Compliance checking for usage-constrained credentials in trust negotiation systems

Jinwei Hu, Khaled M. Khan, Yun Bai, Yan Zhang

    Research output: Contribution to journalArticlepeer-review

    2 Citations (Scopus)

    Abstract

    We propose an approach to placing usage-constraints on RT credentials; issuers specify constraints by designing non-deterministic finite automata. We show by examples that this approach can express constraints of practical interest. We present a compliance checker in the presence of usage-constraints, especially for trust negotiation systems. Given an RT policy, the checker is able to find all minimal satisfying sets, each of which uses credentials in a way consistent with given constraints. The checker leverages answer set programming, a declarative logic programming paradigm, to model and solve the problem. We also show preliminary experimental results: supporting usage-constraints on credentials incurs affordable overheads and the checker responds efficiently.
    Original languageEnglish
    Pages (from-to)290-305
    Number of pages16
    JournalLecture Notes in Computer Science
    Volume7483
    DOIs
    Publication statusPublished - 2012

    Keywords

    • answer set programming
    • automata theory
    • compliance checking
    • data security
    • declarative logic
    • logic programming
    • model checking
    • nondeterministic finite automaton
    • programming paradigms
    • trust negotiations

    Fingerprint

    Dive into the research topics of 'Compliance checking for usage-constrained credentials in trust negotiation systems'. Together they form a unique fingerprint.

    Cite this