Design of a role-based trust management framework (2002) [135 citations — 22 self]

Download:
pdf | ps

by Ninghui Li, John C. Mitchell, William H. Winsborough

In Proceedings of the 2002 IEEE Symposium on Security and Privacy

http://theory.stanford.edu/people/jcm/papers/rt_ieeesp02.ps

Add To MetaCart

Popular Tags

No tags have been applied to this document.

BibTeX | Add To MetaCart

@INPROCEEDINGS{Li02designof,
    author = {Ninghui Li and John C. Mitchell and William H. Winsborough},
    title = {Design of a role-based trust management framework},
    booktitle = {In Proceedings of the 2002 IEEE Symposium on Security and Privacy},
    year = {2002},
    pages = {114--130},
    publisher = {IEEE Computer Society Press}
}

Years of Citing Articles

Abstract:

We introduce the RT framework, a family of Rolebased Trust-management languages for representing policies and credentials in distributed authorization. RT combines the strengths of role-based access control and trustmanagement systems and is especially suitable for attributebased access control. Using a few simple credential forms, RT provides localized authority over roles, delegation in role definition, linked roles, and parameterized roles. RT also introduces manifold roles, which can be used to express threshold and separation-of-duty policies, and delegation of role activations. We formally define the semantics of credentials in the RT framework by presenting a translation from credentials to Datalog rules. This translation also shows that this semantics is algorithmically tractable. 1

Citations

634	Role-Based Access Control Models – Feinstein, Sandhu, et al. - 1996
570	Decentralized Trust Management – Blaze, Feigenbaum, et al. - 1996
284	Wilson:A Comparison of Commercial and Military Computer Security Policies – Clark, David - 1987
236	A calculus for access control in distributed systems – Abadi, Burrows, et al. - 1993
232	H.: Linear-time algorithms for testing the satisfiability of propositional Horn formulae – Dowling, Gallier - 1984
218	The Chinese Wall security policy – Brewer, Nash - 1989
186	The KeyNote Trust-Management System Version 2 – Blaze, Feigenbaum, et al. - 1999
110	Automated trust negotiation – WINSBOROUGH, SEAMONS, et al. - 2000
108	Delegation logic: A logic-based approach to distributed authorization – Li, Grosof, et al. - 2003
106	Access control meets public key infrastructure, or: Assigning roles to strangers – Herzberg, Mass, et al. - 2000
102	An Internet Attribute Certificate Profile for Authorization. Internet RFC 3281 – Farrell, Housley - 2002
102	Distributed Credential Chain Discovery – Li, Winsborough, et al. - 2001
70	Certificate chain discovery in SPKI/SDSI – CLARKE, ELIEN, et al. - 2001
65	Regulating service access and information release on the web – BONATTI, SAMARATI
56	Towards practical automated trust negotiation – WINSBOROUGH, LI
31	A Practically Implementable and Tractable Delegation Logic – Li, Grosof, et al. - 2000
28	Role Templates for Content-Based Access Control – Giuri, Iglio - 1997
21	Efficient access mechanisms for tabled logic programs – Ramakrishnan, Rao, et al. - 1999
18	Reconciling role based managment and role based access control – Lupu, Sloman - 1997
12	When is the evaluation of conjunctive queries tractable – Grohe, Schwentick, et al. - 2001
10	A comparision of commercial and military computer security policies – Clark, Wilson - 1987
6	SD3: a trust management system with certificate evaluation – Jim - 2001
6	and Mary Ellen Zurko. Separation of duty in role-based environments – Simon - 1997
2	user interfaces, and risk assessment in certificate revocation (position paper – Nonmonotonicity - 2001
2	Towards practical automated trust negotiation. To appear – Winsborough, Li - 2002

View or Download | Add to My Collection | Correct Errors