Abstract
Trust management uses delegation to enable decentralized authorization across administrative domains. Delegation passes one’s authority over resources to trusted entities and thus enables more flexible and scalable authorization. However, unrestricted delegation may result in privilege proliferation and breach the privacy of information systems. The delegation models of existing trust management systems do not provide effective control on delegation propagation, and the correctness of constraint enforcement mechanisms is not formally analyzed, which may lead to privilege proliferation. In this paper, we propose a role-based constrained delegation model (RCDM), which restricts the propagation scope of delegation trees by a novel delegation constraint mechanism named spacial constraint. This paper also introduces a rule-based language to specify the policies and the deduction algorithm for constrained delegation defined in RCDM. The soundness and completeness properties of the deduction algorithm ensure the safety and availability of our delegation model.
This work is supported by Grand Fundamental Research 973 Program of China (No.2005CB321804), National Natural Science Foundation under Grant No.90412011; the National High Technology Development 863 Program of China (No.2003AA115210; No.2004AA112020).
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Neumann, B.C.: Proxy-Based Authorization and Accounting for Distributed Systems. In: Proceedings of the 13th International Conference on Distributed Computing Systems, Pittsburgh, PA (May 1993)
Ellison, C.M., Frantz, B., Lampson, B., Rivest, R., Thomas, B.M., Ylonen, T.: SPKI Certificate Theory. In: IETF RFC 2693 (1998)
Yin, G., Wang, H., Shi, D., Gu, H.: Towards more Controllable and Practical Delegation. In: Gorodetsky, V., Kotenko, I., Skormin, V.A. (eds.) MMM-ACNS 2005. LNCS, vol. 3685, pp. 245–258. Springer, Heidelberg (2005)
Blaze, M., Feigenbaum, J., Lacy, J.: Decentralized trust management. In: Proceedings of 17th Symposium on Security and Privacy, Oakland, pp. 164–173. IEEE, Los Alamitos (1996)
Blaze, M., Feigenbaum, J., Ioannidis, J., Keromytis, A.D.: The KeyNote trust-management system. In: version 2. IETF RFC 2704 (September 1999)
Becker, M.Y.: Cassandra: Flexible Trust Management, Applied to Electronic Health Records. In: Proceedings of the 17th IEEE Computer Security Foundations Workshop (CSFW 2004). (2004)
Li, N., Grosof, B.N., Feigenbaum, J.: Delegation logic: A logic-based approach to distributed authorization. In: ACM Transaction on Information and System Secu-rity (TISSEC) (February 2003)
Li, N., Mitchell, J.C., Winsborough, W.H.: Design of a role-based trust management frame-work. In: Proceedings of the 2002 IEEE Symposium on Security and Privacy, pp. 114–130. IEEE Computer Society Press, Los Alamitos (May 2002)
Kanellakis, P.C., Kuper, G.M., Revesz, P.Z.: Constraint query languages. Journal of Computer and System Sciences 51(1), 26–52 (1995)
Gavriloaie, R., Nejdl, W., Olmedilla, D., Seamons, K.E., Winslett, M.: No Registration Needed: How to Use Declarative Policies and Negotiation to Access Sensitive Resources on the Semantic Web. In: Bussler, C.J., Davies, J., Fensel, D., Studer, R. (eds.) ESWS 2004. LNCS, vol. 3053, pp. 342–356. Springer, Heidelberg (2004)
Jim, T.: SD3: A Trust Management System With Certified Evaluation. In: IEEE Symposium on Security and Privacy, Oakland, CA (May 2001)
Varadharajan, V., Allen, P., Black, S.: An Analysis of the Proxy Problem in Distributed systems. In: IEEE Symposium on Research in Security and Privacy, Oakland, CA (1991)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Yin, G., Wang, Hm., Liu, T., Chen, Mf., Shi, Dx. (2005). Trust Management with Safe Privilege Propagation. In: Cao, J., Nejdl, W., Xu, M. (eds) Advanced Parallel Processing Technologies. APPT 2005. Lecture Notes in Computer Science, vol 3756. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11573937_20
Download citation
DOI: https://doi.org/10.1007/11573937_20
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-29639-3
Online ISBN: 978-3-540-32107-1
eBook Packages: Computer ScienceComputer Science (R0)