Together with John Mitchell and Will Winsborough, we developed the RT family of Role-based Trust-management languages. RT combines the strengths of role-based access control and previous trust-management systems such as Delegation Logic and SDSI (Rivest and Lampson).
Design of A Role-based Trust-management Framework. Ninghui Li, John C. Mitchell, and William H. Winsborough. In Proceedings of 2002 IEEE Symposium on Security and Privacy, Berkeley, California, May 2002. IEEE Computer Society Press, Los Alamitos, California, pp. 114-130.
RTML: A Role-based Trust-management Markup Language. Ninghui Li, John C. Mitchell, Yu Qiu, William H. Winsborough, Kent E. Seamons, Michael Halcrow, and Jared Jacobson. Unpublished manuscript.
Distributed Credential Chain Discovery in Trust Management. Ninghui Li, William H. Winsborough, and John C. Mitchell. Journal of Computer Security. In press.
Distributed Credential Chain Discovery in Trust Management (Extended Abstract). Ninghui Li, William H. Winsborough, and John C. Mitchell. In Proceedings of the 8th ACM Conference on Computer and Communications Security (CCS-8), Philadelphia, Pennsylvania, November 2001. ACM Press, New York, New York, pp. 156-165.
Trust-management (TM) languages need a declarative and formal foundation. Although Datalog was used in several TM languages and has been the best logical foundation for TM languages to date, Datalog does not meet the practical need for policies about common structured resources, such as file hierarchies. By using ideas from the field of constraint databases, we showed that Datalog extended with constraints is a promising and expressive alternative that eliminates some deficiencies of Datalog without sacrificing any of the attractive features that make Datalog appealing for trust management. This is joint work with John Mitchell.
Datalog with Constraints: A foundation for trust-management languages. Ninghui Li and John C. Mitchell. To appear in Proceedings of the Fifth International Symposium on Practical Aspects of Declarative Languages (PADL'03), New Orleans, Louisiana, January 2003.
Trust management has delegation as its key power. Because one organization may delegate partial control to another organization, it is natural to ask what permissions may be granted as the result of policy changes by other organizations. Together with John Mitchell and Will Winsborough, we studied security properties such as safety and availability in the RT framework using a trust-management model. We showed that many properties can be determined efficiently using logic programs, and proved that the most complicated cases are decidable but intractable. These results are somewhat surprising. In Harrison, Ruzzo, and Ullman 1976, it was shown that a basic form of safety analysis in the context of the well-known access matrix model is undecidable. Our trust-management model is more powerful in certain ways than the HRU access matrix model, and the security properties we considered are more than simple safety. In our paper, we explained the differences between the HRU model and our TM model.
Beyond Proof-of-compliance: Safety and Availability Analysis in Trust Management. Ninghui Li, William H. Winsborough, and John C. Mitchell. To appear in IEEE Symposium and Security and Privacy. May, 2003.
A Logic-Based Knowledge Representation for Authorization with Delegation (Extended Abstract). Ninghui Li, Joan Feigenbaum, and Benjamin N. Grosof. In Proceedings of the 12th IEEE Computer Security Foundations Workshop (CSFW-12), Mordano, Italy, June 1999. IEEE Computer Society Press, Los Alamitos, pp. 162-174. Full paper available as IBM Research Report RC21492.