Compliance checking for usage-constrained credentials in trust negotiation systems

Jinwei Hu; Khaled M. Khan; Yun Bai; Yan Zhang

doi:10.1007/978-3-642-33383-5_18

Compliance checking for usage-constrained credentials in trust negotiation systems

Jinwei Hu, Khaled M. Khan, Yun Bai, Yan Zhang

School of Computer, Data & Mathematical Sciences

Research output: Contribution to journal › Article › peer-review

2 Citations (Scopus)

Abstract

We propose an approach to placing usage-constraints on RT credentials; issuers specify constraints by designing non-deterministic finite automata. We show by examples that this approach can express constraints of practical interest. We present a compliance checker in the presence of usage-constraints, especially for trust negotiation systems. Given an RT policy, the checker is able to find all minimal satisfying sets, each of which uses credentials in a way consistent with given constraints. The checker leverages answer set programming, a declarative logic programming paradigm, to model and solve the problem. We also show preliminary experimental results: supporting usage-constraints on credentials incurs affordable overheads and the checker responds efficiently.

Original language	English
Pages (from-to)	290-305
Number of pages	16
Journal	Lecture Notes in Computer Science
Volume	7483
DOIs	https://doi.org/10.1007/978-3-642-33383-5_18
Publication status	Published - 2012

Keywords

answer set programming
automata theory
compliance checking
data security
declarative logic
logic programming
model checking
nondeterministic finite automaton
programming paradigms
trust negotiations

Access to Document

10.1007/978-3-642-33383-5_18

Cite this

@article{3bb9d210ae404e55a7700eab45385a61,

title = "Compliance checking for usage-constrained credentials in trust negotiation systems",

abstract = "We propose an approach to placing usage-constraints on RT credentials; issuers specify constraints by designing non-deterministic finite automata. We show by examples that this approach can express constraints of practical interest. We present a compliance checker in the presence of usage-constraints, especially for trust negotiation systems. Given an RT policy, the checker is able to find all minimal satisfying sets, each of which uses credentials in a way consistent with given constraints. The checker leverages answer set programming, a declarative logic programming paradigm, to model and solve the problem. We also show preliminary experimental results: supporting usage-constraints on credentials incurs affordable overheads and the checker responds efficiently.",

keywords = "answer set programming, automata theory, compliance checking, data security, declarative logic, logic programming, model checking, nondeterministic finite automaton, programming paradigms, trust negotiations",

author = "Jinwei Hu and Khan, {Khaled M.} and Yun Bai and Yan Zhang",

year = "2012",

doi = "10.1007/978-3-642-33383-5_18",

language = "English",

volume = "7483",

pages = "290--305",

journal = "Lecture Notes in Computer Science",

issn = "0302-9743",

publisher = "Springer",

}

TY - JOUR

T1 - Compliance checking for usage-constrained credentials in trust negotiation systems

AU - Hu, Jinwei

AU - Khan, Khaled M.

AU - Bai, Yun

AU - Zhang, Yan

PY - 2012

Y1 - 2012

N2 - We propose an approach to placing usage-constraints on RT credentials; issuers specify constraints by designing non-deterministic finite automata. We show by examples that this approach can express constraints of practical interest. We present a compliance checker in the presence of usage-constraints, especially for trust negotiation systems. Given an RT policy, the checker is able to find all minimal satisfying sets, each of which uses credentials in a way consistent with given constraints. The checker leverages answer set programming, a declarative logic programming paradigm, to model and solve the problem. We also show preliminary experimental results: supporting usage-constraints on credentials incurs affordable overheads and the checker responds efficiently.

AB - We propose an approach to placing usage-constraints on RT credentials; issuers specify constraints by designing non-deterministic finite automata. We show by examples that this approach can express constraints of practical interest. We present a compliance checker in the presence of usage-constraints, especially for trust negotiation systems. Given an RT policy, the checker is able to find all minimal satisfying sets, each of which uses credentials in a way consistent with given constraints. The checker leverages answer set programming, a declarative logic programming paradigm, to model and solve the problem. We also show preliminary experimental results: supporting usage-constraints on credentials incurs affordable overheads and the checker responds efficiently.

KW - answer set programming

KW - automata theory

KW - compliance checking

KW - data security

KW - declarative logic

KW - logic programming

KW - model checking

KW - nondeterministic finite automaton

KW - programming paradigms

KW - trust negotiations

UR - http://handle.uws.edu.au:8081/1959.7/520434

U2 - 10.1007/978-3-642-33383-5_18

DO - 10.1007/978-3-642-33383-5_18

M3 - Article

SN - 0302-9743

VL - 7483

SP - 290

EP - 305

JO - Lecture Notes in Computer Science

JF - Lecture Notes in Computer Science

ER -

Compliance checking for usage-constrained credentials in trust negotiation systems

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this