RFC2704: The KeyNote Trust-Management System Version 21999 RFC
- Authors:
- M. Blaze,
- J. Feigenbaum,
- J. Ioannidis,
- A. Keromytis
Skip Abstract Section
Abstract
This memo describes version 2 of the KeyNote trust-management system. It specifies the syntax and semantics of KeyNote `assertions', describes `action attribute' processing, and outlines the application architecture into which a KeyNote implementation can be fit. The KeyNote architecture and language are useful as building blocks for the trust management aspects of a variety of Internet protocols and services.
RFC Downloads
ZIP
Cited By
Singer A and Bishop M Trust-Based Security; Or, Trust Considered Harmful Proceedings of the New Security Paradigms Workshop 2020, (76-89)- Kolar M, Fernandez-Gago C and Lopez J (2019). A model specification for the design of trust negotiations, Computers and Security, 84:C, (288-300), Online publication date: 1-Jul-2019.
- Debreceni C, Bergmann G, Ráth I and Varró D (2019). Enforcing fine-grained access control for secure collaborative modelling using bidirectional transformations, Software and Systems Modeling (SoSyM), 18:3, (1737-1769), Online publication date: 1-Jun-2019.
- Taly A and Shankar A Distributed Authorization in Vanadium Tutorial Lectures on Foundations of Security Analysis and Design VIII - Volume 9808, (139-162)
- Pushkar A, Ghosh N and Ghosh S A Statistical Approach to Detect Anomalous User Requests in SaaS Cloud-Centric Collaborations Proceedings of the 11th International Conference on Information Systems Security - Volume 9478, (243-262)
- Lan Zhou , Varadharajan V and Hitchens M (2015). Trust Enhanced Cryptographic Role-Based Access Control for Secure Cloud Data Storage, IEEE Transactions on Information Forensics and Security, 10:11, (2381-2395), Online publication date: 1-Nov-2015.
- Castiglione A, Castiglione A, De Santis A, Masucci B, Palmieri F and Pizzolante R Novel Insider Threat Techniques Proceedings of the 7th ACM CCS International Workshop on Managing Insider Security Threats, (29-39)
- Vahldiek-Oberwagner A, Elnikety E, Mehta A, Garg D, Druschel P, Rodrigues R, Gehrke J and Post A Guardat Proceedings of the Tenth European Conference on Computer Systems, (1-16)
- Abdi S and Herbert J An algorithm for distributed certificate chain discovery in open environments Proceedings of the 30th Annual ACM Symposium on Applied Computing, (2292-2298)
- Tsankov P, Marinovic S, Torabi Dashti M and Basin D Fail-Secure Access Control Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, (1157-1168)
- Varadharajan V and Tupakula U (2014). Counteracting security attacks in virtual machines in the cloud using property based attestation, Journal of Network and Computer Applications, 40:C, (31-45), Online publication date: 1-Apr-2014.
- Smari W, Clemente P and Lalande J (2014). An extended attribute based access control model with trust and privacy, Future Generation Computer Systems, 31, (147-168), Online publication date: 1-Feb-2014.
- Giffin D, Levy A, Stefan D, Terei D, Mazières D, Mitchell J and Russo A Hails Proceedings of the 10th USENIX conference on Operating Systems Design and Implementation, (47-60)
- Claycomb W, Shin D and Ahn G (2012). Enhancing directory virtualization to detect insider activity, Security and Communication Networks, 5:8, (873-886), Online publication date: 1-Aug-2012.
- Vimercati S, Foresti S, Jajodia S, Paraboschi S, Psaila G and Samarati P (2012). Integrating trust management and access control in data-intensive Web applications, ACM Transactions on the Web, 6:2, (1-43), Online publication date: 1-May-2012.
- Minsky N Decentralized governance of distributed systems via interaction control Logic Programs, Norms and Action, (374-400)
- Sacha K Trust management languages and complexity Proceedings of the 2011th Confederated international conference on On the move to meaningful internet systems - Volume Part II, (588-604)
- Foley S, Adams W and O'Sullivan B Aggregating trust using triangular norms in the keynote trust management system Proceedings of the 6th international conference on Security and trust management, (100-115)
- Sacha K Credential chain discovery in RTTtrust management language Proceedings of the 5th international conference on Mathematical methods, models and architectures for computer network security, (195-208)
- Johnson M, Karat J, Karat C and Grueneberg K Optimizing a policy authoring framework for security and privacy policies Proceedings of the Sixth Symposium on Usable Privacy and Security, (1-9)
- Turner D, Prevelakis V and Keromytis A (2010). A market-based bandwidth charging framework, ACM Transactions on Internet Technology, 10:1, (1-30), Online publication date: 1-Feb-2010.
- Tripunitara M and Carbunar B Efficient access enforcement in distributed role-based access control (RBAC) deployments Proceedings of the 14th ACM symposium on Access control models and technologies, (155-164)
- Bauer L, Jia L, Reiter M and Swasey D xDomain Proceedings of the 14th ACM symposium on Access control models and technologies, (43-52)
- West A, Aviv A, Chang J, Prabhu V, Blaze M, Kannan S, Lee I, Smith J and Sokolsky O QuanTM Proceedings of the Second European Workshop on System Security, (28-35)
- Burnside M and Keromytis A Asynchronous policy evaluation and enforcement Proceedings of the 2nd ACM workshop on Computer security architectures, (45-50)
- Burnside M and Keromytis A Path-Based Access Control for Enterprise Networks Proceedings of the 11th international conference on Information Security, (191-203)
- Miltchev S, Smith J, Prevelakis V, Keromytis A and Ioannidis S (2008). Decentralized access control in distributed file systems, ACM Computing Surveys, 40:3, (1-30), Online publication date: 1-Aug-2008.
- Chapin P, Skalka C and Wang X (2008). Authorization in trust management, ACM Computing Surveys, 40:3, (1-48), Online publication date: 1-Aug-2008.
- Nagarajan A, Varadharajan V, Hitchens M and Arora S On the Applicability of Trusted Computing in Distributed Authorization Using Web Services Proceeedings of the 22nd annual IFIP WG 11.3 working conference on Data and Applications Security, (222-237)
- Zou D, Park J, Yang L, Liao Z and Kim T A Formal Framework for Expressing Trust Negotiation in the Ubiquitous Computing Environment Proceedings of the 5th international conference on Ubiquitous Intelligence and Computing, (35-45)
- Mowbray M and Lain A Dominator-tree analysis for distributed authorization Proceedings of the third ACM SIGPLAN workshop on Programming languages and analysis for security, (101-112)
- Ganeriwal S, Balzano L and Srivastava M (2008). Reputation-based framework for high integrity sensor networks, ACM Transactions on Sensor Networks, 4:3, (1-37), Online publication date: 1-May-2008.
- Lee A and Winslett M Towards an efficient and language-agnostic compliance checker for trust negotiation systems Proceedings of the 2008 ACM symposium on Information, computer and communications security, (228-239)
- Xie L and Zhu S (2008). Message Dropping Attacks in Overlay Networks, ACM Transactions on Information and System Security, 11:3, (1-30), Online publication date: 15-Mar-2008.
- Lee H and Luedemann H lightweight decentralized authorization model for inter-domain collaborations Proceedings of the 2007 ACM workshop on Secure web services, (83-89)
- Crampton J, Lim H and Paterson K What can identity-based cryptography offer to web services? Proceedings of the 2007 ACM workshop on Secure web services, (26-36)
- Nagarajan A, Varadharajan V and Hitchens M Trust management for trusted computing platforms in web services Proceedings of the 2007 ACM workshop on Scalable trusted computing, (58-62)
- Etalle S, den Hartog J and Marsh S Trust and punishment Proceedings of the 1st international conference on Autonomic computing and communication systems, (1-6)
- Skalka C, Wang X and Chapin P (2007). Risk management for distributed authorization, Journal of Computer Security, 15:4, (447-489), Online publication date: 1-Sep-2007.
- Huai J, Sun H, Hu C, Zhu Y, Liu Y and Li J (2007). ROST, Future Generation Computer Systems, 23:6, (825-835), Online publication date: 1-Jul-2007.
- Etalle S and Winsborough W A posteriori compliance control Proceedings of the 12th ACM symposium on Access control models and technologies, (11-20)
- Liao Z and Jin H A RT0-based compliance checker model for automated trust negotiation Proceedings of the 2007 Pacific Asia conference on Intelligence and security informatics, (129-140)
- Jung E, Elmallah E and Gouda M (2007). Optimal Dispersal of Certificate Chains, IEEE Transactions on Parallel and Distributed Systems, 18:4, (474-484), Online publication date: 1-Apr-2007.
- De Capitani di Vimercati S, Jajodia S, Paraboschi S and Samarati P Trust management services in relational databases Proceedings of the 2nd ACM symposium on Information, computer and communications security, (149-160)
- De Capitani di Vimercati S and Samarati P Privacy in the electronic society Proceedings of the Second international conference on Information Systems Security, (1-21)
- Serban C and Minsky N Generalized access control of synchronous communication Proceedings of the 7th ACM/IFIP/USENIX international conference on Middleware, (281-300)
- Serban C and Minsky N Generalized access control of synchronous communication Proceedings of the ACM/IFIP/USENIX 2006 International Conference on Middleware, (281-300)
- Smetters D, Balfanz D, Durfee G, Smith T and Lee K Instant matchmaking Proceedings of the 8th international conference on Ubiquitous Computing, (477-494)
- Alam M, Hafner M, Breu R and Unterthiner S A framework for modeling restricted delegation in service oriented architecture Proceedings of the Third international conference on Trust, Privacy, and Security in Digital Business, (142-151)
- Yau S Managing trust in distributed agent systems Proceedings of the Third international conference on Autonomic and Trusted Computing, (17-25)
- Søndergaard D, Probst C, Jensen C and Hansen R Program partitioning using dynamic trust models Proceedings of the 4th international conference on Formal aspects in security and trust, (170-184)
- Ray I and Chakraborty S A Framework for Flexible Access Control in Digital Library Systems 20th Annual IFIP WG 11.3 Working Conference on Data and Applications Security on Data and Applications Security XX - Volume 4127, (252-266)
- Polakow J and Skalka C Specifying distributed trust management in LolliMon Proceedings of the 2006 workshop on Programming languages and analysis for security, (37-46)
- Ravichandran A and Yoon J Trust management with delegation in grouped peer-to-peer communities Proceedings of the eleventh ACM symposium on Access control models and technologies, (71-80)
- Noda J, Takahashi M, Hosomi I, Mouri H, Takata Y and Seki H Integrating presence inference into trust management for ubiquitous systems Proceedings of the eleventh ACM symposium on Access control models and technologies, (59-68)
- Chakraborty S and Ray I TrustBAC Proceedings of the eleventh ACM symposium on Access control models and technologies, (49-58)
- Kane K and Browne J On classifying access control implementations for distributed systems Proceedings of the eleventh ACM symposium on Access control models and technologies, (29-38)
- Suryanarayana G, Diallo M, Erenkrantz J and Taylor R Architectural support for trust models in decentralized applications Proceedings of the 28th international conference on Software engineering, (52-61)
- Pearson S Towards automated evaluation of trust constraints Proceedings of the 4th international conference on Trust Management, (252-266)
- Jensen C and Connell P Trust-based route selection in dynamic source routing Proceedings of the 4th international conference on Trust Management, (150-163)
- Jha S, Schwoon S, Wang H and Reps T Weighted pushdown systems and trust-management systems Proceedings of the 12th international conference on Tools and Algorithms for the Construction and Analysis of Systems, (1-26)
- Claycomb W and Shin D Mobile-driven architecture for managing enterprise security policies Proceedings of the 44th annual ACM Southeast Conference, (555-559)
- Ray I, Chakraborty S and Ray I VTrust Proceedings of the First international conference on Information Systems Security, (91-105)
- Zhu X, Wang S, Hong F and Liao J Distributed credential chain discovery in trust-management with parameterized roles Proceedings of the 4th international conference on Cryptology and Network Security, (334-348)
- Wang S and Zhang Y Answer set programming for distributed authorization Proceedings of the 18th Australian Joint conference on Advances in Artificial Intelligence, (1191-1194)
- Chapin P, Skalka C and Wang X Risk assessment in distributed authorization Proceedings of the 2005 ACM workshop on Formal methods in security engineering, (33-42)
- Katsikas S, Lopez J and Pernul G Trust, privacy and security in e-business Proceedings of the 10th Panhellenic conference on Advances in Informatics, (548-558)
- Borders K, Zhao X and Prakash A CPOL Proceedings of the 12th ACM conference on Computer and communications security, (147-157)
- Irwin K and Yu T Preventing attribute information leakage in automated trust negotiation Proceedings of the 12th ACM conference on Computer and communications security, (36-45)
- Yin G, Wang H, Liu T, Shi D and Chen M Distributed access control for grid environments using trust management approach Proceedings of the 2005 international conference on Parallel and Distributed Processing and Applications, (485-495)
- Zuo M, Wang K and Li J The application of collaborative filtering for trust management in p2p communities Proceedings of the Third international conference on Parallel and Distributed Processing and Applications, (383-394)
- Yin G, Wang H, Liu T, Chen M and Shi D Trust management with safe privilege propagation Proceedings of the 6th international conference on Advanced Parallel Processing Technologies, (174-183)
- Navarro G, Ortega-Ruiz J, Ametller J and Robles S Distributed authorization framework for mobile agents Proceedings of the Second international conference on Mobility Aware Technologies and Applications, (127-136)
- Yin G, Wang H, Shi D and Gu H Towards more controllable and practical delegation Proceedings of the Third international conference on Mathematical Methods, Models, and Architectures for Computer Network Security, (245-258)
- Zhou H and Foley S A logic for analysing subterfuge in delegation chains Proceedings of the Third international conference on Formal Aspects in Security and Trust, (127-141)
- Bhatti R, Bertino E and Ghafoor A (2005). A Trust-Based Context-Aware Access Control Model for Web-Services, Distributed and Parallel Databases, 18:1, (83-105), Online publication date: 1-Jul-2005.
- Marchesini J and Smith S Modeling public key infrastructures in the real world Proceedings of the Second European conference on Public Key Infrastructure, (118-134)
- Etalle S and Winsborough W Integrity constraints in trust management Proceedings of the tenth ACM symposium on Access control models and technologies, (1-10)
- Clark D, Wroclawski J, Sollins K and Braden R (2005). Tussle in cyberspace, IEEE/ACM Transactions on Networking, 13:3, (462-475), Online publication date: 1-Jun-2005.
- Vraalsen F, Lund M, Mahler T, Parent X and Stølen K Specifying legal risk scenarios using the CORAS threat modelling language Proceedings of the Third international conference on Trust Management, (45-60)
- Krishnamurthy B, Madhyastha H and Spatscheck O ATMEN Proceedings of the 14th international conference on World Wide Web, (499-509)
- Gu C, Zhang X and Song G A Delegation Logic Based Authorization Mechanism for Virtual Organizations Proceedings of the 2005 conference on Applied Public Key Infrastructure: 4th International Workshop: IWAP 2005, (123-136)
- Almenárez F, Marín A, Campo C and García R. C TrustAC Proceedings of the Second international conference on Security in Pervasive Computing, (225-238)
- Yin G, Teng M, Wang H, Jia Y and Shi D An authorization framework based on constrained delegation Proceedings of the Second international conference on Parallel and Distributed Processing and Applications, (845-857)
- Chen Z, Liu W, Tu S and Du W A cooperative web framework of jini into OSGi-based open home gateway Proceedings of the First international conference on Embedded Software and Systems, (570-575)
- Bos H, de Bruijn W, Cristea M, Nguyen T and Portokalidis G FFPF Proceedings of the 6th conference on Symposium on Operating Systems Design & Implementation - Volume 6, (24-24)
- Yin G, Wang H, Shi D, Jia Y and Teng M A rule-based framework for role-based constrained delegation Proceedings of the 3rd international conference on Information security, (186-191)
- Joshi J, Bhatti R, Bertino E and Ghafoor A (2004). Access-Control Language for Multidomain Environments, IEEE Internet Computing, 8:6, (40-50), Online publication date: 1-Nov-2004.
- Quillinan T and Foley S Security in WebCom Proceedings of the 2004 workshop on Secure web service, (97-105)
- Ganeriwal S and Srivastava M Reputation-based framework for high integrity sensor networks Proceedings of the 2nd ACM workshop on Security of ad hoc and sensor networks, (66-77)
- Theodorakopoulos G and Baras J Trust evaluation in ad-hoc networks Proceedings of the 3rd ACM workshop on Wireless security, (1-10)
- Aggarwal G, Bawa M, Ganesan P, Garcia-Molina H, Kenthapadi K, Mishra N, Motwani R, Srivastava U, Thomas D, Widom J and Xu Y Vision paper Proceedings of the Thirtieth international conference on Very large data bases - Volume 30, (708-719)
- Bertino E, Ferrari E and Squicciarini A (2004). Trust-X, IEEE Transactions on Knowledge and Data Engineering, 16:7, (827-842), Online publication date: 1-Jul-2004.
- Bertino E, Ferrari E and Squicciarini A (2004). Trust Negotiations, Computing in Science and Engineering, 6:4, (27-34), Online publication date: 1-Jul-2004.
- Hengartner U and Steenkiste P Implementing access control to people location information Proceedings of the ninth ACM symposium on Access control models and technologies, (11-20)
- Chowdhury P, Christianson B and Malcolm J Anonymous authentication Proceedings of the 12th international conference on Security Protocols, (299-305)
- Blaze M Toward a broader view of security protocols Proceedings of the 12th international conference on Security Protocols, (106-120)
- Walter T, Bussard L, Robinson P and Roudier Y Security and Trust Issues in Ubiquitous Environments -- The Business-to-Employee Dimension Proceedings of the 2004 Symposium on Applications and the Internet-Workshops (SAINT 2004 Workshops)
- References Grid resource management, (507-566)
- Huang H and Wu S An approach to certificate path discovery in mobile Ad Hoc networks Proceedings of the 1st ACM workshop on Security of ad hoc and sensor networks, (41-52)
- Ioannidis S, Bellovin S, Ioannidis J, Keromytis A and Smith J Design and Implementation of Virtual Private Services Proceedings of the Twelfth International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises
- Levine A, Prevelakis V, Ioannidis J, Ioannidis S and Keromytis A WebDAVA Proceedings of the Twelfth International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises
- McDaniel P On context in authorization policy Proceedings of the eighth ACM symposium on Access control models and technologies, (80-89)
- Goodrich M, Shin M, Tamassia R and Winsborough W Authenticated dictionaries for fresh attribute credentials Proceedings of the 1st international conference on Trust management, (332-347)
- Karabulut Y Implementation of an agent-oriented trust management infrastructure based on a hybrid PKI model Proceedings of the 1st international conference on Trust management, (318-331)
- Yao W Fidelis Proceedings of the 1st international conference on Trust management, (301-317)
- Blaze M, Ioannidis J and Keromytis A Experience with the keynote trust management system Proceedings of the 1st international conference on Trust management, (284-300)
- Grandison T and Sloman M Trust management tools for internet applications Proceedings of the 1st international conference on Trust management, (91-107)
- Herrmann P Trust-based protection of software component users and designers Proceedings of the 1st international conference on Trust management, (75-90)
- Kinateder M and Rothermel K Architecture and algorithms for a distributed reputation system Proceedings of the 1st international conference on Trust management, (1-16)
- Hengartner U and Steenkiste P Access control to information in pervasive computing environments Proceedings of the 9th conference on Hot Topics in Operating Systems - Volume 9, (27-27)
- Li N, Winsborough W and Mitchell J Beyond Proof-of-Compliance Proceedings of the 2003 IEEE Symposium on Security and Privacy
- Chadwick D, Otenko A and Ball E (2003). Role-Based Access Control With X.509 Attribute Certificates, IEEE Internet Computing, 7:2, (62-69), Online publication date: 1-Mar-2003.
- Buttyán L and Hubaux J (2003). Report on a working session on security in wireless ad hoc networks, ACM SIGMOBILE Mobile Computing and Communications Review, 7:1, (74-94), Online publication date: 1-Jan-2003.
- Winslett M, Yu T, Seamons K, Hess A, Jacobson J, Jarvis R, Smith B and Yu L (2002). Negotiating Trust on the Web, IEEE Internet Computing, 6:6, (30-37), Online publication date: 1-Nov-2002.
- Keromytis A, Misra V and Rubenstein D (2002). SOS, ACM SIGCOMM Computer Communication Review, 32:4, (61-72), Online publication date: 1-Oct-2002.
- Godber A and Dasgupta P Secure wireless gateway Proceedings of the 1st ACM workshop on Wireless security, (41-46)
- Keromytis A, Misra V and Rubenstein D SOS Proceedings of the 2002 conference on Applications, technologies, architectures, and protocols for computer communications, (61-72)
- Jha S and Reps T Analysis of SPKI/SDSI Certificates Using Model Checking Proceedings of the 15th IEEE workshop on Computer Security Foundations
- Nikander P Authorization and Charging in Public WLANs Using FreeBSD and 802.1x Proceedings of the FREENIX Track: 2002 USENIX Annual Technical Conference, (109-119)
- Chadwick D and Otenko A The PERMIS X.509 role based privilege management infrastructure Proceedings of the seventh ACM symposium on Access control models and technologies, (135-140)
- Cohen E, Thomas R, Winsborough W and Shands D Models for coalition-based access control (CBAC) Proceedings of the seventh ACM symposium on Access control models and technologies, (97-106)
- Iliev A and Smith S Prototyping an armored data vault rights management on Big Brother's computer Proceedings of the 2nd international conference on Privacy enhancing technologies, (144-159)
- Ioannidis J, Ioannidis S, Keromytis A and Prevelakis V Fileteller Proceedings of the 6th international conference on Financial cryptography, (282-299)
- Li N, Winsborough W and Mitchell J Distributed credential chain discovery in trust management Proceedings of the 8th ACM conference on Computer and Communications Security, (156-165)
- Yu T, Winslett M and Seamons K Interoperable strategies in automated trust negotiation Proceedings of the 8th ACM conference on Computer and Communications Security, (146-155)
- Foley S and Morrison J Computational paradigms and protection Proceedings of the 2001 workshop on New security paradigms, (3-11)
- Kornievskaia O, Honeyman P, Doster B and Coffman K Kerberized credential translation Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
- Irvine C and Levin T Quality of security service Proceedings of the 2000 workshop on New security paradigms, (91-99)
- Ioannidis S, Keromytis A, Bellovin S and Smith J Implementing a distributed firewall Proceedings of the 7th ACM conference on Computer and Communications Security, (190-199)
- Fujimura K, Kuno H, Terada M, Matsuyama K, Mizuno Y and Sekine J Digital-ticket-controlled digital ticket circulation Proceedings of the 8th conference on USENIX Security Symposium - Volume 8, (18-18)
- Thompson M, Johnston W, Mudumbai S, Hoo G, Jackson K and Essiari A Certificate-based access control for widely distributed resources Proceedings of the 8th conference on USENIX Security Symposium - Volume 8, (17-17)