Modeling Trust Management and Security of Information

  • Anna Felkner
  • Tomasz Jordan Kruk


This paper is a survey of studies of modeling access control and trust management. Access control is an important requirement of information systems. Role Based Access Control (RBAC) is the most flexible type of access control policy. It is a model of access control in enterprise information systems. It uses a user role to control which users have access to given resources. Access rights are grouped by a role name, and access to resources is restricted to these users who are assigned to appropriate roles. Each user can be assigned to one or more roles, which itself can be associated with one or more privileges. Conventional access control models are suitable for regulating access to resources by recognized users. Unfortunately, these models have often been inadequate for decentralized and open systems where the identity of the users is not known and users are changing constantly. To overcome the shortcomings of conventional access control models, like RBAC, credential-based access control has been proposed. Credential-based systems implement a notion of binary trust. However, due to the monotonicity requirement, these models will be more appropriate for a theoretical analysis than for real use. Non monotonic Trust Management system for P2P applications is also described.


Access Control Trust Management Access Control Policy Access Control Model Role Base Access Control 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [Blaze96]
    Blaze M., Feigenbaum J., Lacy J.: Decentralized Trust Management. In Proceedings of 17th IEEE Symposium on Security and Privacy, Oakland, 1996.Google Scholar
  2. [Blaze99]
    Blaze M., Feigenbaum J., Ioannidis J.: The KeyNote Trust Management System Version 2. Internet Society, Network Working Group. RFC 2704, 1999.Google Scholar
  3. [Chadwick03]
    Chadwick D., Otenko A., Ball E.: Role-Based Access Control with X.509 Attribute Certificates. IEEE Internet Computing 7(2): 62–69, March/April 2003.Google Scholar
  4. [Czenko05]
    Czenko M. R., Tran H. M., Doumen J. M., Etalle S., Hartel P. H., den Hartog J. I.: Nonmonotonic Trust Management for P2P Applications. In 1st Int. Workshop on Security and Trust Management (STM), September 2005.Google Scholar
  5. [Felkner06]
    Felkner A.: Model kontroli dostcepu opartej na rolach i jego rozszerzenia, Mlodzi Naukowcy Wobec Wyzwah Wspölczesnej Techniki, 2006.Google Scholar
  6. [Felkner06]
    Felkner A.: Applications of RBAC in new Internet technologies, Proc. of VIII International PhD Workshop OWD 2006, Conference Archives PTETiS, 2006.Google Scholar
  7. [FerraioloOl]
    Ferraiolo D., Sandhu R., Gavrila S., Kuhn D. R., Chandramoult R.: Proposed NIST Standard for Role-Based Access Control, ACM Transactions on Information and System Security, Vol. 4, No. 3, August 2001, pp. 224–274.Google Scholar
  8. [Li03]
    Li N., Mitchell J.: Datalog with Constraints: A Foundation for Trust-management Languages. In Pro-ceedings of the 5th International Symposium on Practical Aspects of Declarative Languages, New Orleans, January 2003.Google Scholar
  9. [Li02]
    Li N., Mitchell J., Winsborough W.: Design of a Role-Based Trust-Management Framework. In Pro-ceedings of the 2002 IEEE Symposium on Security and Privacy, pages 114–130, Oakland, California, May 2002.Google Scholar
  10. [Li03a]
    Li N., Mitchell J.: RT. A Role-based Trust Management Framework. In Proceedings of the 3rd DARPA Information Survivability Conference and Exposition, Washington D.C., April 2003.Google Scholar
  11. [Sandhu96]
    Sandhu R. S., Coyne E. J., Feinstein H. L., Youman C. E.: Role-Based Access Control Models, IEEE Computer, Volume 29, Nr 2, s. 38–47, 1996.Google Scholar

Copyright information

© Friedr. Vieweg & Sohn Verlag | GWV Fachverlage GmbH, Wiesbaden 2007

Authors and Affiliations

  • Anna Felkner
    • 1
  • Tomasz Jordan Kruk
    • 1
  1. 1.Research and Academic Computer NetworkPoland

Personalised recommendations