Skip to main content
SpringerLink
Log in
Book cover

International Workshop on Advanced Parallel Processing Technologies

APPT 2005: Advanced Parallel Processing Technologies pp 174–183Cite as

Trust Management with Safe Privilege Propagation

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 3756))

Abstract

Trust management uses delegation to enable decentralized authorization across administrative domains. Delegation passes one’s authority over resources to trusted entities and thus enables more flexible and scalable authorization. However, unrestricted delegation may result in privilege proliferation and breach the privacy of information systems. The delegation models of existing trust management systems do not provide effective control on delegation propagation, and the correctness of constraint enforcement mechanisms is not formally analyzed, which may lead to privilege proliferation. In this paper, we propose a role-based constrained delegation model (RCDM), which restricts the propagation scope of delegation trees by a novel delegation constraint mechanism named spacial constraint. This paper also introduces a rule-based language to specify the policies and the deduction algorithm for constrained delegation defined in RCDM. The soundness and completeness properties of the deduction algorithm ensure the safety and availability of our delegation model.

This work is supported by Grand Fundamental Research 973 Program of China (No.2005CB321804), National Natural Science Foundation under Grant No.90412011; the National High Technology Development 863 Program of China (No.2003AA115210; No.2004AA112020).

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Neumann, B.C.: Proxy-Based Authorization and Accounting for Distributed Systems. In: Proceedings of the 13th International Conference on Distributed Computing Systems, Pittsburgh, PA (May 1993)

    Google Scholar 

  2. Ellison, C.M., Frantz, B., Lampson, B., Rivest, R., Thomas, B.M., Ylonen, T.: SPKI Certificate Theory. In: IETF RFC 2693 (1998)

    Google Scholar 

  3. Yin, G., Wang, H., Shi, D., Gu, H.: Towards more Controllable and Practical Delegation. In: Gorodetsky, V., Kotenko, I., Skormin, V.A. (eds.) MMM-ACNS 2005. LNCS, vol. 3685, pp. 245–258. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  4. Blaze, M., Feigenbaum, J., Lacy, J.: Decentralized trust management. In: Proceedings of 17th Symposium on Security and Privacy, Oakland, pp. 164–173. IEEE, Los Alamitos (1996)

    Google Scholar 

  5. Blaze, M., Feigenbaum, J., Ioannidis, J., Keromytis, A.D.: The KeyNote trust-management system. In: version 2. IETF RFC 2704 (September 1999)

    Google Scholar 

  6. Becker, M.Y.: Cassandra: Flexible Trust Management, Applied to Electronic Health Records. In: Proceedings of the 17th IEEE Computer Security Foundations Workshop (CSFW 2004). (2004)

    Google Scholar 

  7. Li, N., Grosof, B.N., Feigenbaum, J.: Delegation logic: A logic-based approach to distributed authorization. In: ACM Transaction on Information and System Secu-rity (TISSEC) (February 2003)

    Google Scholar 

  8. Li, N., Mitchell, J.C., Winsborough, W.H.: Design of a role-based trust management frame-work. In: Proceedings of the 2002 IEEE Symposium on Security and Privacy, pp. 114–130. IEEE Computer Society Press, Los Alamitos (May 2002)

    Google Scholar 

  9. Kanellakis, P.C., Kuper, G.M., Revesz, P.Z.: Constraint query languages. Journal of Computer and System Sciences 51(1), 26–52 (1995)

    Article  MathSciNet  Google Scholar 

  10. Gavriloaie, R., Nejdl, W., Olmedilla, D., Seamons, K.E., Winslett, M.: No Registration Needed: How to Use Declarative Policies and Negotiation to Access Sensitive Resources on the Semantic Web. In: Bussler, C.J., Davies, J., Fensel, D., Studer, R. (eds.) ESWS 2004. LNCS, vol. 3053, pp. 342–356. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  11. Jim, T.: SD3: A Trust Management System With Certified Evaluation. In: IEEE Symposium on Security and Privacy, Oakland, CA (May 2001)

    Google Scholar 

  12. Varadharajan, V., Allen, P., Black, S.: An Analysis of the Proxy Problem in Distributed systems. In: IEEE Symposium on Research in Security and Privacy, Oakland, CA (1991)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Computer Science, National University of Defense Technology, China

    Gang Yin, Huai-min Wang & Dian-xi Shi

  2. School of Electronic Science and Engineering, National University of Defense Technology, China

    Tao Liu

  3. China Xi’an Satellite Control Center,  

    Ming-feng Chen

Authors
  1. Gang Yin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Huai-min Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Tao Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Ming-feng Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Dian-xi Shi
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computing, Hong Kong Polytechnic University, Kowloon, Hong Kong, China

    Jiannong Cao

  2. L3S Research Center, Leibniz Universität Hannover, Appelstrasse 9a, 30167, Hannover, Germany

    Wolfgang Nejdl

  3. Department of Network Engineering, School of Computer Science, National University of Defense Technology, 410073, Changsha, China

    Ming Xu

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Yin, G., Wang, Hm., Liu, T., Chen, Mf., Shi, Dx. (2005). Trust Management with Safe Privilege Propagation. In: Cao, J., Nejdl, W., Xu, M. (eds) Advanced Parallel Processing Technologies. APPT 2005. Lecture Notes in Computer Science, vol 3756. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11573937_20

Download citation

  • DOI: https://doi.org/10.1007/11573937_20

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-29639-3

  • Online ISBN: 978-3-540-32107-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation