Reasoning About Delegation and Account Access in Retail Payment Systems
Delegation and trust are essential to the smooth operation of large, geographically distributed systems, such as the US electronic retail payment system. This system supports billions of electronic transactions— from routine banking and store purchases to electronic commerce on the Internet. Because such systems provide the electronic fabric of our networked information society, it is crucial to understand rigorously and precisely the basis for the delegation and trust relationships in them. In this paper, we use a modal logic for access control to analyze these relationships in the context of checks (and their electronic equivalents) as payment instruments. While not free from risk, the retail payment system effectively balances trust, delegation, and risk on billions of transactions. Our logic allows us to explore with rigor the details of trust, delegation, and risk in these transactions.
KeywordsAccess control delegation trust retail payment systems modal logic
Unable to display preview. Download preview PDF.
- 1.Kosiyatrakul, T., Older, S., Humenn, P.R., Chin, S.K.: Implementing a calculus for distributed access control in higher order logic and hol. In: Gorodetsky, V., Popyack, L.J., Skormin, V.A. (eds.) MMM-ACNS 2003. LNCS, vol. 2776, pp. 32–46. Springer, Heidelberg (2003)Google Scholar
- 2.Kosiyatrakul, T., Older, S., Chin, S.K.: A modal logic for role-based access control. In: Gorodetsky, V., Kotenko, I.V., Skormin, V.A. (eds.) MMM-ACNS 2005. LNCS, vol. 3685, pp. 179–193. Springer, Heidelberg (2005)Google Scholar
- 5.National Automated Clearing House Association 13665 Dulles Technology Drive, Suite 300, Herndon, VA 20171: 2006 ACH Rules: A Complete Guide to Rules and Regulations Governing the ACH Network (2006)Google Scholar
- 6.108th Congress (Check 21 act) Public Law Number 108–100, 117 Stat (2003). Public Law 108–100 was the 100th law passed by the 108th Congress. It was published in vol. 117, p. 1177 (2003) of the United States Statutes at Large at available at http://www.federalreserve.gov/paymentsystems/truncation/
- 7.Federal Financial Institutions Examination Council: Retail Payment Systems: IT Examination Handbook (2004) Available under IT Booklets on the FFIEC IT Handbook InfoBase web page at http://www.ffiec.gov/
- 8.Federal Reserve System: The 2004 Federal Reserve Payments Study: Analysis of Noncash Payments Trends in the United States: 2000–2003 (2004) Available at http://www.frbservices.org/Retail/pdf/2004PaymentResearchReport.pdf
- 9.Saltzer, J., Schroeder, M.: The protection of information in computer systems. In: Proceedings of IEEE 1975, IEEE Computer Society Press, Los Alamitos (1975)Google Scholar
- 10.Chin, S.K., Older, S.: A rigorous approach to teaching access control. In: Proceedings of the First Annual Conference on Education in Information Security, ACM, New York (2006)Google Scholar
- 11.Older, S., Chin, S.K.: Using Outcomes-based Assessment as an Assurance Tool for Assurance Education. Journal of Information Warfare 2(3), 86–100 (2003)Google Scholar