We use cookies to ensure that we give you the best experience on our website. By continuing to browse this repository, you give consent for essential cookies to be used. You can read more about our Privacy and Cookie Policy.

Durham e-Theses
You are in:

Distributed access control and the prototype of the Mojoy trust policy language

Huang, Chenxi (2004) Distributed access control and the prototype of the Mojoy trust policy language. Masters thesis, Durham University.



In a highly distributed computing environment, people frequently move from one place to another where the new system has no previous knowledge of them at all. Traditional access control mechanisms such as access matrix and RBAC depend heavily on central management. However, the identities and privileges of the users are stored and administered in different locations in distributed systems. How to establish trust between these strange entities remains a challenge. Many efforts have been made to solve this problem. In the previous work, the decentralised administration of trust is achieved through delegation which is a very rigid mechanism. The limitation of delegation is that the identities of the delegators and delegatees must be known in advance and the privileges must be definite. In this thesis, we present a new model for decentralised administration of trust: trust empowerment. In trust empowerment, trust is defined as a set of properties. Properties can be owned and/or controlled. Owners of the properties can perform the privileges denoted by the properties. Controllers of the properties can grant the properties to other subjects but cannot gain the privileges of the properties. Each subject has its own policy to define trust empowerment. We design the Mojoy tmst policy language that supports trust empowerment. We give the syntax, semantics and an XML implementation of the language. The Mojoy trust policy language is based on XACML, which is an OASIS standard. We develop a compliance checker for the language. The responsibility of the compliance checker is to examine the certificates and policy, and return a Boolean value to indicate whether the user's request is allowed. We apply our new model, the language and the compliance checker to a case study to show that they are capable of coping with the trust issues met in the distributed systems.

Item Type:Thesis (Masters)
Award:Master of Science
Thesis Date:2004
Copyright:Copyright of this thesis is held by the author
Deposited On:09 Sep 2011 10:00

Social bookmarking: del.icio.usConnoteaBibSonomyCiteULikeFacebookTwitter