Know What You Trust

Analyzing and Designing Trust Policies with Scoll
  • Fred Spiessens
  • Jerry den Hartog
  • Sandro Etalle
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5491)

Abstract

In Decentralized Trust Management (DTM) authorization decisions are made by multiple principals who can also delegate decisions to each other. Therefore, a policy change of one principal will often affect who gets authorized by another principal. In such a system of influenceable authorization a number of principals may want to coordinate their policies to achieve long time guarantees on a set of safety goals.

The problem we tackle in this paper is to find minimal restrictions to the policies of a set of principals that achieve their safety goals. This will enable building useful DTM systems that are safe by design, simply by relying on the policy restrictions of the collaborating principals. To this end we will model DTM safety problems in Scoll [1], an approach that proved useful to model confinement in object capability systems [2].

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Spiessens, F.: Patterns of Safe Collaboration. PhD thesis, Université catholique de Louvain, Louvain-la-Neuve, Belgium (February 2007)Google Scholar
  2. 2.
    Spiessens, F., Van Roy, P.: A Practical Formal Model for Safety Analysis in Capability-Based Systems. In: De Nicola, R., Sangiorgi, D. (eds.) TGC 2005. LNCS, vol. 3705, pp. 248–278. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  3. 3.
    Li, N., Mitchell, J., Winsborough, W.: Design of a Role-based Trust-management Framework. In: Proc. IEEE Symposium on Security and Privacy, pp. 114–130. IEEE Computer Society Press, Los Alamitos (2002)Google Scholar
  4. 4.
    Artz, D., Gil, Y.: A survey of trust in computer science and the semantic web. Journal of Web Semantics (2007)Google Scholar
  5. 5.
    Blaze, M., Feigenbaum, J., Lacy, J.: Decentralized trust management. In: Press, I.C.S. (ed.) Proc. 1996 IEEE Symposium on Security and Privacy, pp. 164–173 (1996)Google Scholar
  6. 6.
    Blaze, M., Feigenbaum, J., Ioannidis, J., Keromytis, A.: The KeyNote trust-management system, version 2. IETF RFC 2704 (1999)Google Scholar
  7. 7.
    Ellison, C., Frantz, B., Lampson, B., Rivest, R., Thomas, B., Ylonen, T.: SPKI Certificate Theory. IETF RFC 2693 (September 1999)Google Scholar
  8. 8.
    Kagal, L., Cost, S., Finin, T., Peng, Y.: A framework for distributed trust management. In: Proc. of IJCAI 2001 Workshop on Autonomy, Delegation and Control (2001)Google Scholar
  9. 9.
    Kagal, L., Cost, S., Finin, T., Peng, Y.: A framework for distributed trust management. In: Proceedings of IJCAI 2001 Workshop on Autonomy, Delegation and Control (2001), http://citeseer.nj.nec.com/kagal01framework.html
  10. 10.
    Etalle, S., Winsborough, W.H.: Integrity constraints in trust management (extended abstract). In: Ahn, G.J. (ed.) 10th ACM Symp. on Access Control Models and Technologies (SACMAT), p. 10. ACM Press, New York (2005)Google Scholar
  11. 11.
    Li, N., Mitchell, J.C., Winsborough, W.H.: Beyond proof-of-compliance: security analysis in trust management. J. ACM 52(3), 474–514 (2005)MathSciNetCrossRefMATHGoogle Scholar
  12. 12.
    Czenko, M.R., Etalle, S., Li, D., Winsborough, W.H.: An introduction to the role based trust management framework RT. Technical Report TR-CTIT-07-34, University of Twente, Enschede (June 2007)Google Scholar
  13. 13.
    Gallaire, H., Minker, J. (eds.): Logic and Data Bases. Perseus Publishing (1978)Google Scholar
  14. 14.
    Spiessens, F., Jaradin, Y., Van Roy, P.: Using Constraints To Analyze And Generate Safe Capability Patterns. Research Report INFO-2005-11, Département d’Ingénierie Informatique, Université catholique de Louvain, Louvain-la-Neuve Belgium, CPSec 2005 (2005), http://www.info.ucl.ac.be/~fsp/rr2005-11.pdf

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Fred Spiessens
    • 1
  • Jerry den Hartog
    • 1
  • Sandro Etalle
    • 1
  1. 1.Eindhoven Institute for the Protection of Systems and InformationUniversity of Technology EindhovenEindhovenThe Netherlands

Personalised recommendations