Subterfuge-safe trust management for delegation of permissions in open environments

dc.check.embargoformatNot applicableen
dc.check.infoNo embargo requireden
dc.check.opt-outNot applicableen
dc.check.reasonNo embargo requireden
dc.check.typeNo Embargo Required
dc.contributor.advisorHerbert, Johnen
dc.contributor.authorAbdi, Samane
dc.contributor.funderScience Foundation Irelanden
dc.date.accessioned2015-11-25T12:07:02Z
dc.date.available2015-11-25T12:07:02Z
dc.date.issued2015
dc.date.submitted2015
dc.description.abstractOpen environments involve distributed entities interacting with each other in an open manner. Many distributed entities are unknown to each other but need to collaborate and share resources in a secure fashion. Usually resource owners alone decide who is trusted to access their resources. Since resource owners in open environments do not have a complete picture of all trusted entities, trust management frameworks are used to ensure that only authorized entities will access requested resources. Every trust management system has limitations, and the limitations can be exploited by malicious entities. One vulnerability is due to the lack of globally unique interpretation for permission specifications. This limitation means that a malicious entity which receives a permission in one domain may misuse the permission in another domain via some deceptive but apparently authorized route; this malicious behaviour is called subterfuge. This thesis develops a secure approach, Subterfuge Safe Trust Management (SSTM), that prevents subterfuge by malicious entities. SSTM employs the Subterfuge Safe Authorization Language (SSAL) which uses the idea of a local permission with a globally unique interpretation (localPermission) to resolve the misinterpretation of permissions. We model and implement SSAL with an ontology-based approach, SSALO, which provides a generic representation for knowledge related to the SSAL-based security policy. SSALO enables integration of heterogeneous security policies which is useful for secure cooperation among principals in open environments where each principal may have a different security policy with different implementation. The other advantage of an ontology-based approach is the Open World Assumption, whereby reasoning over an existing security policy is easily extended to include further security policies that might be discovered in an open distributed environment. We add two extra SSAL rules to support dynamic coalition formation and secure cooperation among coalitions. Secure federation of cloud computing platforms and secure federation of XMPP servers are presented as case studies of SSTM. The results show that SSTM provides robust accountability for the use of permissions in federation. It is also shown that SSAL is a suitable policy language to express the subterfuge-safe policy statements due to its well-defined semantics, ease of use, and integrability.en
dc.description.sponsorshipScience Foundation Ireland (SFI Grant 08/SRC/11403)en
dc.description.statusNot peer revieweden
dc.description.versionAccepted Version
dc.format.mimetypeapplication/pdfen
dc.identifier.citationAbdi, S. 2015. Subterfuge-safe trust management for delegation of permissions in open environments. PhD Thesis, University College Cork.en
dc.identifier.endpage198
dc.identifier.urihttps://hdl.handle.net/10468/2097
dc.language.isoenen
dc.publisherUniversity College Corken
dc.rights© 2015, Samane Abdi.en
dc.rights.urihttp://creativecommons.org/licenses/by-nc-nd/3.0/en
dc.subjectSubterfugeen
dc.subjectCoalitionen
dc.subjectOntologyen
dc.subjectTrust managementen
dc.subjectSecure federationen
dc.subjectPolicy languageen
dc.thesis.opt-outfalse
dc.titleSubterfuge-safe trust management for delegation of permissions in open environmentsen
dc.typeDoctoral thesisen
dc.type.qualificationlevelDoctoralen
dc.type.qualificationnamePhD (Science)en
ucc.workflow.supervisorj.herbert@cs.ucc.ie
Files
Original bundle
Now showing 1 - 2 of 2
Loading...
Thumbnail Image
Name:
AbstractFinal.pdf
Size:
43.31 KB
Format:
Adobe Portable Document Format
Description:
Abstract
Loading...
Thumbnail Image
Name:
SamaneAbdi2015.pdf
Size:
2.53 MB
Format:
Adobe Portable Document Format
Description:
Full Text E-Thesis
License bundle
Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
license.txt
Size:
5.62 KB
Format:
Item-specific license agreed upon to submission
Description: