Core TuLiP

We propose CoreTuLiP - the core of a trust management language based on Logic Programming. CoreTuLiP is based on a subset of moded logic programming, but enjoys the features of TM languages such as RT; in particular clauses are issued by different authorities and stored in a distributed manner. We present a lookup and inference algorithm which we prove to be correct and complete w.r.t. the declarative semantics. CoreTuLiP enjoys uniform syntax and the well-established semantics and is expressive enough to model scenarios which are hard to deal with in RT

TuLip : reshaping trust management

In today’s highly distributed and heterogeneous world of the Internet, sharing resources has\ud become an everyday activity of every Internet user. We buy and sell goods over the Internet,\ud share our holiday pictures using facebook™, “tube” our home videos on You Tube™, and\ud exchange our interests and thoughts on blogs. We podcast, we are Linkedin™ to extend our\ud professional network, we share files over P2P networks, and we seek advice on numerous\ud on-line discussion groups. Although in most cases we want to reach the largest possible\ud group of users, often we realise that some data should remain private or, at least, restricted\ud to a carefully chosen audience. Access control is no longer the domain of computer security\ud experts, but something we experience everyday.\ud In a typical access control scenario, the resource provider has full control over the protected\ud resource. The resource provider decides who can access which resource and what\ud action can be performed on this resource. The set of entities that can access a protected resource\ud can be statically defined and is known a priori to the resource provider. Although still\ud valid in many cases, such a scenario is too restrictive today. The resource owner is not only\ud required, but often wants to reach the widest possible group of users, many of which remain\ud anonymous to the resource provider. A more flexible approach to access control is needed.\ud Trust Management is a recent approach to access control in which the access control decision\ud is based on security credentials. In a credential, the credential issuer states attributes\ud (roles, properties) of the credential subject. For the credentials to have the same meaning\ud across all the users, the credentials are written in a trust management language. A special\ud algorithm, called a compliance checker, is then used to evaluate if the given set of credentials\ud is compliant with the requested action on the requested protected resource. Finally, an\ud important characteristic of trust management is that every entity may issue credentials.\ud In the original approach to trust management, the credentials are stored at a well-known\ud location, so that the compliance checker knows where to search for the credentials. Another\ud approach is to let the users store the credentials. Storing the credentials in a distributed way\ud eliminates the single point of failure introduced by the centralised credential repository, but\ud now the compliance checker must know where to find the credentials. Another difficulty of\ud the distributed approach is that the design of a correct credential discovery algorithm comes\ud at the cost of limiting the expressive power of the trust management language.\ud In this thesis we show that it is possible to build a generic, open-ended trust management\ud system enjoying both a powerful syntax and supporting distributed credential storage. More\ud specifically, we show how to build a trust management system that has:\ud • a formal yet expressive trust management language for specifying credentials,\ud • a compliance checker for determining if a given authorisation request can be granted\ud given the set of credentials,\ud • support for distributed credential storage.\ud \ud We call our trust management system TuLiP (Trust management based on Logic Programming).\ud In the thesis we also indicate how to deploy TuLiP in a distributed content management\ud system (we use pictures as the content in our implementation). Using the same approach,\ud TuLiP can improve existing P2P content sharing services by providing a personalised, scalable,\ud and password-free access control method to the users. By decentralising the architecture,\ud systems like facebook™ or You Tube™ could also benefit from TuLiP. By providing\ud easy to use and scalable access control method, TuLiP can encourage sharing of private and\ud copyrighted content under a uniform and familiar user interface. Also Internet stores, often\ud deployed as a centralised system, can benefit from using the credential based trust management.\ud Here, TuLiP can facilitate the business models in which the recommended clients\ud and the clients of friendly businesses participate in customised customer rewarding programs\ud (like receiving attractive discounts). By naturally supporting co-operation of autonomous entities\ud using distributed credentials, we believe that TuLiP could make validation of business\ud relationships easier, which, in turn, could stimulate creation of new business models

Core TuLiP - Logic Programming for Trust Management

We propose CoreTuLiP - the core of a trust management language based on Logic Programming. CoreTuLiP is based on a subset of moded logic programming, but enjoys the features of TM languages such as RT; in particular clauses are issued by different authorities and stored in a distributed manner. We present a lookup and inference algorithm which we prove to be correct and complete w.r.t. the declarative semantics. CoreTuLiP enjoys uniform syntax and the well-established semantics and is expressive enough to model scenarios which are hard to deal with in RT

Trust Management in P2P Systems Using Standard TuLiP

In this paper we introduce Standard TuLiP - a new logic based Trust Management system. In Standard TuLiP, security decisions are based on security credentials, which can be issued by different entities and stored at different locations. Standard TuLiP directly supports the distributed credential storage by providing a sound and complete Lookup and Inference AlgoRithm (LIAR). In this paper we focus on (a) the language of Standard TuLiP and (b) on the practical considerations which arise when deploying the system. These include credential encoding, system architecture, system components and their functionality, and also the usability issues

Trust in Virtual Communities

The objective of our research in the context of the BSIK Freeband project I-SHARE is to provide a sophisticated trust management framework for virtual communities