Risk management for distributed authorization
نویسندگان
چکیده
Distributed authorization takes into account several elements, including certificates that may be provided by non-local actors. While most trust management systems treat all assertions as equally valid up to certificate authentication, realistic considerations may associate risk with some of these elements, for example some actors may be less trusted than others. Furthermore, practical online authorization may require certain levels of risk to be tolerated. In this paper, we introduce a trust management logic based on the system RT that incorporates formal risk assessment. This formalization allows risk levels to be associated with authorization, and authorization risk thresholds to be precisely specified and enforced. We also develop an algorithm for automatic authorization in a distributed environment, that is directed by risk considerations. A variety of practical applications are discussed.
منابع مشابه
A User-Centered, Modular Authorization Service Built on an RBAC Foundation
Psychological acceptability has been mentioned as a requirement for secure systems for as long as least privilege and fail safe defaults, but until now has been all but ignored in the actual design of secure systems. We place this principle at the center of our design for Adage, an authorization service for distributed applications. We employ usability design techniques to specify and test the ...
متن کاملCertificate Based Authorization Simulation System
Using certificates for distributed authorizations in computer network systems has been discussed in the literature. However real implementations of the concept are rarely seen. In our certificate based authorization simulation system (CBASS) project, we prototyped a computer system including some of the emulated functions of an operating system such as machine, user and file management, and emu...
متن کاملReducing the Dependence of Trust-Management Systems on PKI
Trust-management systems address the authorization problem in distributed systems by defining a formal language for expressing authorization and access-control policies, and relying on an algorithm to determine when a specific request can be granted. For authorization in distributed systems, trustmanagement systems offer several advantages over other approaches, such as support for delegation a...
متن کاملCustomizing Distributed Proofs of Authorization
When identity-based authorization becomes difficult due to the scalability requirements and highly dynamic nature of open distributed systems, digitally certifiable attributes can be an effective basis for specifying authorization policies. Before an authorization decision is made in such a system, a client needs to collect a set of credentials to prove that it satisfies the authorization polic...
متن کاملTask-based Authorization Controls (TBAC): A Family of Models for Active and Enterprise-oriented Authorization Management
In this paper, we develop a new paradigm for access control and authorization management, called task-based authorization controls (TBAC). TBAC models access controls from a task-oriented perspective than the traditional subject-object one. Access mediation now involves authorizations at various points during the completion of tasks in accordance with some application logic. By taking a taskori...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- Journal of Computer Security
دوره 15 شماره
صفحات -
تاریخ انتشار 2007