Declarative Reconfigurable Trust Management.

In recent years, there has been a proliferation of declara- tive logic-based trust management languages and systems proposed to ease the description, configuration, and enforce- ment of security policies. These systems have dierent trade- os in expressiveness and complexity, depending on the se- curity constructs (e.g. authentication, delegation, secrecy, etc.) that are supported, and the assumed trust level and scale of the execution environment. In this paper, we present LBTrust, a unified declarative system for reconfigurable trust management, where various security constructs can be cus- tomized and composed in a declarative fashion. We present an initial proof-of-concept implementation of LBTrust using LogicBlox, an emerging commercial Datalog-based platform for enterprise software systems. The LogicBlox language enhances Datalog in a variety of ways, including constraints and meta-programming, as well as support for programmer- defined constraints on the meta-model itself - meta-constraints - which act to restrict the set of allowable programs. LB- Trust utilizes LogicBlox's meta-programming and meta-constraints to enable customizable cryptographic, par- titioning and distribution strategies based on the execution environment. We present use cases of LBTrust based on three trust management systems (Binder, D1LP, and Secure Network Datalog), and provide a preliminary evaluation of a Binder-based trust management system.