Abstract
Trust management is a promising approach for the authorization in distributed environment. There are two key issues for a trust management system: how to design high-level policy language and how to solve the compliance-checking problem [3,4]. We adopt this approach to deal with distributed authorization with delegation. In this paper, we propose an authorization language \({\cal AL}\), a human-understandable high level language to specify various authorization policies. We define the semantics of \({\cal AL}\) through Answer Set Programming. Language \({\cal AL}\) has rich expressive power which can not only specify delegation, threshold structures addressed in previous approaches, but also represent structured resources and privileges, positive and negative authorizations, separation of duty, incomplete information reasoning and partial authorization and delegation. We also demonstrate the application of language \({\cal AL}\) through an authorization scenario.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Baral, C.: Knowledge Representation, Reasoning and Declarative Problem Solving. Cambridge University Press, Cambridge (2003)
Bertino, E., Buccafurri, F., Ferrari, E., Rullo, P.: A Logical Framework for Reasoning on Data Access Control Policies. In: Proceedings of the 12th IEEE Computer Security Foundations Workshop(CSFW-12), pp. 175–189. IEEE Computer Society Press, Los Alamitos (1999)
Blaze, M., Feigenbaum, J., Lacy, J.: Decentralized Trust Management. In: Proceedings of the Symposium on Security and Privacy, pp. 164–173. IEEE Computer Society Press, Los Alamitos (1996)
Blaze, M., Feigenbaum, J., Strauss, M.: Compliance-checking in the PolicyMaker trust management system. In: Hirschfeld, R. (ed.) FC 1998. LNCS, vol. 1465, pp. 254–274. Springer, Heidelberg (1998)
Blaze, M., Feigenbaum, J., Ioannidis, J., Keromytis, A.D.: The Role of Trust Management in Distributed Systems. In: Vitek, J. (ed.) Secure Internet Programming. LNCS, vol. 1603, pp. 185–210. Springer, Heidelberg (1999)
Jajodia, S., Samarati, P., Subrahmanian, V.S.: Flexible Support for Multiple Access Control Policies. ACM Transactions on Database Systems 26(2), 214–260 (2001)
Li, N., Feigenbaum, J., Grosof, B.N.: A logic-based knowledge representation for authorization with delegation (extended abstract). In: Proceedings of the IEEE Computer Security Foundations Workshop (CSFW-12), June, pp. 162–174. IEEE Computer Society Press, Los Alamitos
Li, N., Winsborough, W.H., Mitchell, J.C.: Distributed credential chain discovery in trust management. Journal of Computer Security 11(1), 35–86 (2003)
Li, N., Grosof, B.N., Feigenbaum, J.: Delegation Logic: A logic-based approach to distributed authorization. ACM Transactions on Information and System Security (TISSEC) (February 2003)
Syrjänen, T.: Lparse 1.0 User’s Mannual, http://www.tcs.hut.fi/Software/smodels
Wang, S., Zhang, Y.: Handling Distributed Authorization with Delegation through Answer Set Programming (2005) (manuscript)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Wang, S., Zhang, Y. (2005). A Formalization of Distributed Authorization with Delegation. In: Boyd, C., González Nieto, J.M. (eds) Information Security and Privacy. ACISP 2005. Lecture Notes in Computer Science, vol 3574. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11506157_26
Download citation
DOI: https://doi.org/10.1007/11506157_26
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-26547-4
Online ISBN: 978-3-540-31684-8
eBook Packages: Computer ScienceComputer Science (R0)