Towards a credential-based implementation of compound access control policies

Proceedings of ACM Symposium on Access Control Models and Technologies (SACMAT 2002)

Volumn 9, Issue , 2004, Pages 31-40

  Biskup, Joachim ^a   Wortmann, Sandra ^a  

^a TU DORTMUND UNIVERSITY   (Germany)

Author keywords

Access control; Certificate chain discovery; Credential; Policy algebra; Public key infrastructure; SPKI SDSI

Indexed keywords

ALGORITHMS; DISTRIBUTED COMPUTER SYSTEMS; ELECTRONIC DOCUMENT IDENTIFICATION SYSTEMS; INFORMATION ANALYSIS; INTEROPERABILITY; NETWORK PROTOCOLS; PUBLIC POLICY; QUERY LANGUAGES; SOFTWARE PROTOTYPING; USER INTERFACES;

ACCESS CONTROL; CERTIFICATE CHAIN DISCOVERY; CREDENTIAL; POLICY ALGEBRA; PUBLIC KEY INFRASTRUCTURE; SPKI/SDSI;

SECURITY OF DATA;

EID: 4143055831     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/990036.990042     Document Type: Conference Paper

References (20)

1. M. Abadi. On SDSI's linked local name spaces. Journal of Computer Security, 6(1-2):3-21, 1998.
2. E. Bertino, S. Jajodia, and P. Samarati. A flexible authorization mechanism for relational data management systems. ACM Transactions on Information Systems (TISSEC), 17(2): 101-140, April 1999.
3. J. Biskup and Y. Karabulut. A hybrid pki model: Application to secure mediation. In Research Directions in Data and Application Security, 16th Annual IFIP WG 11.3 Working Conference on Data and Application Security, pages 271-282. Kluwer Academic Publishers, Boston, 2003.
4. M. Blaze, J. Feigenbaum, J. Ioannidis, and A. Keromytis. The role of trust management in distributed systems security. In Secure Internet Programming: Issues in Distributed and Mobile Object Systems, volume 1603 of Lecture Notes in Computer Science, pages 183-210. Springer Verlag, Berlin, July 1999.
5. M. Blaze, J. Feigenbaum, J. Ioannidis, and J. Lacy. Decentralized trust managment. In Proceedings of 1996 IEEE Symposium on Security and Privacy, Oakland, CA, pages 164-173. IEEE Computer Society Press, May 1996.
6. P. Bonatti, S. Capitani di Vimercati, and P. Samarati. An algebra for composing access control policies. ACM Transactions on Information and System Security (TISSEC), 5(1):1-35, February 2002.
7. S. Brands. Rethinking Public Key Infrastructures and Digital Certificates, MIT Press, Cambridge-London, 2000.
8. D. Chaum. Security without identification: transaction systems to make big brother obsolete. In Communications of the ACM 28, volume 10, pages 1030-1044. ACM Press, 1985.
9. D. Clarke, J.-E. Elien, C. M. Ellison, M. Fredette, A. Morcos, and R. L. Rivest. Certificate chain discovery in SPKI/SDSI. Journal of Computer Security, 9:285-322, 2001.
10. C. M. Ellison, B. Frantz, B. Lampson, R. L. Rivest, B. M. Thomas, and T. Ylonen. Simple public key certificate, http://world.std.com/cme/html/spki.html, July 1999.
11. C. M. Ellison, B. Frantz, B. Lampson, R. L. Rivest, B. M. Thomas, and T. Ylonen. SPKI certificate theory. Internet RFC 2693, September 1999.
12. J. Halpern and R. van der Meyden. A logic for SDSI's linked local name spaces. Journal of Computer Security, 9(1-2):47-74, 2001.
13. S. Jajodia, P. Samarati, V. S. Subrahmanian, and E. Bertino. A unified framework for enforcing multiple access control policies. ACM SIGMOD Record, 26(2):474-485, June 1997.
14. N. Li and J. C. Mitchell. Understanding SPKI/SDSI using first-order logic. In Proceedings of the 16th. IEEE Computer Security Foundations Workshop, pages 89-108. CSFW 2003, Pacific Grove, California, USA, IEEE Computer Society Press, June 2003.
15. R. L. Rivest and B. Lampson. SDSI - a simple distributed security infrastructure. http://theory.lcs.mit.edu/cis/sdsi.html, April 1996.
16. P. Samarati and S. Capitani di Vimercati. Access control: policies, models, and mechanisms. In R. Focardi and R. Gorrieri, editors, Foundations of Security Analysis and Design (FOSAD), volume 2171 of Lecture Notes in Computer Science, pages 137-196. FOSAD 2000, Bertinoro, Italy, Springer Verlag, Berlin, October 2001.
17. F. Siede, A. Cau, and H. Zedan. A compositional framework for access control policies enforcement. In Proceedings of the ACM Workshop on Formal Methods in Security Engineering, pages 32-42. FMSE 2003, Washington, DC, USA, ACM Press, October 2003.
18. A. S. Tanenbaum and M. Steen. Distributed Systems: Principles and Paradigms. Prentice Hall, Upper Saddle River, NJ, September 2002.
19. T. Y. C. Woo and S. S. Lam. Authorizations in distributed systems: A new approach. Journal of Computer Security, 2:107-136, 1993.
20. T. Yu, M. Winslett, and K. E. Seamons. Supporting structured credentials and sensitive policies through interoperable strategies for automated trust negotiation. ACM Transactions on Information and System Security (TISSEC), 6(1):1-42, February 2003.