Abstract
Trust Management(TM) aims to provide effective access control in open systems. It enables the resource owners to reason and determine the access permissions on the basis of a collection of distributed authorization knowledge about the requester. However, to be efficient, most current TM approaches are based on DATALOG which can’t directly express the connotation of TM authorization policies. Thus these policies are hard to be understood and maintained by human beings. In this paper, we propose a new approach called OT based on the ontology language OWL 2 EL. OT supports the connotation expressible policies and remains efficient since its procedure of compliance checking is provable to be tractable.
this paper is supported by grants from 863 High-tech Research and Development Program of China ( 2007AA1204040 and 2007AA1204050).
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
OWL EL Introduction, http://www.w3.org/TR/owl2-profiles/#OWL_2_EL
Baader, F., Brandt, S., Lutz, C.: Pushing the \(\mathcal {E}\mathcal {L}\) envelope. In: Proceedings of IJCAI, pp. 364–369 (2005)
Baader, F., Brandt, S., Lutz, C.: Pushing the \(\mathcal {E}\mathcal {L}\) envelope further. In: Proceedings of the OWLED 2008 DC Workshop on OWL: Experiences and Directions (2008)
Blaze, M., Feigenbaum, J., Keromytis, A.D.: Keynote: Trust management for public-key infrastructures (position paper). In: Proceedings of the 6th International Workshop on Security Protocols, pp. 59–63 (1999)
Blaze, M., Feigenbaum, J., Lacy, J.: Decentralized Trust Management. In: Proceedings of the 17th Symposium on Security and Privacy, pp. 164C–173C (1996)
Blaze, M., Feigenbaum, J., Strauss, M.: Compliance checking in the policymaker trust management system. In: Hirschfeld, R. (ed.) FC 1998. LNCS, vol. 1465, pp. 254–274. Springer, Heidelberg (1998)
De Treville, J.: Binder, a logic-based security language. In: Proceedings of the 2002 IEEE Symposium on Security and Privacy, pp. 105–113 (2002)
Baader, F., Lutz, C.: Pushing the \(\mathcal {E}\mathcal {L}\) envelope. Technical report, LTCS-Report ltcs-05-01, Inst. for Theoretical Computer Science, TU Dresden (2005), http://lat.inf.tudresden.de/research/reports.html
Jim, T.: SD3: A trust management system with certified evaluation. In: Proceedings of the 2001 IEEE Symposium on Security and Privacy, pp. 106–115 (2001)
Li, N.: Local names in SPKI/SDSI. In: Proceedings of the 13th IEEE workshop on Computer Security Foundations, pp. 2–15 (2000)
Li, N., Grosof, B.N., Feigenbaum, J.: Delegation logic: A logic-based approach to distributed authorization. ACM Trans. Inf. Syst. Secur. 6(1), 128–171 (2003)
Li, N., Mitchell, J.C.: Datalog with constraints: A foundation for trust management languages. In: Dahl, V., Wadler, P. (eds.) PADL 2003. LNCS, vol. 2562, pp. 58–73. Springer, Heidelberg (2002)
Li, N., Mitchell, J.C., Winsborough, W.H.: Design of a role-based trust-management framework. In: Proceedings of the 2002 IEEE Symposium on Security and Privacy, pp. 114–130 (2002)
Li, N., Mitchell, J.C., Winsborough, W.H.: Beyond proof-of-compliance: security analysis in trust management. J. ACM 52(3), 474–514 (2005)
Becker, M.Y., Sewell, P.: Cassandra: flexible trust management and its application to electronic health records. In: IEEE Computer Security Foundations Workshop, pp. 139–154 (2004)
Polakow, J., Skalka, C.: Specifying Distributed Trust Mnagement in LolliMon. In: Proceedings of the 2006 workshop on Programming languages and analysis for security, pp. 37–46 (2006)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Zhang, Y., Zhai, Z., Feng, D. (2009). Bring Efficient Connotation Expressible Policies to Trust Management. In: Qing, S., Mitchell, C.J., Wang, G. (eds) Information and Communications Security. ICICS 2009. Lecture Notes in Computer Science, vol 5927. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-11145-7_31
Download citation
DOI: https://doi.org/10.1007/978-3-642-11145-7_31
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-11144-0
Online ISBN: 978-3-642-11145-7
eBook Packages: Computer ScienceComputer Science (R0)