Skip to main content
SpringerLink
Log in

Datalog with Constraints: A Foundation for Trust Management Languages

  • Conference paper
  • First Online:
Practical Aspects of Declarative Languages (PADL 2003)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2562))

Included in the following conference series:

Abstract

Trust management (TM) is a promising approach for authorization and access control in distributed systems, based on signed distributed policy statements expressed in a policy language. Although several TM languages are semantically equivalent to subsets of Datalog, Datalog is not suffciently expressive for ifne-grained control of structured resources. We define the class of linearly decomposable unary constraint domains, prove that Datalog extended with constraints in any combination of such constraint domains is tractable, and show that permissions associated with structured resources fall into this class. We also present a concrete declarative TM language, RT C 1 , based on constraint Datalog, and use constraint Datalog to analyze another TM system, KeyNote, which turns out to be less expressive than RT C 1 in significant respects, yet less tractable in the worst case. Although constraint Datalog has been studied in the context of constraint databases, TM applications involve different kinds of constraint domains and have different computational complexity requirements.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Olav Bandmann and Mads Dam. A note on SPKI’s authorization syntax. In Pre-Proceedings of 1st Annual PKI Research Workshop, April 2002. Available from http://www.cs.dartmouth.edu/~pki02/.

  2. Elisa Bertino, Claudio Bettini, Elena Ferrari, and Pierangela Samarati. An access control model supporting periodicity constraints and temporal reasoning. ACM Transactions on Database Systems, 23(3):231–285, 1998.

    Article  Google Scholar 

  3. Matt Blaze, Joan Feigenbaum, John Ioannidis, and Angelos D. Keromytis. The KeyNote trust-management system, version 2. IETF RFC 2704, September 1999.

    Google Scholar 

  4. Matt Blaze, Joan Feigenbaum, and Jack Lacy. Decentralized trust management. In Proceedings of the 1996 IEEE Symposium on Security and Privacy, pages 164–173. IEEE Computer Society Press, May 1996.

    Google Scholar 

  5. Jan Chomicki, Dina Goldin, Gabriel Kuper, and David Toman. Variable independence in constraint databases, November 2001. In final review for IEEE Transactions on Knowledge and Data Engineering.

    Google Scholar 

  6. John DeTreville. Binder, a logic-based security language. In Proceedings of the 2002 IEEE Symposium on Security and Privacy, pages 105–113. IEEE Computer Society Press, May 2002.

    Google Scholar 

  7. Carl Ellison, Bill Frantz, Butler Lampson, Ron Rivest, Brian Thomas, and Tatu Ylonen. SPKI certificate theory. IETF RFC 2693, September 1999.

    Google Scholar 

  8. Jonathan R. Howell. Naming and sharing resources acroos administrative boundaries. PhD thesis, Dartmouth College, May 2000.

    Google Scholar 

  9. Joxan Jaffar and Michael J. Maher. Constraint logic programming: A survey. Journal of Logic Programming, 19/20:503–580, 1994.

    Article  MathSciNet  Google Scholar 

  10. Trevor Jim. SD3: A trust management system with certified evaluation. In Proceedings of the 2001 IEEE Symposium on Security and Privacy, pages 106–115. IEEE Computer Society Press, May 2001.

    Google Scholar 

  11. Paris C. Kanellakis, Gabriel M. Kuper, and Peter Z. Revesz. Constraint query languages. Journal of Computer and System Sciences, 51(1):26–52, August 1995. Preliminary version appeared in Proceedings of the 9th ACM Symposium on Principles of Database Systems (PODS), 1990.

    Article  MathSciNet  Google Scholar 

  12. Gabriel Kuper, Leonid Libkin, and Jan Paredaens, editors. Constraint Databases. Springer, 2000.

    Google Scholar 

  13. Ninghui Li, Benjamin N. Grosof, and Joan Feigenbaum. A practically implementable and tractable Delegation Logic. In Proceedings of the 2000 IEEE Symposium on Security and Privacy, pages 27–42. IEEE Computer Society Press, May 2000.

    Google Scholar 

  14. Ninghui Li, Benjamin N. Grosof, and Joan Feigenbaum. Delegation Logic: A logicbased approach to distributed authorization. ACM Transaction on Information and System Security (TISSEC), February 2003. To appear.

    Google Scholar 

  15. Ninghui Li, John C. Mitchell, and William H. Winsborough. Design of a rolebased trust management framework. In Proceedings of the 2002 IEEE Symposium on Security and Privacy, pages 114–130. IEEE Computer Society Press, May 2002.

    Google Scholar 

  16. Ninghui Li, William H. Winsborough, and John C. Mitchell. Distributed credential chain discovery in trust management. To appear in Journal of Computer Security. Extended abstract appeared in Proceedings of the Eighth ACM Conference on Computer and Communications Security (CCS-8), November 2001.

    Google Scholar 

  17. Yuri V. Matiyasevich. Hilbert’s Tenth Problem. The MIT Press, 1993.

    Google Scholar 

  18. Peter Z. Revesz. Constraint databases: A survey. In L. Libkin and B. Thalheim, editors, Semantics in Databases, number 1358 in LNCS, pages 209–246. Springer, 1998.

    Google Scholar 

  19. Peter Z. Revesz. Safe Datalog queries with linear constraints. In Proceedings of the 4th International Conference on Principles and Practice of Constraint Programming (CP98), number 1520 in LNCS. Springer, 1998.

    Google Scholar 

  20. David Toman. Memoing evaluation for constraint extensions of Datalog. Constraints: An International Journal, 2:337–359, 1997.

    Article  MATH  MathSciNet  Google Scholar 

  21. David Toman and Jan Chomicki. Datalog with integer periodicity constraints. Journal of Logic programming, 35:263–290, 1994.

    Article  MathSciNet  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, Stanford University, Gates 4B, 94305-9045, Stanford, CA

    Ninghui Li & John C. Mitchell

Authors
  1. Ninghui Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. John C. Mitchell
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Computer Science Department Logic and Functional Programming Group, Simon Fraser University, 8888 University Drive, V5A 1S6, Burnaby B.C., Canada

    Veronica Dahl

  2. Avaya Labs, 233 Mount Airy Road, Basking Ridge, 07920, NJ, USA

    Philip Wadler

Rights and permissions

Reprints and permissions

Copyright information

© 2003 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Li, N., Mitchell, J.C. (2003). Datalog with Constraints: A Foundation for Trust Management Languages. In: Dahl, V., Wadler, P. (eds) Practical Aspects of Declarative Languages. PADL 2003. Lecture Notes in Computer Science, vol 2562. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-36388-2_6

Download citation

  • DOI: https://doi.org/10.1007/3-540-36388-2_6

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-00389-2

  • Online ISBN: 978-3-540-36388-0

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation