Advertisement

TPL: A Trust Policy Language

  • Sebastian MödersheimEmail author
  • Anders Schlichtkrull
  • Georg Wagner
  • Stefan More
  • Lukas Alber
Conference paper
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 563)

Abstract

We present TPL, a Trust Policy Language and Trust Management System. It is built around the qualities of modularity, declarativity, expressive power, formal precision, and accountability. The modularity means that TPL is built in a way that makes it easily adaptable to different types of transactions and signatures. From the aspect of declarativity and expressive power, the language is built such that policies are always formulated in a positive form and the language is Turing complete. The formal precision and accountability of the language eliminates ambiguity and allows us to achieve verified evaluations. The idea is that for any decision, the system can generate a proof that can then be checked by a prover that is formally verified, in Isabelle/HOL, to be sound with respect to a first-order logic semantics.

Notes

Acknowledgement

Andreas Viktor Hess suggested many improvements.

References

  1. 1.
    Becker, M.Y., Fournet, C., Gordon, A.D.: SecPAL: design and semantics of a decentralized authorization language. J. Comput. Secur. 18(4), 619–665 (2010)CrossRefGoogle Scholar
  2. 2.
    Blaze, M., Feigenbaum, J., Ioannidis, J., Keromytis, A.D.: The keynote trust-management system version 2 (1999)Google Scholar
  3. 3.
    Blaze, M., Feigenbaum, J., Keromytis, A.D.: Keynote: trust management for public-key infrastructures (position paper). In: Proceedings of the 6th International Workshop Security Protocols, Cambridge, UK, 15–17 April 1998, pp. 59–63 (1998)Google Scholar
  4. 4.
    Blaze, M., Feigenbaum, J., Lacy, J.: Decentralized trust management. In: 1996 IEEE Symposium on Security and Privacy, Oakland, CA, USA, 6–8 May 1996, pp. 164–173 (1996)Google Scholar
  5. 5.
    Deransart, P., Ed-Dbali, A., Cervoni, L.: Prolog - The Standard: Reference Manual. Springer, Heidelberg (1996).  https://doi.org/10.1007/978-3-642-61411-8CrossRefzbMATHGoogle Scholar
  6. 6.
    Dong, C., Dulay, N.: Shinren: Non-monotonic trust management for distributed systems. In: Proceedings of the 4th IFIP WG 11.11 International Conference on Trust Management IV, IFIPTM 2010, Morioka, Japan, 16–18 June 2010, pp. 125–140 (2010)Google Scholar
  7. 7.
    Gurevich, Y., Neeman, I.: DKAL: distributed-knowledge authorization language. In: Proceedings of the 21st IEEE Computer Security Foundations Symposium, CSF 2008, Pittsburgh, Pennsylvania, USA, 23–25 June 2008, pp. 149–162 (2008)Google Scholar
  8. 8.
    Herzberg, A., Mass, Y., Mihaeli, J., Naor, D., Ravid, Y.: Access control meets public key infrastructure, or: assigning roles to strangers. In: 2000 IEEE Symposium on Security and Privacy, Berkeley, California, USA, 14–17 May 2000, pp. 2–14 (2000)Google Scholar
  9. 9.
    Jim, T.: SD3: a trust management system with certified evaluation. In: 2001 IEEE Symposium on Security and Privacy, Oakland, California, USA, 14–16 May 2001, pp. 106–115 (2001)Google Scholar
  10. 10.
    Li, N., Feigenbaum, J., Grosof, B.N.: A logic-based knowledge representation for authorization with delegation. In: Proceedings of the 12th IEEE Computer Security Foundations Workshop, CSFW 1999, Mordano, Italy, 28–30 June 1999, pp. 162–174 (1999)Google Scholar
  11. 11.
    Mödersheim, S., Katsoris, G.: A sound abstraction of the parsing problem. In: IEEE 27th Computer Security Foundations Symposium, CSF 2014, Vienna, Austria, 19–22 July 2014, pp. 259–273 (2014)Google Scholar
  12. 12.
    Mödersheim, S., Schlichtkrull, A.: The LIGHTest foundation. Technical report, Technical University of Denmark (2018)Google Scholar
  13. 13.
    Mödersheim, S.A., Ni, B.: GTPL: a graphical trust policy language. In: Open Identity Summit 2019 (2019)Google Scholar
  14. 14.
    Nipkow, T., Wenzel, M., Paulson, L.C. (eds.): Isabelle/HOL - A Proof Assistant for Higher-Order Logic. LNCS, vol. 2283. Springer, Heidelberg (2002).  https://doi.org/10.1007/3-540-45949-9CrossRefzbMATHGoogle Scholar
  15. 15.
    Paulson, L.C.: Computational logic: its origins and applications. Proc. R. Soc. A: Math. Phys. Eng. Sci. 474(2210), 20170872 (2018)MathSciNetCrossRefGoogle Scholar
  16. 16.
    Schlichtkrull, A., Blanchette, J.C., Traytel, D.: A verified functional implementation of Bachmair and Ganzinger’s ordered resolution prover. Arch. Formal Proofs (2018). Formal proof development. http://isa-afp.org/entries/Functional_Ordered_Resolution_Prover.html
  17. 17.
    Schlichtkrull, A., Blanchette, J.C., Traytel, D.: A verified prover based on ordered resolution. In: Proceedings of the 8th ACM SIGPLAN International Conference on Certified Programs and Proofs, CPP 2019, Cascais, Portugal, 14–15 January 2019, pp. 152–165 (2019)Google Scholar
  18. 18.
    Schlichtkrull, A., Blanchette, J.C., Traytel, D., Waldmann, U.: Formalization of Bachmair and Ganzinger’s ordered resolution prover. Arch. Formal Proofs (2018). https://www.isa-afp.org/entries/Ordered_Resolution_Prover.html
  19. 19.
    Schlichtkrull, A., Blanchette, J.C., Traytel, D., Waldmann, U.: Formalization of Bachmair and Ganzinger’s ordered resolution prover. Arch. Formal Proofs (2018). Formal proof development. http://isa-afp.org/entries/Ordered_Resolution_Prover.html
  20. 20.
    Wagner, G., Omolola, O., More, S.: Harmonizing delegation data formats. In: Open Identity Summit 2017, Gesellschaft für Informatik, Bonn, pp. 25–34 (2017)Google Scholar
  21. 21.
    Wagner, G., Wagner, S., More, S., Hoffmann, M.: DNS-based trust scheme publication and discovery. In: Open Identity Summit 2019, Gesellschaft für Informatik, Bonnd, pp. 49–58 (2019)Google Scholar
  22. 22.
    Weinhardt, S., Omolola, O.: Usability of policy authoring tools: a layered approach. In: International Conference on Information Systems Security and Privacy (2019)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2019

Authors and Affiliations

  • Sebastian Mödersheim
    • 1
    Email author
  • Anders Schlichtkrull
    • 1
  • Georg Wagner
    • 2
  • Stefan More
    • 2
  • Lukas Alber
    • 2
  1. 1.DTU Compute, Formal MethodsTechnical University of DenmarkKongens LyngbyDenmark
  2. 2.Institute for Applied Information Processing and Communications (IAIK)Graz University of TechnologyGrazAustria

Personalised recommendations