Selective Disclosure in Datalog-Based Trust Management

  • Nik Sultana
  • Moritz Y. Becker
  • Markulf Kohlweiss
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8203)


Credential-based and policy-based access control, also called trust management, is an elegant solution for access control in open decentralised systems. Existing solutions support very expressive policy languages, but suffer from usability and privacy issues. We present a light extension of Datalog-based trust management that supports both legacy authentication mechanisms and anonymous credentials. We motivate our design decisions and demonstrate the effectiveness of our language through a prototype implementation.


Policy Language Trust Management Access Request Credential Requirement Trust Negotiation 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Lampson, B.W.: Protection. Operating Systems Review 8(1), 18–24 (1974)CrossRefGoogle Scholar
  2. 2.
    Miller, M., Yee, K.P., Shapiro, J., Inc, C.: Capability Myths Demolished. Technical report, Johns Hopkins University Systems Research Laboratory (2003)Google Scholar
  3. 3.
    Lee, A.J., Winslett, M., Basney, J., Welch, V.: The Traust Authorization Service. ACM Trans. Inf. Syst. Secur. 11(1) (2008)Google Scholar
  4. 4.
    Blaze, M., Feigenbaum, J., Keromytis, A.D.: The Role of Trust Management in Distributed Systems Security. In: Vitek, J. (ed.) Secure Internet Programming. LNCS, vol. 1603, pp. 185–210. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  5. 5.
    di Vimercati, S.D.C., Foresti, S., Jajodia, S., Paraboschi, S., Psaila, G., Samarati, P.: Integrating trust management and access control in data-intensive Web applications. TWEB 6(2), 6 (2012)CrossRefGoogle Scholar
  6. 6.
    Brands, S.: Rethinking Public Key Infrastructures and Digital Certificates. MIT Press (2000)Google Scholar
  7. 7.
    Chaum, D.: Security Without Identification: Transaction Systems to Make Big Brother obsolete. Communications of the ACM 28(10), 1030–1044 (1985)CrossRefGoogle Scholar
  8. 8.
    Camenisch, J.L., Lysyanskaya, A.: An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 93–118. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  9. 9.
    Bellovin, S.M., Merritt, M.: Augmented Encrypted Key Exchange: A Password-Based Protocol Secure against Dictionary Attacks and Password File Compromise. In: Denning, D.E., Pyle, R., Ganesan, R., Sandhu, R.S., Ashby, V. (eds.) ACM Conference on Computer and Communications Security, pp. 244–250. ACM (1993)Google Scholar
  10. 10.
    Camenisch, J., Casati, N., Gross, T., Shoup, V.: Credential Authenticated Identification and Key Exchange. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 255–276. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  11. 11.
    Blazy, O., Chevalier, C., Pointcheval, D., Vergnaud, D.: Efficient UC-Secure Authenticated Key-Exchange for Algebraic Languages. IACR Cryptology ePrint Archive 2012, 284 (2012)Google Scholar
  12. 12.
    Ardagna, C.A., Camenisch, J., Kohlweiss, M., Leenes, R., Neven, G., Priem, B., Samarati, P., Sommer, D., Verdicchio, M.: Exploiting cryptography for privacy-enhanced access control: A result of the PRIME Project. Journal of Computer Security 18(1), 123–160 (2010)Google Scholar
  13. 13.
    PrimeLife Project (2012), (accessed in December 2012)
  14. 14.
    Li, J., Li, N., Winsborough, W.: Automated trust negotiation using cryptographic credentials. In: Proceedings of the 12th ACM conference on Computer and Communications Security, pp. 46–57. ACM (2005)Google Scholar
  15. 15.
    Camenisch, J., Mödersheim, S., Neven, G., Preiss, F.S., Sommer, D.: A card requirements language enabling privacy-preserving access control. In: Joshi, J.B.D., Carminati, B. (eds.) SACMAT, pp. 119–128. ACM (2010)Google Scholar
  16. 16.
    Frikken, K.B., Li, J., Atallah, M.J.: Trust Negotiation with Hidden Credentials, Hidden Policies, and Policy Cycles. In: NDSS. The Internet Society (2006)Google Scholar
  17. 17.
    Peirce, C.S.: Abduction and Induction. In: Buchler, J. (ed.) Philosophical Writings of Peirce. Dover Publications, Oxford (1955)Google Scholar
  18. 18.
    Belenkiy, M., Camenisch, J., Chase, M., Kohlweiss, M., Lysyanskaya, A., Shacham, H.: Randomizable Proofs and Delegatable Anonymous Credentials. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 108–125. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  19. 19.
    Bichsel, P., Camenisch, J., Groß, T., Shoup, V.: Anonymous credentials on a standard Java card. In: Al-Shaer, E., Jha, S., Keromytis, A.D. (eds.) ACM Conference on Computer and Communications Security, pp. 600–610. ACM (2009)Google Scholar
  20. 20.
    Schnorr, C.: Efficient Signature Generation for Smart Cards. Journal of Cryptology 4(3), 239–252 (1991)MathSciNetCrossRefGoogle Scholar
  21. 21.
    Chaum, D., Pedersen, T.P.: Wallet databases with observers. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 89–105. Springer, Heidelberg (1993)CrossRefGoogle Scholar
  22. 22.
    Camenisch, J.L., Lysyanskaya, A.: A Signature Scheme with Efficient Protocols. In: Cimato, S., Galdi, C., Persiano, G. (eds.) SCN 2002. LNCS, vol. 2576, pp. 268–289. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  23. 23.
    Camenisch, J., Krenn, S., Shoup, V.: A Framework for Practical Universally Composable Zero-Knowledge Protocols. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 449–467. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  24. 24.
    Abe, M., Fuchsbauer, G., Groth, J., Haralambiev, K., Ohkubo, M.: Structure-Preserving Signatures and Commitments to Group Elements. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 209–236. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  25. 25.
    Robinson, J.: A machine-oriented logic based on the resolution principle. Journal of the ACM (JACM) 12(1), 23–41 (1965)CrossRefzbMATHGoogle Scholar
  26. 26.
    Ceri, S., Gottlob, G., Tanca, L.: What You Always Wanted to Know About Datalog (And Never Dared to Ask). IEEE Transactions on Knowledge and Data Engineering 1(1), 146–166 (1989)CrossRefGoogle Scholar
  27. 27.
    Li, N., Mitchell, J.C.: DATALOG with Constraints: A Foundation for Trust Management Languages. In: Dahl, V. (ed.) PADL 2003. LNCS, vol. 2562, pp. 58–73. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  28. 28.
    Becker, M.Y., Nanz, S.: The role of abduction in declarative authorization policies. In: Hudak, P., Warren, D.S. (eds.) PADL 2008. LNCS, vol. 4902, pp. 84–99. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  29. 29.
    Camenisch, J., Kiayias, A., Yung, M.: On the Portability of Generalized Schnorr Proofs. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 425–442. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  30. 30.
    Groth, J., Sahai, A.: Efficient Non-interactive Proof Systems for Bilinear Groups. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 415–432. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  31. 31.
    Kissner, L., Song, D.: Privacy-Preserving Set Operations. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 241–257. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  32. 32.
    Camenisch, J.L., Damgård, I.B.: Verifiable encryption, group encryption, and their applications to separable group signatures and signature sharing schemes. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 331–345. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  33. 33.
    Camenisch, J., Dubovitskaya, M., Lehmann, A., Neven, G., Paquin, C., Preiss, F.-S.: Concepts and Languages for Privacy-Preserving Attribute-Based Authentication. In: Fischer-Hübner, S., de Leeuw, E., Mitchell, C. (eds.) IDMAN 2013. IFIP AICT, vol. 396, pp. 34–52. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  34. 34.
    Ardagna, C.A., di Vimercati, S.D.C., Foresti, S., Paraboschi, S., Samarati, P.: Minimising disclosure of client information in credential-based interactions. IJIPSI 1(2/3), 205–233 (2012)CrossRefGoogle Scholar
  35. 35.
    Lee, A.J., Winslett, M.: Towards an efficient and language-agnostic compliance checker for trust negotiation systems. In: Proceedings of the 2008 ACM Symposium on Information, Computer and Communications Security, pp. 228–239. ACM (2008)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Nik Sultana
    • 1
  • Moritz Y. Becker
    • 2
  • Markulf Kohlweiss
    • 2
  1. 1.Cambridge UniversityUK
  2. 2.Microsoft ResearchCambridgeUK

Personalised recommendations