Credential revocation in the RT Framework

• Autorzy: Pikulski W. , Sacha K.
• Języki publikacji: EN

Abstrakty

EN

The paper is focused on nonmonotonicity in trust management models which provide access control mechanisms for distributed systems. The work explains what decentralised systems are, defines a notion of security model nonmonotonicity, presents its types and points out factors that causes trust management model to become nonmonotonic. A result of this analysis is a model for credential revocation in the RT Framework trust management model. When security model allows for credential revocation, it becomes nonmonotonic. Presented model allows to turn it to be temporally monotonic. It allows policy authors to define constraints for roles, and applies those values to credentials. When credential does not comply to defined requirements, it is disregarded. A model is evaluated against sample scenario, which demonstrates how it can be applied to real-life use cases.

Słowa kluczowe

EN

Software security; trust management; credential revocation; RT Framework; nonmonotonicity; credential chain; credential graph; freshness constraints; freshness graph

• Wydawca: Foundation for Young Scientists
• Czasopismo: Challenges of Modern Technology
• Rocznik: 2013
• Tom: Vol. 4, no. 3
• Strony: 16--22
• Opis fizyczny: Bibliogr. 9 poz., tab., rys.

Twórcy

autor

Pikulski W.

• Institute of Control and Computation Engineering, Warsaw University of Technology, Warsaw, Poland

autor

Sacha K.

• Institute of Control and Computation Engineering, Warsaw University of Technology, Warsaw, Poland

Bibliografia

• [1] Blaze, M., Feigenbaum J., Ioannidis J., and Angelos D. Ke - romytis. The KeyNote trust-management system, version 2. IETF RFC 2704, September 1999.
• [2] Blaze, M., Feigenbaum, J., Strauss, M.: Compliance Checking in the PolicyMaker Trust Management System. In: 2nd International Conference on Financial Cryptography, pp. 254-274,1998
• [3] Li, N., Mitchell, J., Winsborough, W.: Design of a Role-Based Trust-Management Framework. In: IEEE Symposium on Security and Privacy, IEEE Computer Society Press, pp. 114-130,2002
• [4] Changyu D, Naranker D,Shinren: Non-monotonic Trust Management for Distributed Systems; Proc. IFIP Advances in Information and Communication Technology, 2010
• [5] Czenko, M., Ha T., Jeroen D., Sandro E., Pieter H., Jerry d.H., Nonmonotonic Trust Management for P2P Applications, Electronic Notes in Theoretical Computer Science (ENTCS) archive, Volume 157 Issue 3, May, Pages 113-130, 2006
• [6] SkalkaC, Wang XS, Chapin PC, Risk management for distributed authorization, Journal of Computer Security, 15, 447-489, 2007
• [7] Pikulski W, Sacha K, Freshnessconstraints in the RT Framework, Proceedings of the 8th International Conference on Dependability and Complex Systems DepCoS-RELCOMEX, September 9-13, Brunów, Poland, 2013
• [8] Czenko, M., Etalle, S., Li, D., Winsborough, W.: An Introduction to the Role Based Trust Management Framework RT. LNCS vol. 4677, pp. 246—281, Springer, Heidelberg,2007
• [9] Li, N., Feigenbaum, J. Syverson, P. F. (Ed.) Nonmonotonicity, User Interfaces, and Risk Assessment in Certificate Revocation Financial Cryptography, Springer, 2001, 2339, 157-168