13 research outputs found
Nonmonotonic Trust Management for P2P Applications
Community decisions about access control in virtual communities are
non-monotonic in nature. This means that they cannot be expressed in current,
monotonic trust management languages such as the family of Role Based Trust
Management languages (RT). To solve this problem we propose RT-, which adds a
restricted form of negation to the standard RT language, thus admitting a
controlled form of non-monotonicity. The semantics of RT- is discussed and
presented in terms of the well-founded semantics for Logic Programs. Finally we
discuss how chain discovery can be accomplished for RT-.Comment: This paper appears in the proceedings of the 1st International
Workshop on Security and Trust Management (STM 2005). To appear in ENTC
Shinren : Non-monotonic trust management for distributed systems
The open and dynamic nature of modern distributed systems and pervasive environments presents signiļ¬cant challenges to security management. One solution may be trust management which utilises the notion of trust in order to specify and interpret security policies and make decisions on security-related actions. Most trust management systems assume monotonicity where additional information can only result in the increasing of trust. The monotonic assumption oversimpliļ¬es the real world by not considering negative information, thus it cannot handle many real world scenarios. In this paper we present Shinren, a novel non-monotonic trust management system based on bilattice theory and the anyworld assumption. Shinren takes into account negative information and supports reasoning with incomplete information, uncertainty and inconsistency. Information from multiple sources such as credentials, recommendations, reputation and local knowledge can be used and combined in order to establish trust. Shinren also supports prioritisation which is important in decision making and resolving modality conļ¬icts that are caused by non-monotonicity
Core TuLiP
We propose CoreTuLiP - the core of a trust management language based on Logic Programming. CoreTuLiP is based on a subset of moded logic programming, but enjoys the features of TM languages such as RT; in particular clauses are issued by different authorities and stored in a distributed manner. We present a lookup and inference algorithm which we prove to be correct and complete w.r.t. the declarative semantics. CoreTuLiP enjoys uniform syntax and the well-established semantics and is expressive enough to model scenarios which are hard to deal with in RT
Two Semantics of Trust Management Language with Negation, Journal of Telecommunications and Information Technology, 2013, nr 4
The family of Role-based Trust management languages is used for representing security policies by defining a formalism, which uses credentials to handle trust in decentralized, distributed access control systems. A credential provides information about the privileges of users and the security policies issued by one or more trusted authorities. The main topic of this paper is RTā, a language which provides a carefully controlled form of non-monotonicity. The core part of the paper defines two different semantics of RTā language ā a relational, set-theoretic semantics for the language, and an inference system, which is a kind of operational semantics. The set-theoretic semantics maps roles to a set of entity names. In the operational semantics credentials can be derived from an initial set of credentials using a set of inference rules. The soundness and the completeness of the inference system with respect to the set-theoretic semantics of RTā will be proven
Two Extensions of Trust Management Languages, Journal of Telecommunications and Information Technology, 2020, nr 1
This article is focused on the family of role-based trust management languages (RT). Trust management languages are a useful method of representing security credentials and policies in large distributed access control mechanisms. They provide sets of credentials that are assigned to individual roles performed by the speciļ¬c entities. These credentials provide relevant information about security policies issued by trusted authorities and deļ¬ne user permissions. RT languages describe the individual entities and the roles that these entities play in a given environment. A set of credentials representing a given security policy deļ¬nes which entity has the necessary rights to access a speciļ¬c resource and which entity does not have such rights. This study presents the results of research focusing on the potential of the family of RT languages. Its purpose is to show how security policies may be applied more widely by applying an inference system, and then using the extensions of the credentials, by taking into account time-related information or the conditions imposed with regard to the validity of such credentials. Each of these extensions can be used jointly or separately, oļ¬ering even a wider range of opportunitie
GEM: a Distributed Goal Evaluation Algorithm for Trust Management
Trust management is an approach to access control in distributed systems
where access decisions are based on policy statements issued by multiple
principals and stored in a distributed manner. In trust management, the policy
statements of a principal can refer to other principals' statements; thus, the
process of evaluating an access request (i.e., a goal) consists of finding a
"chain" of policy statements that allows the access to the requested resource.
Most existing goal evaluation algorithms for trust management either rely on a
centralized evaluation strategy, which consists of collecting all the relevant
policy statements in a single location (and therefore they do not guarantee the
confidentiality of intensional policies), or do not detect the termination of
the computation (i.e., when all the answers of a goal are computed). In this
paper we present GEM, a distributed goal evaluation algorithm for trust
management systems that relies on function-free logic programming for the
specification of policy statements. GEM detects termination in a completely
distributed way without disclosing intensional policies, thereby preserving
their confidentiality. We demonstrate that the algorithm terminates and is
sound and complete with respect to the standard semantics for logic programs.Comment: To appear in Theory and Practice of Logic Programming (TPLP
GEM: a Distributed Goal Evaluation Algorithm for Trust Management
ABSTRACT Trust Management (TM) is an approach to distributed access control where access decisions are based on policy statements issued by multiple principals and stored in a distributed manner. Most of the existing goal evaluation algorithms for TM either rely on a centralized evaluation strategy, which consists of collecting all the relevant policy statements in a single location (and therefore they do not guarantee the confidentiality of intensional policies), or do not detect the termination of the computation (i.e., when all the answers of a goal are computed). In this paper we present GEM, a distributed goal evaluation algorithm for TM systems. GEM detects termination in a completely distributed way without the need of disclosing intensional policies, thereby preserving their confidentiality. We demonstrate that the algorithm terminates and is sound and complete w.r.t. the standard semantics for logic programs
Interim research assessment 2003-2005 - Computer Science
This report primarily serves as a source of information for the 2007 Interim Research Assessment Committee for Computer Science at the three technical universities in the Netherlands. The report also provides information for others interested in our research activities