Modeling Trust Management and Security of Information
This paper is a survey of studies of modeling access control and trust management. Access control is an important requirement of information systems. Role Based Access Control (RBAC) is the most flexible type of access control policy. It is a model of access control in enterprise information systems. It uses a user role to control which users have access to given resources. Access rights are grouped by a role name, and access to resources is restricted to these users who are assigned to appropriate roles. Each user can be assigned to one or more roles, which itself can be associated with one or more privileges. Conventional access control models are suitable for regulating access to resources by recognized users. Unfortunately, these models have often been inadequate for decentralized and open systems where the identity of the users is not known and users are changing constantly. To overcome the shortcomings of conventional access control models, like RBAC, credential-based access control has been proposed. Credential-based systems implement a notion of binary trust. However, due to the monotonicity requirement, these models will be more appropriate for a theoretical analysis than for real use. Non monotonic Trust Management system for P2P applications is also described.
KeywordsAccess Control Trust Management Access Control Policy Access Control Model Role Base Access Control
Unable to display preview. Download preview PDF.
- [Blaze96]Blaze M., Feigenbaum J., Lacy J.: Decentralized Trust Management. In Proceedings of 17th IEEE Symposium on Security and Privacy, Oakland, 1996.Google Scholar
- [Blaze99]Blaze M., Feigenbaum J., Ioannidis J.: The KeyNote Trust Management System Version 2. Internet Society, Network Working Group. RFC 2704, 1999.Google Scholar
- [Chadwick03]Chadwick D., Otenko A., Ball E.: Role-Based Access Control with X.509 Attribute Certificates. IEEE Internet Computing 7(2): 62–69, March/April 2003.Google Scholar
- [Czenko05]Czenko M. R., Tran H. M., Doumen J. M., Etalle S., Hartel P. H., den Hartog J. I.: Nonmonotonic Trust Management for P2P Applications. In 1st Int. Workshop on Security and Trust Management (STM), September 2005.Google Scholar
- [Felkner06]Felkner A.: Model kontroli dostcepu opartej na rolach i jego rozszerzenia, Mlodzi Naukowcy Wobec Wyzwah Wspölczesnej Techniki, 2006.Google Scholar
- [Felkner06]Felkner A.: Applications of RBAC in new Internet technologies, Proc. of VIII International PhD Workshop OWD 2006, Conference Archives PTETiS, 2006.Google Scholar
- [FerraioloOl]Ferraiolo D., Sandhu R., Gavrila S., Kuhn D. R., Chandramoult R.: Proposed NIST Standard for Role-Based Access Control, ACM Transactions on Information and System Security, Vol. 4, No. 3, August 2001, pp. 224–274.Google Scholar
- [Li03]Li N., Mitchell J.: Datalog with Constraints: A Foundation for Trust-management Languages. In Pro-ceedings of the 5th International Symposium on Practical Aspects of Declarative Languages, New Orleans, January 2003.Google Scholar
- [Li02]Li N., Mitchell J., Winsborough W.: Design of a Role-Based Trust-Management Framework. In Pro-ceedings of the 2002 IEEE Symposium on Security and Privacy, pages 114–130, Oakland, California, May 2002.Google Scholar
- [Li03a]Li N., Mitchell J.: RT. A Role-based Trust Management Framework. In Proceedings of the 3rd DARPA Information Survivability Conference and Exposition, Washington D.C., April 2003.Google Scholar
- [Sandhu96]Sandhu R. S., Coyne E. J., Feinstein H. L., Youman C. E.: Role-Based Access Control Models, IEEE Computer, Volume 29, Nr 2, s. 38–47, 1996.Google Scholar