Link to the University of Pittsburgh Homepage
Link to the University Library System Homepage Link to the Contact Us Form

Towards an efficient and language-agnostic compliance checker for trust negotiation systems

Lee, AJ and Winslett, M (2008) Towards an efficient and language-agnostic compliance checker for trust negotiation systems. In: UNSPECIFIED UNSPECIFIED, 228 - 239. ISBN 9781595939791

[img] Plain Text (licence)
Available under License : See the attached license file.

Download (1kB)


To ensure that a trust negotiation succeeds whenever possible, authorization policy compliance checkers must be able to find all minimal sets of their owners' credentials that can be used to satisfy a given policy. If all of these sets can be found efficiently prior to choosing which set should be disclosed, many strategic benefits can also be realized. Unfortunately, solving this problem using existing compliance checkers is too inefficient to be useful in practice. Specifically, the overheads of finding all satisfying sets using existing approaches have been shown to rapidly grow exponentially in the size of the union of all satisfying sets of credentials for the policy, even after optimizations have been made to prune the search space for potential satisfying sets. In this paper, we describe the Clouseau compliance checker. Clouseau leverages efficient pattern-matching algorithms to find all satisfying sets of credentials for a given policy in time that grows as O(NA), where N is the number of satisfying sets for the policy and A is the average size of each satisfying set. We describe the design and implementation of the Clouseau compliance checker, evaluate its performance, and show that it vastly outperforms existing approaches to finding all satisfying sets of credentials. We then present a method for automatically compiling RT policies into a format suitable for analysis by Clouseau and prove its correctness and completeness. Copyright 2008 ACM.


Social Networking:
Share |


Item Type: Book Section
Status: Published
CreatorsEmailPitt UsernameORCID
Lee, AJadamlee@pitt.eduADAMLEE
Winslett, M
Date: 1 December 2008
Date Type: Publication
Journal or Publication Title: Proceedings of the 2008 ACM Symposium on Information, Computer and Communications Security, ASIACCS '08
Page Range: 228 - 239
Event Type: Conference
DOI or Unique Handle: 10.1145/1368310.1368343
Schools and Programs: Dietrich School of Arts and Sciences > Computer Science
Refereed: Yes
ISBN: 9781595939791
Date Deposited: 05 Dec 2012 19:41
Last Modified: 02 Feb 2019 16:56


Monthly Views for the past 3 years

Plum Analytics

Actions (login required)

View Item View Item