Tech Report CS-05-01

Generalized and Practical Role-Based Cascaded Delegation

Danfeng Yao, Roberto Tamassia, Seth Proctor

March 2005


In decentralized trust management systems, the assurance of a valid delegation chain is crucial in protecting the integrity, confidentiality, and authenticit of shared resources. A decentralized delegation protocol needs to provide sufficient expressiveness for delegation credentials, so that delegators are able to restrict the delegation scope and issue fine-grained delegation credentials A practical trust management system also needs to be efficient and scalable to keep low communication and computation costs. Because in distributed and pervasive computing environment devices may have small storage units and limited bandwidth, lengthy delegation credentials are inefficient to store or transmit.

We make several practical extensions to the role-based cascaded delegation (RBCD) model. To improve delegation efficiency under dynamic and emergent situations, we provide an operation that allows a delegator to merge multiple delegationchains into a new role, which is then delegated. This operation can greatly reduces the number of delegation credentials needed to be generated. We also present a combined approach that integrates the RBCD model with a credential chain discovery algorithm. The advantages of this model are the efficiency provided by RBCD and the delegation flexibility provided by credential chain discovery. Finally, we describe our implementation of an RBCD prototype using Java and C++, and analyze the experimental results.

(complete text in pdf or gzipped postscript)