Using trust and risk in role-based access control policies Export

@inproceedings{citeulike:942673, abstract = {Emerging trust and risk management systems provide a framework for principals to determine whether they will exchange resources, without requiring a complete definition of their credentials and intentions. Most distributed access control architectures have far more rigid policy rules, yet in many respects aim to solve a similar problem. This paper elucidates the similarities between trust management and distributed access control systems by demonstrating how the OASIS access control system and its r\&\#244;le-based policy language can be extended to make decisions on the basis of trust and risk analyses rather than on the basis of credentials alone. We apply our new model to the prototypical example of a file storage and publication service for the Grid, and test it using our Prolog-based OASIS implementation.}, address = {New York, NY, USA}, author = {Dimmock, Nathan and Belokosztolszki, Andr\'{a}s and Eyers, David and Bacon, Jean and Moody, Ken}, booktitle = {SACMAT '04: Proceedings of the ninth ACM symposium on Access control models and technologies}, citeulike-article-id = {942673}, citeulike-linkout-0 = {http://portal.acm.org/citation.cfm?id=990062}, citeulike-linkout-1 = {http://dx.doi.org/10.1145/990036.990062}, doi = {10.1145/990036.990062}, isbn = {1-58113-872-5}, keywords = {access, control, risk, security, trust}, location = {Yorktown Heights, New York, USA}, pages = {156--162}, posted-at = {2006-11-14 08:49:10}, priority = {2}, publisher = {ACM}, title = {Using trust and risk in role-based access control policies}, url = {http://dx.doi.org/10.1145/990036.990062}, year = {2004} }

TY - CONF ID - citeulike:942673 L3 - citeulike-article-id:942673 N2 - Emerging trust and risk management systems provide a framework for principals to determine whether they will exchange resources, without requiring a complete definition of their credentials and intentions. Most distributed access control architectures have far more rigid policy rules, yet in many respects aim to solve a similar problem. This paper elucidates the similarities between trust management and distributed access control systems by demonstrating how the OASIS access control system and its rôle-based policy language can be extended to make decisions on the basis of trust and risk analyses rather than on the basis of credentials alone. We apply our new model to the prototypical example of a file storage and publication service for the Grid, and test it using our Prolog-based OASIS implementation. CY - Yorktown Heights, New York, USA SN - 1-58113-872-5 AD - New York, NY, USA EP - 162 TI - Using trust and risk in role-based access control policies PB - ACM T2 - SACMAT '04: Proceedings of the ninth ACM symposium on Access control models and technologies SP - 156 KW - access KW - control KW - risk KW - security KW - trust AU - Dimmock, Nathan AU - Belokosztolszki, András AU - Eyers, David AU - Bacon, Jean AU - Moody, Ken PY - 2004/// UR - http://dx.doi.org/10.1145/990036.990062 ER -