GEM: A distributed goal evaluation algorithm for trust management

Daniel Trivellato, Nicola Zannone, Sandro Etalle

    Research output: Contribution to journalArticleAcademicpeer-review

    13 Citations (Scopus)
    68 Downloads (Pure)

    Abstract

    Trust management is an approach to access control in distributed systems where access decisions are based on policy statements issued by multiple principals and stored in a distributed manner. In trust management, the policy statements of a principal can refer to other principals' statements; thus, the process of evaluating an access request (i.e., a goal) consists of finding a “chain‿ of policy statements that allows the access to the requested resource. Most existing goal evaluation algorithms for trust management either rely on a centralized evaluation strategy, which consists of collecting all the relevant policy statements in a single location (and therefore they do not guarantee the confidentiality of intensional policies), or do not detect the termination of the computation (i.e., when all the answers of a goal are computed). In this paper, we present GEM, a distributed goal evaluation algorithm for trust management systems that relies on function-free logic programming for the specification of policy statements. GEM detects termination in a completely distributed way without disclosing intensional policies, thereby preserving their confidentiality. We demonstrate that the algorithm terminates and is sound and complete with respect to the standard semantics for logic programs.
    Original languageUndefined
    Pages (from-to)293-337
    Number of pages45
    JournalTheory and practice of logic programming
    Volume14
    Issue number3
    DOIs
    Publication statusPublished - May 2014

    Keywords

    • SCS-Cybersecurity
    • distributed goal evaluation
    • EWI-25141
    • IR-92124
    • policy confidentiality
    • METIS-306059
    • Trust Management

    Cite this