Reasoning About Delegation and Account Access in Retail Payment Systems

  • Shiu-Kai Chin
  • Susan Older
Part of the Communications in Computer and Information Science book series (CCIS, volume 1)


Delegation and trust are essential to the smooth operation of large, geographically distributed systems, such as the US electronic retail payment system. This system supports billions of electronic transactions— from routine banking and store purchases to electronic commerce on the Internet. Because such systems provide the electronic fabric of our networked information society, it is crucial to understand rigorously and precisely the basis for the delegation and trust relationships in them. In this paper, we use a modal logic for access control to analyze these relationships in the context of checks (and their electronic equivalents) as payment instruments. While not free from risk, the retail payment system effectively balances trust, delegation, and risk on billions of transactions. Our logic allows us to explore with rigor the details of trust, delegation, and risk in these transactions.


Access control delegation trust retail payment systems modal logic 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Kosiyatrakul, T., Older, S., Humenn, P.R., Chin, S.K.: Implementing a calculus for distributed access control in higher order logic and hol. In: Gorodetsky, V., Popyack, L.J., Skormin, V.A. (eds.) MMM-ACNS 2003. LNCS, vol. 2776, pp. 32–46. Springer, Heidelberg (2003)Google Scholar
  2. 2.
    Kosiyatrakul, T., Older, S., Chin, S.K.: A modal logic for role-based access control. In: Gorodetsky, V., Kotenko, I.V., Skormin, V.A. (eds.) MMM-ACNS 2005. LNCS, vol. 3685, pp. 179–193. Springer, Heidelberg (2005)Google Scholar
  3. 3.
    Lampson, B., Abadi, M. Burrows, M., Wobber, E.: Authentication in Distributed Systems: Theory and Practice. ACM Transactions on Computer Systems 10(4), 265–310 (1992)CrossRefGoogle Scholar
  4. 4.
    Abadi, M., Burrows, M., Lampson, B., Plotkin, G.: A Calculus for Access Control in Distributed Systems. ACM Transactions on Programming Languages and Systems 15(4), 706–734 (1993)CrossRefGoogle Scholar
  5. 5.
    National Automated Clearing House Association 13665 Dulles Technology Drive, Suite 300, Herndon, VA 20171: 2006 ACH Rules: A Complete Guide to Rules and Regulations Governing the ACH Network (2006)Google Scholar
  6. 6.
    108th Congress (Check 21 act) Public Law Number 108–100, 117 Stat (2003). Public Law 108–100 was the 100th law passed by the 108th Congress. It was published in vol. 117, p. 1177 (2003) of the United States Statutes at Large at available at
  7. 7.
    Federal Financial Institutions Examination Council: Retail Payment Systems: IT Examination Handbook (2004) Available under IT Booklets on the FFIEC IT Handbook InfoBase web page at
  8. 8.
    Federal Reserve System: The 2004 Federal Reserve Payments Study: Analysis of Noncash Payments Trends in the United States: 2000–2003 (2004) Available at
  9. 9.
    Saltzer, J., Schroeder, M.: The protection of information in computer systems. In: Proceedings of IEEE 1975, IEEE Computer Society Press, Los Alamitos (1975)Google Scholar
  10. 10.
    Chin, S.K., Older, S.: A rigorous approach to teaching access control. In: Proceedings of the First Annual Conference on Education in Information Security, ACM, New York (2006)Google Scholar
  11. 11.
    Older, S., Chin, S.K.: Using Outcomes-based Assessment as an Assurance Tool for Assurance Education. Journal of Information Warfare 2(3), 86–100 (2003)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Shiu-Kai Chin
    • 1
  • Susan Older
    • 1
  1. 1.EECS DepartmentSyracuse UniversitySyracuseUSA

Personalised recommendations