A method for access authorisation through delegation networks

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

A method for access authorisation through delegation networks

Full text

Pdf (251 KB)

Source

ACM International Conference Proceeding Series; Vol. 167 archive
Proceedings of the 2006 Australasian workshops on Grid computing and e-research - Volume 54 table of contents

Hobart, Tasmania, Australia

Pages: 165 - 174

Year of Publication: 2006

ISBN ~ ISSN:1445-1336 , 1-920-68236-8

Authors

Audun Jøsang	School of Software Engineering and Data Communications, QUT, Brisbane, Australia
Dieter Gollmann	Distributed Systems Security Group, Hamburg University of Technology, Germany
Richard Au	School of Software Engineering and Data Communications, QUT, Brisbane, Australia

Publisher

Australian Computer Society, Inc. Darlinghurst, Australia, Australia

Bibliometrics

Downloads (6 Weeks): 11, Downloads (12 Months): 53, Citation Count: 1

Additional Information:

abstract references cited by index terms collaborative colleagues

Tools and Actions:	Review this Article Save this Article to a Binder Display Formats: BibTex EndNote ACM Ref

ABSTRACT

Owners of systems and resources usually want to control who can access them. This must be based on having a process for authorising certain parties, combined with mechanisms for enforcing that only authorised parties are actually able to access those systems and resources. In distributed systems, the authorisation process can include negative authorisation (e.g. black listing), and delegation of authorisation rights, which potentially can lead to conflicts. This paper describes a method for giving authorisations through a delegation network, and where each delegation and authorisation is expressed in the form of a belief measure. An entity's total authorisation for a given resource object and access type can be derived by analysing the delegation network using subjective logic. Access decisions are made by comparing the derived authorisation measure with required threshold levels, which makes authorisations non-categorical. By setting the threshold level higher than the assigned measure of a single authorisation, it is possible to require multiple authorisations for accessing specifc resources. The model is simple, intuitive and algebraic.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	[1] I. Agudo, J. Lopez, and J.A. Montenegro. A Representation Model of Trust Relationships Supporting Delegation. In Nikolau C., editor, The Proceedings of the Third International Conference on Trust Management , Paris, May 2005.
	2	Richard Au , Harikrishna Vasanta , Kim-Kwang Raymond Choo , Mark Looi, A user-centric anonymous authorisation framework in e-commerce environment, Proceedings of the 6th international conference on Electronic commerce, October 25-27, 2004, Delft, The Netherlands [doi>10.1145/1052220.1052238]
	3	Matt Blaze , Joan Feigenbaum , Angelos D. Keromytis, KeyNote: Trust Management for Public-Key Infrastructures (Position Paper), Proceedings of the 6th International Workshop on Security Protocols, p.59-63, April 15-17, 1998
	4	Matt Blaze , Joan Feigenbaum , Jack Lacy, Decentralized Trust Management, Proceedings of the 1996 IEEE Symposium on Security and Privacy, p.164, May 06-08, 1996
	5	Matt Blaze , Joan Feigenbaum , Martin Strauss, Compliance Checking in the PolicyMaker Trust Management System, Proceedings of the Second International Conference on Financial Cryptography, p.254-274, February 23-25, 1998
	6	Piero Bonatti , Sabrina De Capitani di Vimercati , Pierangela Samarati, An algebra for composing access control policies, ACM Transactions on Information and System Security (TISSEC), v.5 n.1, p.1-35, February 2002 [doi>10.1145/504909.504910]
	7	Silvana Castano , Maria Grazia Fugini , Giancarlo Martella , Pierangela Samarati, Database security, ACM Press/Addison-Wesley Publishing Co., New York, NY, 1995
	8	Bruce Christianson , William S. Harbison, Why Isn't Trust Transitive?, Proceedings of the International Workshop on Security Protocols, p.171-176, April 10-12, 1996
	9	Yang-Hua Chu , Joan Feigenbaum , Brian LaMacchia , Paul Resnick , Martin Strauss, Referee: trust management for Web applications, World Wide Web Journal, v.2 n.3, p.127-139, Summer 1997
	10	[10] M.H. DeGroot and M.J. Schervish. Probability and Statistics (3rd Edition). Addison-Wesley, 2001.
	11	Nathan Dimmock , András Belokosztolszki , David Eyers , Jean Bacon , Ken Moody, Using trust and risk in role-based access control policies, Proceedings of the ninth ACM symposium on Access control models and technologies, June 02-04, 2004, Yorktown Heights, New York, USA [doi>10.1145/990036.990062]
	12	[12] C. Ellison et al. RFC 2693 - SPKI Certification Theory. IETF, September 1999. url: http://www.ietf.org/rfc/rfc2693.txt.
	13	[13] W. Essmayr, F. Kastner, G. Pernul, S. Preishuber, and A. Tjoa. Access Controls for Federated Database Environments. In roc. Joint IFIP TC 6 & TC 11 Working Conf. on Communications and Multimedia Security, Graz 1995.
	14	[14] P. Flocchini and F.L. Luccio. Routing in Series Parallel Networks. Theory of Computing Systems, 36(2):137-157, 2003.
	15	[15] T. Grandison and M. Sloman. A Survey of Trust in Internet Applications. IEEE Communications Surveys and Tutorials, 3, 2000.
	16	[16] ITU. Recommendation X.509 v3, The Directory: Authentication Framework (also known as ISO/IEC 9594-8. International Telecommunications Union, Telecommunication Standardization Sector(ITU-T), June 1997.
	17	Sushil Jajodia , Pierangela Samarati , V. S. Subrahmanian , Eliza Bertino, A unified framework for enforcing multiple access control policies, ACM SIGMOD Record, v.26 n.2, p.474-485, June 1997
	18	Audun Jøsang, A logic for uncertain probabilities, International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems, v.9 n.3, p.279-311, June 2001
	19	[19] A. Jøsang, E. Gray, and M. Kinateder. Simplification and Analysis of Transitive Trust Networks (to appear). Web Intelligence and Agent Systems, 00(00):00-00, 2005.
	20	[20] A. Jøsang, R. Ismail, and C. Boyd. A Survey of Trust and Reputation Systems for Online Service Provision (to appear). Decision Support Systems, 00(00):00-00, 2006.
	21	[21] A. Jøsang, C. Keser, and T. Dimitrakos. Can We Manage Trust? In P. Herrmann et al., editors, Proceedings of the Third International Conference on Trust Management (iTrust), Versailes, May 2005.
	22	[22] A. Jøsang and D. McAnally. Multiplication and Co-multiplication of Beliefs. International Journal of Approximate Reasoning, 38(1):19-51, 2004.
	23	Audun Jøsang , Simon Pope, Semantic constraints for trust transitivity, Proceedings of the 2nd Asia-Pacific conference on Conceptual modelling, p.59-68, January 01, 2005, Newcastle, New South Wales, Australia
	24	[24] A. Jøsang, S. Pope, and M. Daniel. Conditional deduction under uncertainty. In Proceedings of the 8th European Conference on Symbolic and Quantitative Approaches to Reasoning with Uncertainty (ECSQARU 2005), 2005.
	25	Sepandar D. Kamvar , Mario T. Schlosser , Hector Garcia-Molina, The Eigentrust algorithm for reputation management in P2P networks, Proceedings of the 12th international conference on World Wide Web, May 20-24, 2003, Budapest, Hungary [doi>10.1145/775152.775242]
	26	Ninghui Li , John C. Mitchell , William H. Winsborough, Design of a Role-Based Trust-Management Framework, Proceedings of the 2002 IEEE Symposium on Security and Privacy, p.114, May 12-15, 2002
	27	[27] G. Mahoney, W. Myrvold, and G.C. Shoja. Generic Reliability Trust Model. In A. Ghorbani and S. Marsh, editors, Proceedings of the 3rd Annual Conference on Privacy, Security and Trust, St.Andrews, New Brunswick, Canada, October 2005.
	28	[28] OASIS. eXtensible Access Control Markup Language (XACML) Version 1.0 3. Organization for the Advancement of Structured Information Standards, 18 February 2003.
	29	Mark O'Neill, Web Services Security, Osborne, 2002
	30	[30] L. Page, S. Brin, R. Motwani, and T. Winograd. The PageRank Citation Ranking: Bringing Order to the Web. Technical report, Stanford Digital Library Technologies Project, 1998.
	31	[31] Simon Pope and Audun Jøsang. Analsysis of Competing Hypotheses using Subjective Logic. In Proceedings of the 10th International Command and Control Research and Technology Symposium (IC-CRTS) . United States Department of Defense Command and Control Research Program (DoDCCRP), 2005.
	32	Chun Ruan , Vijay Varadharajan, Resolving Conflicts in Authorization Delegations, Proceedings of the 7th Australian Conference on Information Security and Privacy, p.271-285, July 03-05, 2002
	33	[33] C. Ruan and V. Varadharajan. A Weighted Graph Approach to Authorization Delegation and Conflict Resolution. In H. Wang et al., editors, Proceedings of the 9th Australasian Conference on Information Security and Privacy. Springer, 2004.
	34	[34] R.S. Sandhu and P. Samarati. Access Control: Principles and Practice. IEEE Communications Magazine , 32(9):40-48, 1994.
	35	[35] B. Shand, N. Dimmock, and J. Bacon. Trust for Ubiquitous, Transparent Collaboration. In Proceedings of the 2nd UK-UbiNet Workshop, Cambridge, May 2004.
	36	[36] Walt Teh-Ming Yao. Trust Management for Widely Distributed Systems. PhD thesis, University of Cambridge, 2003.