Credential revocation in the RT Framework
Abstract: The paper is focused on nonmonotonicity in trust management models which provide access control mechanisms for distributed systems. The work explains what decentralised systems are, defines a notion of security model nonmonotonicity, presents its types and points out factors that causes trust management model to become nonmonotonic. A result of this analysis is a model for credential revocation in the RT Framework trust management model. When security model allows for credential revocation, it becomes nonmonotonic. Presented model allows to turn it to be temporally monotonic. It allows policy authors to define constraints for roles, and applies those values to credentials. When credential does not comply to defined requirements, it is disregarded. A model is evaluated against sample scenario, which demonstrates how it can be applied to real-life use cases.
Keywords: Software security, trust management, credential revocation, RT Framework, nonmonotonicity, credential chain, credential graph, freshness constraints, freshness graph
Area: Electronics and Information Technologies
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License.