Advertisement

An Introduction to the Role Based Trust Management Framework RT

  • Marcin Czenko
  • Sandro Etalle
  • Dongyi Li
  • William H. Winsborough
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4677)

Abstract

Trust Management (TM) is a novel flexible approach to access control in distributed systems, where the access control decisions are based on the policy statements, called credentials, made by different principals and stored in a distributed manner. In this chapter we present an introduction to TM focusing on the role-based trust-management framework RT. In particular, we focus on RT\(_\textrm{0}\), the simplest representative of the RT family, and we describe in detail its syntax and semantics. We also present the solutions to the problem of credential discovery in distributed environments.

Keywords

Access Control IEEE Computer Society Trust Management Reputation System Semantic Program 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Abdul-Rahman, A., Hailes, S.: Supporting Trust in Virtual Communities. In: Proc. 33rd Hawaii International Conference on System Sciences, vol. 6, p. 6007. IEEE Computer Society Press, Los Alamitos (2000)Google Scholar
  2. 2.
    ANSI: American National Standard for Information Technology – Role Based Access Control. ANSI INCITS 359-2004 (February 2004)Google Scholar
  3. 3.
    Appel, A.W., Felten, E.W.: Proof-Carrying Authentication. In: CCS 1999: Proc. 6th ACM Conference on Computer and Communications Security, pp. 52–62. ACM Press, New York (1999)CrossRefGoogle Scholar
  4. 4.
    Bauer, L., Schneider, M.A., Felten, E.W.: A General and Flexible Access-Control System for the Web. In: Proc. 11th USENIX Security Symposium, USENIX Association, pp. 93–108 (2002)Google Scholar
  5. 5.
    Bauer, L.: Access Control for the Web via Proof-Carrying Authorization. PhD thesis, Adviser-Andrew W. Appel. (2003)Google Scholar
  6. 6.
    Becker, M.Y., Sewell, P.: Cassandra: Distributed Access Control Policies with Tunable Expressiveness. In: Proc. 5th IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY 2004), pp. 159–168. IEEE Computer Society Press, Los Alamitos (2004)CrossRefGoogle Scholar
  7. 7.
    Becker, M.Y., Sewell, P.: Cassandra: Flexible Trust Management, Applied to Electronic Health Records. In: CSFW, pp. 139–154. IEEE Computer Society Press, Los Alamitos (2004)Google Scholar
  8. 8.
    Blaze, M., Feigenbaum, J., Ioannidis, J., Keromytis, A.: The KeyNote Trust-Management System, Version 2. IETF RFC 2704 (1999)Google Scholar
  9. 9.
    Blaze, M., Feigenbaum, J., Ioannidis, J., Keromytis, A.: The Role of Trust Management in Distributed Systems Security. In: Vitek, J., Jensen, C. (eds.) Secure Internet Programming. LNCS, vol. 1603, pp. 185–210. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  10. 10.
    Blaze, M., Feigenbaum, J., Lacy, J.: Decentralized Trust Management. In: Proc. 17th IEEE Symposium on Security and Privacy, pp. 164–173. IEEE Computer Society Press, Los Alamitos (1996)Google Scholar
  11. 11.
    Bonatti, P., Duma, C., Olemdilla, D., Shahmehri, N.: An Integration of Reputation-based and Policy-based Trust Management. In: Proc. Semantic Web and Policy Workshop (2005)Google Scholar
  12. 12.
    Clarke, D., Elien, J.E., Ellison, C., Fredette, M., Morcos, A., Rivest, R.L.: Certificate Chain Discovery in SPKI/SDSI. Journal of Computer Security 9(4), 285–322 (2001)Google Scholar
  13. 13.
    Dellarocas, C.: Analyzing the Economic Efficiency of eBay-like Online Reputation Reporting Mechanisms. In: Proc. 3rd ACM conference on Electronic Commerce, pp. 171–179. ACM Press, New York (2001)CrossRefGoogle Scholar
  14. 14.
    Ellison, C., Frantz, B., Lampson, B., Rivest, R., Thomas, B., Ylonen, T.: SPKI Certificate Theory. IETF RFC 2693 (September 1999)Google Scholar
  15. 15.
    Etalle, S., Winsborough, W.H.: A Posteriori Compliance Control. In: Proc. 12th ACM Symposium on Access Control Models and Technologies, ACM Press, New York (2007)Google Scholar
  16. 16.
    Gunter, C., Jim, T.: Policy-directed Certificate Retrieval. Software: Practice & Experience 30(15), 1609–1640 (2000)zbMATHCrossRefGoogle Scholar
  17. 17.
    Herzberg, A., Mass, Y., Michaeli, J., Ravid, Y., Naor, D.: Access Control Meets Public Key Infrastructure, Or: Assigning Roles to Strangers. In: Proc. IEEE Symposium on Security and Privacy, pp. 2–14. IEEE Computer Society Press, Los Alamitos (2000)Google Scholar
  18. 18.
    Jarvenpaa, S.L., Tractinsky, N., Vitale, M.: Consumer Trust in an Internet Store. Inf. Tech. and Management 1(1-2), 45–71 (2000)CrossRefGoogle Scholar
  19. 19.
    Jim, T.: SD3: A Trust Management System with Certified Evaluation. In: Proc. IEEE Symposium on Security and Privacy, pp. 106–115. IEEE Computer Society Press, Los Alamitos (2001)Google Scholar
  20. 20.
    Jøsang, A.: The Right Type of Trust for Distributed Systems. In: NSPW 1996: Proc. Workshop on New Security Paradigms, pp. 119–131. ACM Press, New York (1996)CrossRefGoogle Scholar
  21. 21.
    Kamvar, S.D., Schlosser, M.T., Garcia-Molina, H.: The Eigentrust Algorithm for Reputation Management in P2P Networks. In: Proc. 12th International Conference on World Wide Web, pp. 640–651. ACM Press, New York (2003)Google Scholar
  22. 22.
    Li, N., Feigenbaum, J., Grosof, B.N.: A Logic-based Knowledge Representation for Authorization with Delegation (Extended Abstract). In: Proc. 1999 IEEE Computer Security Foundations Workshop, pp. 162–174. IEEE Computer Society Press, Los Alamitos (1999)Google Scholar
  23. 23.
    Li, N., Mitchell, J.: RT: A Role-based Trust-management Framework. In: Proc. 3rd DARPA Information Survivability Conference and Exposition (DISCEX III), pp. 201–212. IEEE Computer Society Press, Los Alamitos (2003)Google Scholar
  24. 24.
    Li, N., Mitchell, J., Winsborough, W.: Design of a Role-based Trust-management Framework. In: Proc. IEEE Symposium on Security and Privacy, pp. 114–130. IEEE Computer Society Press, Los Alamitos (2002)Google Scholar
  25. 25.
    Li, N., Winsborough, W., Mitchell, J.: Distributed Credential Chain Discovery in Trust Management. Journal of Computer Security 11(1), 35–86 (2003)Google Scholar
  26. 26.
    Czenko, M., Tran, H., Doumen, J., Etalle, S., Hartel, P., den Hartog, J.: Nonmonotonic Trust Management for P2P Applications. In: Proc. 1st International Workshop on Security and Trust Management, pp. 101–116. Elsevier, Amsterdam (2005)Google Scholar
  27. 27.
    Mui, L., Mohtashemi, M., Halberstadt, A.: A Computational Model of Trust and Reputation for E-businesses. Hicss 07, 188 (2002)Google Scholar
  28. 28.
    Resnick, P., Kuwabara, K., Zeckhauser, R., Friedman, E.: Reputation systems. Commun. ACM 43(12), 45–48 (2000)CrossRefGoogle Scholar
  29. 29.
    Rivest, R., Lampson, B.: SDSI – A Simple Distributed Security Infrastructure (October 1996), Available at http://theory.lcs.mit.edu/~rivest/sdsi11.html
  30. 30.
    Shmatikov, V., Talcott, C.L.: Reputation-based Trust Management. Journal of Computer Security 13(1), 167–190 (2005)Google Scholar
  31. 31.
    Weeks, S.: Understanding Trust Management Systems. In: Proc. IEEE Symposium on Security and Privacy, pp. 94–105. IEEE Computer Society Press, Los Alamitos (2001)Google Scholar
  32. 32.
    Winsborough, W.H., Li, N.: Towards Practical Automated Trust Negotiation. In: POLICY, pp. 92–103. IEEE Computer Society Press, Los Alamitos (2002)Google Scholar
  33. 33.
    Xiong, L., Liu, L.: A Reputation-based Trust Model for Peer-to-Peer eCommerce Communities. In: ACM Conference on Electronic Commerce, pp. 228–229. ACM, New York (2003)Google Scholar
  34. 34.
    Xiong, L., Liu, L.: PeerTrust: Supporting Reputation-Based Trust for Peer-to-Peer Electronic Communities. IEEE Trans. Knowl. Data Eng. 16(7), 843–857 (2004)CrossRefGoogle Scholar
  35. 35.
    Yahalom, R., Klein, B., Beth, T.: Trust Relationships in Secure Systems – A Distributed Authentication Perspective. In: RSP: IEEE Computer Society Symposium on Research in Security and Privacy, IEEE Computer Society, Los Alamitos (1993)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Marcin Czenko
    • 1
  • Sandro Etalle
    • 1
    • 2
  • Dongyi Li
    • 3
  • William H. Winsborough
    • 3
  1. 1.Department of Computer Science, University of TwenteThe Netherlands
  2. 2.University of TrentoItaly
  3. 3.Department of Computer Science, University of Texas, San AntonioUSA

Personalised recommendations