Enforcing usage constraints on credentials for web applications

Hu, Jinwei; Mantel, Heiko; Ruhleder, Sebastian

Enforcing usage constraints on credentials for web applications

Publikationstyp

Conference Paper

Date Issued

2015-05

Sprache

English

Author(s)

Hu, Jinwei

Mantel, Heiko

Ruhleder, Sebastian

TORE-URI

http://hdl.handle.net/11420/13849

First published in

IFIP advances in information and communication technology

Number in series

455

Start Page

112

End Page

125

Citation

IFIP Advances in Information and Communication Technology 455: 112-125 (2015)

Contribution to Conference

30th IFIP TC 11 International Information Security and Privacy Conference, SEC 2015

Publisher DOI

10.1007/978-3-319-18467-8_8

Scopus ID

2-s2.0-84942588705

Publisher

Springer International Publishing AG

For using credential-based access control effectively, recent work identified the need to enforce usage constraints also on credentials. The enforcement of such constraints has not yet been investigated for web applications, although it is relevant when credential-based access control is employed in a web application. This article proposes an approach suitable for enforcing usage constraints on credentials in web applications. More concretely, we present a novel algorithm and an implementation of this algorithm that construct constraint-compliant proofs for credentialbased access control policies. We proved that our solution is correct and showed that it is also efficient through extensive experiments.

DDC Class

004: Informatik

Options

Enforcing usage constraints on credentials for web applications