Analysis of Trust Management Policies

As critical systems and services migrate to the distributed environment of the Internet, the conventional centralized security models are proving to be insufficient. Trust management is a decentralized framework for managing security decisions in which a large number of distributed participants need to share their resources in a secure and controlled manner. A number of real-world applications rely upon sound trust management policies. These include health care systems, electronic commerce, supply chain management, and dynamic updates in the Domain Name System (DNS). Our research addresses the problem of trust management to support distributed access control among multiple entities. In other words, how do we ensure that trust management policies indeed permit data access only to legitimate users while ensuring protection against unauthorized use? Our current research has focused on the problem of analyzing Role-Based Access Control policies (RBAC). The policy changes are guided by Administrative RBAC (ARBAC) policies. We have developed algorithms and comprehensive complexity results for reachability and related analysis problems for several categories of ARBAC policies. Our future research will extend these results to analyze trust management policies in large-scale distributed environments where participants may reside across independent administrative domains.

Project Members

Publications