ESORICS 2011: Computer Security – ESORICS 2011 pp 262-277 | Cite as

Socially Constructed Trust for Distributed Authorization

  • Steve Barker
  • Valerio Genovese
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6879)

Abstract

We describe an approach for distributed access control that is based on the idea of using a community-constructed repository of expressions of propositional attitudes. We call this repository an oracle. Members of a community may consult the oracle and use the expressions of belief and disbelief in propositions that are expressed by community members about requesters for access to resources. Our conceptual model and access control policies are described in terms of a computational logic and we describe an implementation of the approach that we advocate.

Keywords

Access Control Logic Programming Propositional Attitude Trust Management Access Control Policy 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
This is a preview of subscription content, log in to check access.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Abadi, M.: Access control in a core calculus of dependency. Electr. Notes Theor. Comput. Sci. 172, 5–31 (2007)MathSciNetCrossRefMATHGoogle Scholar
  2. 2.
    Baral, C.: Knowledge Representation, Reasoning and Declarative Problem Solving. Cambridge University Press, Cambridge (2003)CrossRefMATHGoogle Scholar
  3. 3.
    Baral, C., Gelfond, M.: Logic programming and knowledge representation. J. Log. Program. 19/20, 73–148 (1994)MathSciNetCrossRefMATHGoogle Scholar
  4. 4.
    Barker, S.: The next 700 access control models or a unifying meta-model? In: Procs. of SACMAT, pp. 187–196 (2009)Google Scholar
  5. 5.
    Barker, S., Genovese, V.: Secommunity: A framework for distributed access control. In: Delgrande, J.P., Faber, W. (eds.) LPNMR 2011. LNCS, vol. 6645, pp. 297–303. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  6. 6.
    Barker, S., Sergot, M.J., Wijesekera, D.: Status-based access control. ACM Trans. Inf. Syst. Secur. 12(1) (2008)Google Scholar
  7. 7.
    Barker, S., Stuckey, P.: Flexible access control policy specification with constraint logic programming. ACM Trans. Inf. Syst. Secur. 6(4), 501–546 (2003)CrossRefGoogle Scholar
  8. 8.
    Bell, D.E., LaPadula, L.J.: Secure computer system: Unified exposition and multics interpretation. MITRE-2997 (1976)Google Scholar
  9. 9.
    Clarke, D.E., Elien, J.-E., Ellison, C.M., Fredette, M., Morcos, A., Rivest, R.L.: Certificate chain discovery in SPKI/SDSI. J. Computer Security 9(4), 285–322 (2001)CrossRefGoogle Scholar
  10. 10.
    Dell’Armi, T., Faber, W., Ielpa, G., Leone, N., Pfeifer, G.: Aggregate functions in disjunctive logic programming: Semantics, complexity, and implementation in DLV. In: Procs. of IJCAI, pp. 847–852 (2003)Google Scholar
  11. 11.
    DeTreville, J.: Binder, a logic-based security language. In: Proc. IEEE Symposium on Security and Privacy, pp. 105–113 (2002)Google Scholar
  12. 12.
    Faber, W., Leone, N.: On the complexity of answer set programming with aggregates. In: Baral, C., Brewka, G., Schlipf, J. (eds.) LPNMR 2007. LNCS (LNAI), vol. 4483, pp. 97–109. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  13. 13.
    Howell, J., Kotz, D.: A formal semantics for SPKI. In: Cuppens, F., Deswarte, Y., Gollmann, D., Waidner, M. (eds.) ESORICS 2000. LNCS, vol. 1895, pp. 140–158. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  14. 14.
    Jajodia, S., Samarati, P., Sapino, M., Subrahmaninan, V.: Flexible support for multiple access control policies. ACM TODS 26(2), 214–260 (2001)CrossRefMATHGoogle Scholar
  15. 15.
    Jim, T.: SD3: A trust management system with certified evaluation. In: IEEE Symp. Security and Privacy, pp. 106–115 (2001)Google Scholar
  16. 16.
    Leone, N., Faber, W.: The DLV project: A tour from theory and research to applications and market. In: Garcia de la Banda, M., Pontelli, E. (eds.) ICLP 2008. LNCS, vol. 5366, pp. 53–68. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  17. 17.
    Li, N., Grosof, B.N., Feigenbaum, J.: Delegation logic: A logic-based approach to distributed authorization. ACM Trans. Inf. Syst. Secur. 6(1), 128–171 (2003)CrossRefGoogle Scholar
  18. 18.
    Li, N., Mitchell, J.C., Winsborough, W.H.: Design of a role-based trust-management framework. In: Procs. of IEEE Symposium on Security and Privacy, pp. 114–130 (2002)Google Scholar
  19. 19.
    Liau, C.-J.: Belief, information acquisition, and trust in multi-agent systems–a modal logic formulation. Artif. Intell. 149(1), 31–60 (2003)MathSciNetCrossRefMATHGoogle Scholar
  20. 20.
    Pimlott, A., Kiselyov, O.: Soutei, a logic-based trust-management system. In: Hagiya, M. (ed.) FLOPS 2006. LNCS, vol. 3945, pp. 130–145. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  21. 21.
    Russell, B.: On denoting. Mind 149(1), 479–493 (1905)CrossRefGoogle Scholar
  22. 22.
    Sandhu, R., Coyne, E., Feinstein, H., Youman, C.: Role-based access control models. IEEE Computer 29(2), 38–47 (1996)CrossRefGoogle Scholar
  23. 23.
    Wang, S., Zhang, Y.: Handling distributed authorization with delegation through answer set programming. Int. J. Inf. Sec. 6(1), 27–46 (2007)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Steve Barker
    • 1
  • Valerio Genovese
    • 2
    • 3
  1. 1.King’s CollegeLondonUK
  2. 2.University of TorinoItaly
  3. 3.University of LuxembourgLuxembourg

Personalised recommendations