K.E. Seamons (2003). Supporting structured credentials and sensitive policies trough interoperable strategies for automated trust. ACM Transactions on Information and System Security (TISSEC), 6(1):1–42.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Ardagna, C.A., Damiani, E., De Capitani di Vimercati, S., Foresti, S., Samarati, P. (2007). Trust Management. In: Petković, M., Jonker, W. (eds) Security, Privacy, and Trust in Modern Data Management. Data-Centric Systems and Applications. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-69861-6_8
Download citation
DOI: https://doi.org/10.1007/978-3-540-69861-6_8
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-69860-9
Online ISBN: 978-3-540-69861-6
eBook Packages: Computer ScienceComputer Science (R0)