N. Li, B.N. Grosof, and J. Feigenbaum. A practically implementable and tractable delegation logic. In Proc. of the IEEE Symposium on Security and Privacy, pages 27-42, Oakland, CA, 2000.  Home/Search   Document Details and Download   Summary   Related Articles   Check

....The system included support for credential chains, credential combinations, and a compliance checker that determined all minimal sets of credentials satisfying a policy. The development of role based trust management languages RT 0 and RT 1 is in progress [11] a follow on to Delegation Logic [12]. RT 0 supports credential graphs and an approach to the credential chain discovery problem that allows credentials to be stored with subjects or issuers, and for credential gathering to take place in a top down or bottom up fashion. We will explore the RT languages suitability for trust ....

N. Li, B. N. Grosof, and J. Feigenbaum, "A Practically Implementable and Tractable Delegation Logic," IEEE Symposium on Security and Privacy, Oakland, May 2000.

....security requirements [3] Finally, it is hard to localize authorization with static ACLs. In order to solve above problems, researchers have developed techniques, namely authorization certification (AC) 4] trust management system [1] and logical programming and knowledge representation [6] for describing certificate delegation among applications. Our prototype extends these techniques by writing general authorization policies in certificates in a form of rules or facts and deploying the certificates to the resource owners and requesters to implement distributed discretionary access ....

....with the declarative semantics of the language and turned into a logical program. Compliance checking is conducted by executing the program with the procedural semantics of the language. Access control can be achieved for each request, which becomes a query, through compliance checking process [1, 6]. 3.1 Layer model The CBASS is a system built with Java and Prolog upon the Unix environment. Figure 2. Layer model of CBASS Certificate subject Is . Can do . issuer signature Unix environment CBASS environment CBASS applications Legacy In the Figure 2, the system consists of ....

N. Li, B. Grosof, and J. Feigenbaum, "A Practically Implement able and Tractable Delegation Logic", In Proc. of the 21st IEEE Symposium on Security and Privacy, Oakland CA, May 2000, Available at: http://cs1.cs.nyu.edu/ninghui/

....two approaches to applying logic programming when writing policies. One approach is to develop an authorization specific language which is a subset superset of general logic program. There is a lot of work on this track. For instances, Li et al. have specified a logical language for delegation [16]; Jajodia designed a general language for access control policies [14] Woo and Lam have proposed a superset propositional language to describe authorization policies [27] Grosof and labrou have designed a priority language to handle policies with conflicts [Gro97] One advantage of this approach ....

N. Li, B. Grosof, and J. Feigenbaum, "A Practically Implement able and Tractable Delegation Logic", In Proc. of the 21st IEEE Symposium on Security and Privacy, Oakland CA, May 2000, Available at: http://cs1.cs.nyu.edu/ninghui/

....the domain. This language, though a step in the right direction, is complicated because it consists of a large set of interdependent rules that the user has to fully understand in order to use. ASL does not provide explicit protocols for delegation or address delegation of obligations. Li et al. [11, 12] define a language and protocol for delegation based access control, which tends to focus on authorization based on properties of entities. It specifies a language for authorization in open systems, which allows policies, credentials and requests to be represented uniformly. This logic language ....

Ninghui Li, Benjamin N. Grosof, and Joan Feigenbaum. A practically implementable and tractable delegation logic. In In Proceedings of IEEE Symp. on Security and Privacy, held Oakland, CA, USA, May 2000.

....6.4 Idemix, Trust Management and AttributeBased Access Control Decentralized trust management, a term introduced by Blaze, Feigenbaum and Lacy [4] deals with access control and authorization in distributed environments. Di#erent trust management systems and languages have been proposed, e.g. [3, 21, 20, 19, 23, 22, 15]; a credential or certificate modeled by those systems binds a public key to attributes and or authorizations. Access control and trust establishment policies controlled by resource owners allow authorization decisions based on these attributes and authorizations, or on derived role assignments. ....

N. Li, B. Grosof, and J. Feigenbaum. A practically implementable and tractable delegation logic. In "Proceedings of the 2000.

....a difficult problem of knowing what information sources (e.g. documents, web pages, agents) to believe and trust in an open, distributed and dynamic world, and how to integrate and fuse potentially contradictory information. DAML can be used to support distributed trust and reputation management [16, 19, 20]. This will form the basis of a logic for distributed belief transfer that will enable more sophisticated, semantically driven rule based techniques for information integration and fusion. We are making use of DAML s expressiveness and employing it to describe security policies, credentials and ....

Ninghui Li and BBenjamin Grosof. A practically implementable and tractable delegation logic. IEEE Symposium on Security and Privacy, May 2000.

....face a difficult problem of knowing what information sources (e.g. documents, web pages, agents) to believe and or trust in an open, distributed and dynamic world, and how to integrate potentially contradictory information. DAML can be used to support distributed trust and reputation management [13, 15], by forming the basis of a logic for distributed belief transfer that will enable more sophisticated, semanticallydriven rule based techniques for information integration and fusion. We are making use of DAML s expressiveness by employing it to describe security policies, credentials and trust ....

Ninghui Li and BBenjamin Grosof. A practically implementable and tractable delegation logic. IEEE Symposium on Security and Privacy, May 2000.

....required for emerging dynamic multi agent systems that consists of an extremely large number of agents that are spread over a large geographic area [11] like the agentcities project 1 . Hence we argue that it no longer makes sense to divide authorization into authentication and access control [16, 14]. We propose a security framework for multi agent systems which is based on distributed trust management. Distributed trust management involves proving that an agent has the ability to access some This work was supported by NSF Awards IIS 9875433 and CCR 0070802, and the Defense Advanced Research ....

Ninghui Li, Benjamin N. Grosof, and Joan Feigenbaum. A Practically Implementable and Tractable Delegation Logic. In Proceedings of IEEE Symp. on Security and Privacy, held Oakland, CA, USA, May 2000.

....distributed. We introduce a type system for credential storage that guarantees well typed, distributed credential chains can be discovered. 1. INTRODUCTION Several trust management systems have been proposed in recent years, e.g. SPKI SDSI [10] PolicyMaker [3, 4] KeyNote [2] Delegation Logic [15]. These systems are based on the notion of delegation, whereby one entity gives some of its authority to other entities. The process of making access control decisions involves finding a delegation chain from the source of authority to the requester. Thus, a central problem in trust management is ....

....# # # # # # # # # # # # # # # Readers familiar with Simple Distributed Security Infrastructure (SDSI) 8, 10] may notice the similarity between RT0 and SDSI s name certificates. Indeed, our design is heavily influenced by existing trust management systems, especially SDSI and Delegation Logic (DL) [15]. RT0 can be viewed as an extension to SDSI 2.0 or a syntactically sugared version of a subset of DL. The arrows in RT0 credentials are the reverse direction of those in SPKI SDSI. We choose to use this direction to be consistent with an underlying logic programming reading of credentials and with ....

Ninghui Li, Benjamin N. Grosof, and Joan Feigenbaum. A Practically Implementable and Tractable Delegation Logic. In Proceedings of the

....48, December 2000. SY2000 [34] Detlef Schoder and Pai Ling Yin. Building firm trust online. Communications of the ACM, 43(12) 73 79, December 2000. 7 SHN2000 [35] Ben Shneiderman. Designing trust into online experiences. Communications of the ACM, 43(12) 57 59, December 2000. Ske1998 [36] P.J. Skevington. From security to trust creating confidence to trade electronically. In Proceedings of the IEE Colloquium eCommerce Trading but not as we know it , pages 6 1 6, 3 Nov. 1998. TF1999 [37] S. Tseng and B. J. Fogg. Credibility and Computing Technology. Communications of the ACM, ....

Ninghui Li, Benjamin Grosof, and Joan Feigenbaum. A Practically Implementable and Tractable Delegation Logic. In Proceedings of the

....a difficult problem of knowing what information sources (e.g. documents, web pages, agents) to believe and trust in an open, distributed and dynamic world, and how to integrate and fuse potentially contradictory information. DAML can be used to support distributed trust and reputation management [25, 31, 32]. This will form the basis of a logic for distributed belief transfer that will enable more sophisticated, semantically driven rule based techniques for information integration and fusion. We are making use of DAML s expressiveness and employing it to describe security policies, credentials and ....

Ninghui Li and BBenjamin Grosof. A practically implementable and tractable delegation logic. IEEE Symposium on Security and Privacy, May 2000.

....know the requester better; normally, the authorizer trusts these third parties only for certain things and only to certain degrees. This trust and delegation aspect makes distributed authorization different from traditional access control. The goal of a growing body of work on trust manage1 ment [9, 11, 12, 13, 20, 24, 25, 49, 50] is to find a more expressive and distributed approach to authorization in these scenarios. In the trust management view of distributed authorization, a requester submits a request, possibly supported by a set of credentials issued by other parties, to an au thorizer, who controls the ....

....code (e.g. Java applets [3] and ActiveX controls [17] content advising [64] privacy protection [75, 76] remote resource sharing, etc. Authorization in these applications is significantly different from traditional authorization. The goal of a growing body of work on trust management [9, 11, 12, 13, 20, 24, 25, 49, 50] is to find a more expressive and distributed approach to authorization in these scenarios. In the rest of this chapter, we first give some background information on authentication and access control, then motivate and describe the trust management approach. See [57] for a comprehensive ....

[Article contains additional citation context not shown here]

Ninghui Li, Benjamin N. Grosof, and Joan Feigenbaum, "A Practically Implementable and Tractable Delegation Logic," in Proceedings of the 2000.

....can specify what attributes are required to access a resource and other conditions of access, such as time or auditing requirements. There are good reasons to prefer TM languages that are declarative and have a formal foundation. Several TM languages are based on Datalog, e.g. Delegation Logic [14, 13], the RT (Role based Trust management) framework [15, 16] SD3 (Secure Dynamically Distributed Datalog) 10] and Binder [6] However, Datalog has limitations as a foundation of TM languages. One significant limitation is the inability to describe structured resources. For example, a project ....

Ninghui Li, Benjamin N. Grosof, and Joan Feigenbaum. A practically implementable and tractable Delegation Logic. In Proceedings of the 2000 IEEE Symposium on Security and Privacy, pages 27--42. IEEE Computer Society Press, May 2000. 15

No context found.

Ninghui Li, Benjamin N. Grosof, and Joan Feigenbaum. A practically implementable and tractable Delegation Logic. In Proceedings of the 2000.

No context found.

Ninghui Li, Benjamin N. Grosof, and Joan Feigenbaum. A practically implementable and tractable Delegation Logic. In Proceedings of the 2000.

....and Communications Security (CCS 8) pages 156 165, ACM Press, November 2001. 1 Introduction Several trust management (TM) systems have been proposed in recent years to address authorization in decentralized environments, e.g. SPKI SDSI [6, 8] PolicyMaker [3, 4] KeyNote [2] Delegation Logic [14, 16]. These systems are based on the notion of delegation, whereby one entity gives some of its authority to other entities. The process of making access control decisions involves finding a chain of credentials that delegates the authority from the source to the requester. Thus, a central problem in ....

....meanings than simply binding names to public keys. A TM credential chain is often a graph, rather than a linear path. In this paper, we address the credential chain discovery problem (the discovery problem for short) in TM systems. Almost all existing work addressing the discovery problem ([2, 4, 6, 14, 16]) assumes that one has already gathered all the potentially relevant credentials in one place and does not consider how to gather these credentials. The assumption that all credentials are stored in one place is at odds with the tenet of trust management. Since trust management is for ....

[Article contains additional citation context not shown here]

Ninghui Li, Benjamin N. Grosof, and Joan Feigenbaum. A practically implementable and tractable Delegation Logic. In Proceedings of the 2000.

....[11] one cannot express inference of attributes or attribute based delegation. SDSI 1.0 or even SPKI SDSI 2.0 do not support attribute fields. Neither TPL [15] nor the language in [4] supports delegation of authority over arbitrary attributes. Although one can use Delegation Logic (DL) [17, 19] to express all of the above, it is not very convenient. Through a basic attribute credential, a designated issuer should be able to express the judgement that a subject has a certain attribute. A basic certificate in DL has only an issuer and a statement. Although one can encode the subject and ....

Ninghui Li, Benjamin N. Grosof, and Joan Feigenbaum. A practically implementable and tractable delegation logic. In Proceedings of the 2000.

....is to appear in ACM Conference on Computer and Communication Security (CCS 01) November 5 8, 2001, Philadelphia, Pennsylvania, USA. 1 1 Introduction Several trust management systems have been proposed in recent years, e.g. SPKI SDSI [10] PolicyMaker [3, 4] KeyNote [2] Delegation Logic [16]. These systems are based on the notion of delegation, whereby one entity gives some of its authority to other entities. The process of making access control decisions involves finding a delegation chain from the source of authority to the requester. Thus, a central problem in trust management is ....

....# # # # # # # Readers familiar with Simple Distributed Security Infrastructure (SDSI) 8, 10] may notice the similarity between RT 0 and SDSI s name certificates. Indeed, our design is heavily influenced by existing trust management systems, especially SDSI and Delegation Logic (DL) [16]. RT 0 can be viewed as an extension to SDSI 2.0 or a syntactically sugared version of a subset of DL. The arrows in RT 0 credentials are the reverse direction of those in SPKI SDSI. We choose to use this direction to be consistent with an underlying logic programming reading of credentials and ....

Ninghui Li, Benjamin N. Grosof, and Joan Feigenbaum. A Practically Implementable and Tractable Delegation Logic. In Proceedings of the

No context found.

N. Li, B.N. Grosof, and J. Feigenbaum. A practically implementable and tractable delegation logic. In Proc. of the IEEE Symposium on Security and Privacy, pages 27-42, Oakland, CA, 2000.

No context found.

N. Li, B. N. Grosof, and J. Feigenbaum, "A Practically Implementable and Tractable Delegation Logic," IEEE Symposium on Security and Privacy, Oakland, May 2000.

No context found.

Li, N., Grosof, B., and Feigenbaum, J. 2000. A Practically Implementable and Tractable Delegation Logic. In IEEE Symposium on Security and Privacy.Berkeley, California.

No context found.

N. Li, B. Grosof, and J. Feigenbaum. A practically implementable and tractable delegation logic. In Proceedings of the 2000.

No context found.

N. Li, B. N. Grosof, and J. Feigenbaum. A Practically Implementable and Tractable Delegation Logic. In Proceedings of IEEE Symp. on Security and Privacy, held Oakland, CA, USA, May 2000.

No context found.

Ninghui Li, Benjamin Grosof, and Joan Feigenbaum. A practically implementable and tractable delegation logic. In IEEE Conference on Security and Privacy. IEEE Press, 2000. 3

No context found.

Ninghui Li, Benjamin N. Grosof, and Joan Feigenbaum "A Practically Implementable and Tractable Delegation Logic", In: Proc. of IEEE Symp. on Security and Privacy, held Oakland, CA, USA, May 2000.

First 50 documents

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC