{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T12:11:40Z","timestamp":1763467900996,"version":"3.41.0"},"reference-count":29,"publisher":"Association for Computing Machinery (ACM)","issue":"2","license":[{"start":{"date-parts":[[2008,12,1]],"date-time":"2008-12-01T00:00:00Z","timestamp":1228089600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000144","name":"Division of Computer and Network Systems","doi-asserted-by":"publisher","award":["CNS-0325951","CNS-0524695"],"award-info":[{"award-number":["CNS-0325951","CNS-0524695"]}],"id":[{"id":"10.13039\/100000144","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100006234","name":"Sandia National Laboratories, National Nuclear Security Administration","doi-asserted-by":"publisher","award":["DOE SNL 541065"],"award-info":[{"award-number":["DOE SNL 541065"]}],"id":[{"id":"10.13039\/100006234","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000145","name":"Division of Information and Intelligent Systems","doi-asserted-by":"publisher","award":["IIS-0331707"],"award-info":[{"award-number":["IIS-0331707"]}],"id":[{"id":"10.13039\/100000145","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Inf. Syst. Secur."],"published-print":{"date-parts":[[2008,12]]},"abstract":"<jats:p>In trust negotiation and other forms of distributed proving, networked entities cooperate to form proofs of authorization that are justified by collections of certified attribute credentials. These attributes may be obtained through interactions with any number of external entities and are collected and validated over an extended period of time. Although these collections of credentials in some ways resemble partial system snapshots, current trust negotiation and distributed proving systems lack the notion of a consistent global state in which the satisfaction of authorization policies should be checked. In this article, we argue that unlike the notions of consistency studied in other areas of distributed computing, the level of consistency required during policy evaluation is predicated solely upon the security requirements of the policy evaluator. As such, there is little incentive for entities to participate in complicated consistency preservation schemes like those used in distributed computing, distributed databases, and distributed shared memory. We go on to show that the most intuitive notion of consistency fails to provide basic safety guarantees under certain circumstances and then propose several more refined notions of consistency that provide stronger safety guarantees. We provide algorithms that allow each of these refined notions of consistency to be attained in practice with minimal overheads and formally prove several security and privacy properties of these algorithms. Lastly, we explore the notion of strategic design trade-offs in the consistency enforcement algorithm space and propose several modifications to the core algorithms presented in this article. These modifications enhance the privacy-preservation or completeness properties of these algorithms without altering the consistency constraints that they enforce.<\/jats:p>","DOI":"10.1145\/1455518.1455520","type":"journal-article","created":{"date-parts":[[2008,12,17]],"date-time":"2008-12-17T13:25:20Z","timestamp":1229520320000},"page":"1-33","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":14,"title":["Enforcing Safety and Consistency Constraints in Policy-Based Authorization Systems"],"prefix":"10.1145","volume":"12","author":[{"given":"Adam J.","family":"Lee","sequence":"first","affiliation":[{"name":"University of Pittsburgh"}]},{"given":"Marianne","family":"Winslett","sequence":"additional","affiliation":[{"name":"University of Illinois at Urbana-Champaign"}]}],"member":"320","published-online":{"date-parts":[[2008,12]]},"reference":[{"key":"e_1_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1109\/2.546611"},{"key":"e_1_2_1_2_1","unstructured":"Babao\u011flu O. and Marzullo K. 1993. Consistent global states of distributed systems: Fundamental concepts and mechanisms. In Distributed Systems S. J. Mullender ed. Addison-Wesley 55--96. Also available as University of Bologna Tech. rep. UBLCS-93-1 at http:\/\/www.cs.unibo.it\/pub\/TR\/UBLCS\/1993\/93-01.ps.gz.  Babao\u011flu O. and Marzullo K. 1993. Consistent global states of distributed systems: Fundamental concepts and mechanisms. In Distributed Systems S. J. Mullender ed. Addison-Wesley 55--96. Also available as University of Bologna Tech. rep. UBLCS-93-1 at http:\/\/www.cs.unibo.it\/pub\/TR\/UBLCS\/1993\/93-01.ps.gz."},{"key":"e_1_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2005.9"},{"volume-title":"Proceedings of the 5th IEEE International Workshop on Policies for Distributed Systems and Networks (NDSS\u201904)","author":"Becker M. Y.","key":"e_1_2_1_4_1","unstructured":"Becker , M. Y. and Sewell , P . 2004. Cassandra: Distributed access control policies with tunable expressiveness . In Proceedings of the 5th IEEE International Workshop on Policies for Distributed Systems and Networks (NDSS\u201904) . 159--168. Becker, M. Y. and Sewell, P. 2004. Cassandra: Distributed access control policies with tunable expressiveness. In Proceedings of the 5th IEEE International Workshop on Policies for Distributed Systems and Networks (NDSS\u201904). 159--168."},{"key":"e_1_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1109\/TKDE.2004.1318565"},{"key":"e_1_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/352600.352620"},{"key":"e_1_2_1_7_1","unstructured":"Cellary W. Gelenbe E. and Morzy T. 1988. Concurrency Control in Distributed Database Systems. Elsevier Science Publishing.   Cellary W. Gelenbe E. and Morzy T. 1988. Concurrency Control in Distributed Database Systems . Elsevier Science Publishing."},{"key":"e_1_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/214451.214456"},{"key":"e_1_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/168619.168623"},{"key":"e_1_2_1_10_1","doi-asserted-by":"crossref","unstructured":"Housely R. Ford W. Polk W. and Solo D. 1999. Internet X.509 Public Key Infrastructure Certificate and CRL Profile. IETF Request for Comments RFC-2459.  Housely R. Ford W. Polk W. and Solo D. 1999. Internet X.509 Public Key Infrastructure Certificate and CRL Profile. IETF Request for Comments RFC-2459.","DOI":"10.17487\/rfc2459"},{"key":"e_1_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/1102120.1102128"},{"volume-title":"Proceedings of the 3rd International Conference on Trust Management (iTrust\u201905)","author":"Koshutanski H.","key":"e_1_2_1_12_1","unstructured":"Koshutanski , H. and Massacci , F . 2005. Interactive credential negotiation for stateful business processes . In Proceedings of the 3rd International Conference on Trust Management (iTrust\u201905) . 257--273. Koshutanski, H. and Massacci, F. 2005. Interactive credential negotiation for stateful business processes. In Proceedings of the 3rd International Conference on Trust Management (iTrust\u201905). 257--273."},{"key":"e_1_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.1977.229904"},{"key":"e_1_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/359545.359563"},{"key":"e_1_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/1266840.1266856"},{"key":"e_1_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/1180405.1180422"},{"key":"e_1_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/1102120.1102129"},{"volume-title":"Proceedings of the 3rd DARPA Information Survivability Conference and Exposition (DISCEX\u201903)","author":"Li N.","key":"e_1_2_1_18_1","unstructured":"Li , N. and Mitchell , J . 2003. RT: A role-based trust-management framework . In Proceedings of the 3rd DARPA Information Survivability Conference and Exposition (DISCEX\u201903) . 201--213. Li, N. and Mitchell, J. 2003. RT: A role-based trust-management framework. In Proceedings of the 3rd DARPA Information Survivability Conference and Exposition (DISCEX\u201903). 201--213."},{"key":"e_1_2_1_20_1","doi-asserted-by":"crossref","unstructured":"Mills D. L. 1992. Network Time Protocol (Version 3) Specification Implementation and Analysis. IETF Request for Comments RFC-1305.   Mills D. L. 1992. Network Time Protocol (Version 3) Specification Implementation and Analysis. IETF Request for Comments RFC-1305.","DOI":"10.17487\/rfc1305"},{"key":"e_1_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.pmcj.2005.01.004"},{"volume-title":"Proceedings of the 4th International Conference on Pervasive Computing (PERVASIVE\u201906)","author":"Minami K.","key":"e_1_2_1_22_1","unstructured":"Minami , K. and Kotz , D . 2006. Scalability in a secure distributed proof system . In Proceedings of the 4th International Conference on Pervasive Computing (PERVASIVE\u201906) . 220--237. Minami, K. and Kotz, D. 2006. Scalability in a secure distributed proof system. In Proceedings of the 4th International Conference on Pervasive Computing (PERVASIVE\u201906). 220--237."},{"key":"e_1_2_1_23_1","doi-asserted-by":"crossref","unstructured":"Myers M. Ankney R. Malpani A. Glaperin S. and Adams C. 1999. X.509 Internet public key infrastructure online certificate status protocol - OCSP. IETF RFC 2560.   Myers M. Ankney R. Malpani A. Glaperin S. and Adams C. 1999. X.509 Internet public key infrastructure online certificate status protocol - OCSP. IETF RFC 2560.","DOI":"10.17487\/rfc2560"},{"volume-title":"Distributed systems: Principles and Paradigms","author":"Tanenbaum A. S.","key":"e_1_2_1_24_1","unstructured":"Tanenbaum , A. S. and van Steen , M. 2002. Distributed systems: Principles and Paradigms . Prentice Hall , Upper Saddle River, NJ. Tanenbaum, A. S. and van Steen, M. 2002. Distributed systems: Principles and Paradigms. Prentice Hall, Upper Saddle River, NJ."},{"volume-title":"Proceedings of the 3rd IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY\u201902)","author":"Winsborough W. H.","key":"e_1_2_1_25_1","unstructured":"Winsborough , W. H. and Li , N . 2002. Towards practical automated trust negotiation . In Proceedings of the 3rd IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY\u201902) . 92--103. Winsborough, W. H. and Li, N. 2002. Towards practical automated trust negotiation. In Proceedings of the 3rd IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY\u201902). 92--103."},{"key":"e_1_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/1178618.1178623"},{"key":"e_1_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1109\/MIC.2002.1067734"},{"key":"e_1_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/1102120.1102144"},{"key":"e_1_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/605434.605435"},{"key":"e_1_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/571637.571638"}],"container-title":["ACM Transactions on Information and System Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1455518.1455520","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/1455518.1455520","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T22:54:18Z","timestamp":1750287258000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1455518.1455520"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2008,12]]},"references-count":29,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2008,12]]}},"alternative-id":["10.1145\/1455518.1455520"],"URL":"https:\/\/doi.org\/10.1145\/1455518.1455520","relation":{},"ISSN":["1094-9224","1557-7406"],"issn-type":[{"type":"print","value":"1094-9224"},{"type":"electronic","value":"1557-7406"}],"subject":[],"published":{"date-parts":[[2008,12]]},"assertion":[{"value":"2007-01-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2007-08-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2008-12-01","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}