William H. Winsborough scite author profile

We introduce a simple Role-based Trust-management language RT 0 and a set-theoretic semantics for it. We also introduce credential graphs as a searchable representation of credentials in RT 0 and prove that reachability in credential graphs is sound and complete with respect to the semantics of RT 0 . Based on credential graphs, we give goal-directed algorithms to do credential chain discovery in RT 0 , both when credential storage is centralized and when credential storage is distributed. A goal-directed algorithm begins with an access-control query and searches for credentials relevant to the query, while avoiding considering the potentially very large number of credentials that are unrelated to the access-control decision at hand. This approach provides better expected-case performance than bottom-up algorithms. We show how our algorithms can be applied to SDSI 2.0 (the "SDSI" part of SPKI/SDSI 2.0).Our goal-directed, distributed chain discovery algorithm finds and retrieves credentials as needed. We prove that the algorithm is correct by proving that the algorithm is sound and complete with respect to the credential graph composed of the credentials it retrieves, and that the algorithm retrieves all credentials that constitute a traversable chain. We further introduce a storage type system for RT 0 , which guarantees traversability of chains when credentials are well typed. This type system can also help improve search efficiency by guiding search in the right direction, making distributed chain discovery with large number of credentials feasible. * An extended abstract of a preliminary version of this paper appeared in

show abstract

Automated trust negotiation

Winsborough

View full text Add to dashboard Cite

Distributed software subjects face the problem of determining one another's trustworthiness. The problem considered is managing the exchange of sensitive credentials between strangers for the purpose of property-based authentication and authorization. An architecture for trust negotiation between client and server is presented. The notion of a trust negotiation strategy is introduced and examined with respect to an abstract model of trust negotiation. Two strategies with very different properties are defined and rigorously analyzed. A language of credential expressions is presented, with two example negotiations illustrating the two negotiation strategies. Ongoing work on policies governing credential disclosure and trust negotiation is summarized. A prototype trust negotiation system has been constructed and is discussed.

show abstract

Beyond proof-of-compliance: security analysis in trust management

Mitchell

Winsborough

2005

J. ACM

138

146

View full text Add to dashboard Cite

Trust management is a form of distributed access control that allows one principal to delegate some access decisions to other principals. While the use of delegation greatly enhances flexibility and scalability, it may also reduce the control that a principal has over the resources it owns. Security analysis asks whether safety, availability, and other properties can be maintained while delegating to partially trusted principals. We show that in contrast to the undecidability of classical Harrison-RuzzoUllman safety properties, our primary security properties are decidable. In particular, most security properties we study are decidable in polynomial time. The computational complexity of containment analysis, the most complicated security property we study, varies according to the expressive power of the trust management language.A preliminary version of this article appeared in

show abstract

Towards practical automated trust negotiation

Winsborough¹,

156

127

View full text Add to dashboard Cite

Distributed credential chain discovery in trust management*

Winsborough²,

Mitchell

2003

JCS

217

View full text Add to dashboard Cite

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.