Abstract
We propose an approach to placing usage-constraints on RT credentials; issuers specify constraints by designing non-deterministic finite automata. We show by examples that this approach can express constraints of practical interest. We present a compliance checker in the presence of usage-constraints, especially for trust negotiation systems. Given an RT policy, the checker is able to find all minimal satisfying sets, each of which uses credentials in a way consistent with given constraints. The checker leverages answer set programming, a declarative logic programming paradigm, to model and solve the problem. We also show preliminary experimental results: supporting usage-constraints on credentials incurs affordable overheads and the checker responds efficiently.
Original language | English |
---|---|
Pages (from-to) | 290-305 |
Number of pages | 16 |
Journal | Lecture Notes in Computer Science |
Volume | 7483 |
DOIs | |
Publication status | Published - 2012 |
Keywords
- answer set programming
- automata theory
- compliance checking
- data security
- declarative logic
- logic programming
- model checking
- nondeterministic finite automaton
- programming paradigms
- trust negotiations