Nothing Special   »   [go: up one dir, main page]
Skip to main content
Springer Nature Link
Log in

Towards More Controllable and Practical Delegation

  • Conference paper
Computer Network Security (MMM-ACNS 2005)

Part of the book series: Lecture Notes in Computer Science ((LNCCN,volume 3685))

  • 856 Accesses

Abstract

Delegation is essential to the flexibility and scalability of trust management systems. But unrestricted delegation may result in privilege proliferation and breach the privacy of information systems. The delegation models of existing trust management systems can not avoid privilege transition, and being lack of effective constraints on delegation propagation, which may easily lead to privilege proliferation. In this paper, we propose a generalized constrained delegation model (GCDM), which uses typed privileges to control potential privilege transition, and restricts the propagation scope of delegation trees by a novel delegation constraint mechanism named spacial constraints. This paper also designs a rule-based trust management language named REAL05 to express the policies and semantics for GCDM. REAL05 supports flexible delegation policies while can control the potential privilege proliferation in subsequent delegations. Comprehensive samples and simulation results show that our approach is more controllable and practical.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Neumann, B.C.: Proxy-Based Authorization and Accounting for Distributed Systems. In: Proceedings of the 13th International Conference on Distributed Computing Systems, Pittsburgh, PA (May 1993)

    Google Scholar 

  2. Lampson, B., Abadi, M., Burrows, M., Wobber, E.: Authentication in distributed systems: Theory and practice. ACM Transactions on Computer Systems 10(4), 265–310 (1992)

    Article  Google Scholar 

  3. Firozabadi, B.S., Sergot, M., Bandmann, O.: Using Authority Certificates to Create Management Structures. In: Proceeding of Security Protocols, 9th International Workshop, Cambridge, April 2001. Springer, Heidelberg (2001) (in press)

    Google Scholar 

  4. Ellison, C.M., Frantz, B., Lampson, B., Rivest, R., Thomas, B.M., Ylonen, T.: SPKI Certificate Theory. IETF RFC 2693 (1998)

    Google Scholar 

  5. Intelligent Systems Laboratory, Swedish Institute of Computer Science, SICStus Prolog User’s Manual, Release 3.11.1 (February 2004)

    Google Scholar 

  6. Sollins, K.R.: Cascaded Authentication. In: Proceedings of the 1988 IEEE Symposium on Research in Security and Privacy, pp. 156–163 (April 1988)

    Google Scholar 

  7. Blaze, M., Feigenbaum, J., Lacy, J.: Decentralized trust management. In: Proceedings of 17th Symposium on Security and Privacy, Oakland, pp. 164–173. IEEE, Los Alamitos (1996)

    Google Scholar 

  8. Blaze, M., Feigenbaum, J., loannidis, J., Keromytis, A.D.: The KeyNote trust management system, version 2. IETF RFC 2704 (September 1999)

    Google Scholar 

  9. Schroeder, M.D., Saltzer, J.H.: The protection of information in computer systems. IEEE 63(9), 1278–1308 (1975)

    Article  Google Scholar 

  10. Becker, M.Y., Sewell, P.: Cassandra: Flexible Trust Management. In: Applied to Electronic Health Records Proceedings of the 17th IEEE Computer Security Foundations Workshop (CSFW 2004) (2004)

    Google Scholar 

  11. Li, N., Grosof, B.N., Feigenbaum, J.: Delegation logic: A logic-based approach to distributed authorization. ACM Transaction on Information and System Security (TISSEC) (2003)

    Google Scholar 

  12. Li, N., Mitchell, J.C., Winsborough, W.H.: Design of a role-based trust management framework. In: Proceedings of the 2002 IEEE Symposium on Security and Privacy, pp. 114–130. IEEE Computer Society Press, Los Alamitos (2002)

    Google Scholar 

  13. Li, N., Mitchell, J.C.: Datalog with constraints: A foundation for trust management languages. In: Proceedings of the 5th International Symposium on Practical Aspects of Declarative Languages, pp. 58–73 (2003)

    Google Scholar 

  14. Bandmann, O., Damy, M., Firozabadi, B.S.: Constrained Delegation. In: Proceedings of the 2002 IEEE Symposium on Security and Privacy (S&P 2002) (2002)

    Google Scholar 

  15. Kanellakis, P.C., Kuper, G.M., Revesz, P.Z.: Constraint query languages. Journal of Computer and System Sciences 51(1), 26–52 (1995)

    Article  MathSciNet  Google Scholar 

  16. Star middleware site, http://www.starmiddleware.net

  17. Varadharajan, V., Allen, P., Black, S.: An Analysis of the Proxy Problem in Distributed systems. In: IEEE Symposium on Research in Security and Privacy, Oakland, CA (1991)

    Google Scholar 

  18. Gang, Y., Meng, T., Huai-min, W., et al.: An Authorization Framework Based on Constrained Delegation. In: Cao, J., Yang, L.T., Guo, M., Lau, F. (eds.) ISPA 2004. LNCS, vol. 3358, pp. 845–857. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, National University of Defense Technology, Changsha, China

    Gang Yin, Huaimin Wang & Dianxi Shi

  2. Agricultural Bank of China, Hunan Branch, China

    Haiya Gu

Authors
  1. Gang Yin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Huaimin Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Dianxi Shi
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Haiya Gu
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. St. Petersburg Intitute for Informaticsand Automation, 39, 14-th Liniya, 199178, St. Petersburg, Russia

    Vladimir Gorodetsky

  2. Computer Security Research Group, St. Petersburg Institute for Informatics and Automation, 39, 14 Liniya, 199178, St.-Petersburg, Russia

    Igor Kotenko

  3. US Air Force, Binghamton University (SUNYI), 13902, Binghamton, NY, USA

    Victor Skormin

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Yin, G., Wang, H., Shi, D., Gu, H. (2005). Towards More Controllable and Practical Delegation. In: Gorodetsky, V., Kotenko, I., Skormin, V. (eds) Computer Network Security. MMM-ACNS 2005. Lecture Notes in Computer Science, vol 3685. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11560326_19

Download citation

  • DOI: https://doi.org/10.1007/11560326_19

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-29113-8

  • Online ISBN: 978-3-540-31998-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation