Trust Management with Safe Privilege Propagation

  • Gang Yin
  • Huai-min Wang
  • Tao Liu
  • Ming-feng Chen
  • Dian-xi Shi
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3756)


Trust management uses delegation to enable decentralized authorization across administrative domains. Delegation passes one’s authority over resources to trusted entities and thus enables more flexible and scalable authorization. However, unrestricted delegation may result in privilege proliferation and breach the privacy of information systems. The delegation models of existing trust management systems do not provide effective control on delegation propagation, and the correctness of constraint enforcement mechanisms is not formally analyzed, which may lead to privilege proliferation. In this paper, we propose a role-based constrained delegation model (RCDM), which restricts the propagation scope of delegation trees by a novel delegation constraint mechanism named spacial constraint. This paper also introduces a rule-based language to specify the policies and the deduction algorithm for constrained delegation defined in RCDM. The soundness and completeness properties of the deduction algorithm ensure the safety and availability of our delegation model.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Neumann, B.C.: Proxy-Based Authorization and Accounting for Distributed Systems. In: Proceedings of the 13th International Conference on Distributed Computing Systems, Pittsburgh, PA (May 1993)Google Scholar
  2. 2.
    Ellison, C.M., Frantz, B., Lampson, B., Rivest, R., Thomas, B.M., Ylonen, T.: SPKI Certificate Theory. In: IETF RFC 2693 (1998)Google Scholar
  3. 3.
    Yin, G., Wang, H., Shi, D., Gu, H.: Towards more Controllable and Practical Delegation. In: Gorodetsky, V., Kotenko, I., Skormin, V.A. (eds.) MMM-ACNS 2005. LNCS, vol. 3685, pp. 245–258. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  4. 4.
    Blaze, M., Feigenbaum, J., Lacy, J.: Decentralized trust management. In: Proceedings of 17th Symposium on Security and Privacy, Oakland, pp. 164–173. IEEE, Los Alamitos (1996)Google Scholar
  5. 5.
    Blaze, M., Feigenbaum, J., Ioannidis, J., Keromytis, A.D.: The KeyNote trust-management system. In: version 2. IETF RFC 2704 (September 1999)Google Scholar
  6. 6.
    Becker, M.Y.: Cassandra: Flexible Trust Management, Applied to Electronic Health Records. In: Proceedings of the 17th IEEE Computer Security Foundations Workshop (CSFW 2004). (2004)Google Scholar
  7. 7.
    Li, N., Grosof, B.N., Feigenbaum, J.: Delegation logic: A logic-based approach to distributed authorization. In: ACM Transaction on Information and System Secu-rity (TISSEC) (February 2003)Google Scholar
  8. 8.
    Li, N., Mitchell, J.C., Winsborough, W.H.: Design of a role-based trust management frame-work. In: Proceedings of the 2002 IEEE Symposium on Security and Privacy, pp. 114–130. IEEE Computer Society Press, Los Alamitos (May 2002)Google Scholar
  9. 9.
    Kanellakis, P.C., Kuper, G.M., Revesz, P.Z.: Constraint query languages. Journal of Computer and System Sciences 51(1), 26–52 (1995)CrossRefMathSciNetGoogle Scholar
  10. 10.
    Gavriloaie, R., Nejdl, W., Olmedilla, D., Seamons, K.E., Winslett, M.: No Registration Needed: How to Use Declarative Policies and Negotiation to Access Sensitive Resources on the Semantic Web. In: Bussler, C.J., Davies, J., Fensel, D., Studer, R. (eds.) ESWS 2004. LNCS, vol. 3053, pp. 342–356. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  11. 11.
    Jim, T.: SD3: A Trust Management System With Certified Evaluation. In: IEEE Symposium on Security and Privacy, Oakland, CA (May 2001)Google Scholar
  12. 12.
    Varadharajan, V., Allen, P., Black, S.: An Analysis of the Proxy Problem in Distributed systems. In: IEEE Symposium on Research in Security and Privacy, Oakland, CA (1991)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Gang Yin
    • 1
  • Huai-min Wang
    • 1
  • Tao Liu
    • 2
  • Ming-feng Chen
    • 3
  • Dian-xi Shi
    • 1
  1. 1.School of Computer ScienceNational University of Defense TechnologyChina
  2. 2.School of Electronic Science and EngineeringNational University of Defense TechnologyChina
  3. 3.China Xi’an Satellite Control Center 

Personalised recommendations