Skip to main content

Anna Felkner

Followers

2

Following

1

Co-author

1

Public Views

Matthew Hennessy

Andrea De Salve

Francesco Santini

Consiglio Nazionale delle Ricerche (CNR)

Vietnam National University, Hanoi

Stefano Bistarelli

University of Perugia

Eindhoven University of Technology

Chithra Selvaraj

Konstantin Beznosov

University of British Columbia

Interests

Uploads

Papers by Anna Felkner

Deriving RT T Credentials for Role-Based Trust Management

… Software Engineering Journal Selected full …, 2010

Role-based trust management languages define a formalism, which uses credentials to handle trust ... more Role-based trust management languages define a formalism, which uses credentials to handle trust in decentralized, distributed access control systems. A credential provides information about the privileges of users and the security policies issued by one or more trusted authorities. The main topic of this paper is RT T , a language which supports manifold roles and role-product operators to express threshold and separation of duties policies. The core part of the paper defines a relational, set-theoretic semantics for the language, and introduces a deductive system, in which credentials can be derived from an initial set of credentials using a set of inference rules. The soundness and the completeness of the deductive system with respect to the semantics of RT T is proved.

Czasowa ważność poświadczeń języka RT T

Studia Informatica, 2011

Język RTT należy do języków zarządzania zaufaniem z rodziny języków role-based trust management, ... more Język RTT należy do języków zarządzania zaufaniem z rodziny języków role-based trust management, który jest używany do reprezentowania polityk bezpieczeństwa oraz poświadczeń w rozproszonym upoważnianiu. Łączy on zalety kontroli dostępu, opartej na roli i systemów zarządzania zaufaniem. W artykule zaproponowano wprowadzenie ograniczeń czasowych ważności poświadczeń w języku RTT.

Praktyczne Zastosowanie Języków Zarządzania Zaufaniem

PRZEGLĄD TELEKOMUNIKACYJNY - WIADOMOŚCI TELEKOMUNIKACYJNE, 2015

Rozproszona kontrola dost�epu w praktyce

PRZEGLĄD ELEKTROTECHNICZNY, 2016

RTT+ – Time Validity Constraints in RT RTT Language, Journal of Telecommunications and Information Technology, 2012, nr 2

Most of the traditional access control models, like mandatory, discretionary and role based acces... more Most of the traditional access control models, like mandatory, discretionary and role based access control make authorization decisions based on the identity, or the role of the requester, who must be known to the resource owner. Thus, they may be suitable for centralized systems but not for decentralized environments, where the requester and service provider or resource owner are often unknown to each other. To overcome the shortcomings of traditional access control models, trust management models have been presented. The topic of this paper is three different semantics (set-theoretic, operational, and logic- programming) of RTT , language from the family of role-based trust management languages (RT). RT is used for representing security policies and credentials in decentralized, distributed access control systems. A credential provides information about the privileges of users and the security policies issued by one or more trusted authorities. The set-theoretic semantics maps rol...

Methods to Recognition

Bioinformatics is a large group of methods used in biology, mostly for analysis of gene sequences... more Bioinformatics is a large group of methods used in biology, mostly for analysis of gene sequences. The algorithms developed for this task have recently found a new application in network threat detection. This paper is an introduction to this area of research, presenting a survey of bioinformatics methods applied to this task, outlining the individual tasks and methods used to solve them. It is argued that the early conclusion that such methods are ineffective against polymorphic attacks is in fact too pessimistic.

Automatic Actionable Information Processing and Trust Management towards Safer Internet of Things

Sensors, 2021

The security of the Internet of Things (IoT) is a very important aspect of everyday life for peop... more The security of the Internet of Things (IoT) is a very important aspect of everyday life for people and industries, as well as hospitals, military, households and cities. Unfortunately, this topic is still too little researched and developed, which results in exposing users of Internet of Things to possible threats. One of the areas which should be addressed is the creation of a database of information about vulnerabilities and exploits in the Internet of Things; therefore, the goal of our activities under the VARIoT (Vulnerability and Attack Repository for IoT) project is to develop such a database and make it publicly available. The article presents the results of our research aimed at building this database, i.e., how the information about vulnerabilities is obtained, standardized, aggregated and correlated as well as the way of enhancing and selecting IoT related data. We have obtained and proved that existing databases provide various scopes of information and because of that a...

Time validity of credentials in RTT+ language

The topic of this paper is RTT, a language from the family of RT languages, which is used for rep... more The topic of this paper is RTT, a language from the family of RT languages, which is used for representing security policies and credentials in distributed access control systems. The goal of this paper is introduction of time validity constraints to show how that can make RTT language more realistic.

Przegląd i analiza źródeł informacji o poprawkach bezpieczeństwa

RTT+ - Time Validity Constraints in RTT Language

Journal of telecommunications and information technology, 2012

Most of the traditional access control models, like mandatory, discretionary and role based acces... more Most of the traditional access control models, like mandatory, discretionary and role based access control make authorization decisions based on the identity, or the role of the requester, who must be known to the resource owner. Thus, they may be suitable for centralized systems but not for decentralized environments, where the requester and service provider or resource owner are often unknown to each other. To overcome the shortcomings of traditional access control models, trust management models have been presented. The topic of this paper is three different semantics (set-theoretic, operational, and logic-programming) of RT RT RT T T T , language from the family of role-based trust management languages (RT). RT is used for representing security policies and credentials in decentralized, distributed access control systems. A credential provides information about the privileges of users and the security policies issued by one or more trusted authorities. The set-theoretic semantics maps roles to a set of sets of entity names. Members of such a set must cooperate in order to satisfy the role. In the case of logic-programming semantics, the credentials are translated into a logic program. In the operational semantics the credentials can be established using a simple set of inference rules. It turns out to be fundamental mainly in large-scale distributed systems, where users have only partial view of their execution context. The core part of this paper is the introduction of time validity constraints to show how that can make RT RT RT T T T language more realistic. The new language, named RT RT RT T T T + + + takes time validity constraints into account. The semantics for RT RT RT T T T + + + language will also be shown. Inference system will be introduced not just for specific moment but also for time intervals. It will evaluate maximal time validity, when it is possible to derive the credential from the set of available credentials. The soundness and completeness of the inference systems with the time validity constraints with respect to the set-theoretic semantics of RT RT RT T T T + + + will be proven.

Industry and Standardization Aspects

Bezpieczna stacja robocza do przetwarzania danych o różnych klauzulach niejawności

Journal of Konbin, 2011

SpiderTrap—An Innovative Approach to Analyze Activity of Internet Bots on a Website

IEEE Access, 2020

The main idea behind creating SpiderTrap was to build a website that can track how Internet bots ... more The main idea behind creating SpiderTrap was to build a website that can track how Internet bots crawl it. To track bots, honeypot dynamically generates different types of the hyperlinks on the web pages leading from one article to another and logs information passed by web clients in HTTP requests when visiting these links. By analyzing the sequences of visited links and passed HTTP requests it is possible to: detect bots, reveal bots' crawling or scanning algorithms, and other characteristic features of the traffic they generate. In our research we focused on identifying and describing whole bots' operations rather than just classifying single HTTP requests. This novel approach has given us insight into what different types of Internet bots are looking for and how they work. This information can be used to optimize the websites for search engines' bots for a better place on a search's results page or prepare a set of rules for tools that filter traffic to the web pages to minimize the impact of bad and unwanted bots on the websites' availability and security. We present the results of the five months of SpiderTrap's activity when honeypot was accessible by two domains (.pl and.eu), as well as by an IP address. The results show examples of activity of well-known Internet bots, such as Googlebot or Bingbot, unknown crawlers, and scanners trying to exploit vulnerabilities in the most popular web frameworks or looking for active webshells (i.e. access points to control a web server left by other attackers).

Towards a Safer Internet of Things—A Survey of IoT Vulnerability Data Sources

Sensors, 2020

The security of the Internet of Things (IoT) is an important yet often overlooked subject. Specif... more The security of the Internet of Things (IoT) is an important yet often overlooked subject. Specifically, the publicly available information sources about vulnerabilities affecting the connected devices are unsatisfactory. Our research shows that, while the information is available on the Internet, there is no single service offering data focused on the IoT in existence. The national vulnerability databases contain some IoT related entries, but they lack mechanisms to distinguish them from the remaining vulnerabilities. Moreover, information about many vulnerabilities affecting the IoT world never reaches these databases but can still be found scattered over the Internet. This review summarizes our effort at identifying and evaluating publicly available sources of information about vulnerabilities, focusing on their usefulness in the scope of IoT. The results of our search show that there is not yet a single satisfactory source covering vulnerabilities affecting IoT devices and softw...

Security analysis for authentication and authorisation in mobile phone

PRZEGLĄD ELEKTROTECHNICZNY, 2019

zawiera analizę bezpieczeństwa wykorzystania telefonu komórkowego jako istotnego elementu procesu... more zawiera analizę bezpieczeństwa wykorzystania telefonu komórkowego jako istotnego elementu procesu uwierzytelniania użytkownika w systemach teleinformatycznych (np. systemach SCADA). Analiza bezpieczeństwa obejmuje zarówno same metody uwierzytelniania jak i wykorzystanie telefonów komórkowych oraz sieci komórkowej w procesie uwierzytelniania. W podsumowaniu analizy bezpieczeństwa wskazujemy aplikację do generowania haseł jednorazowych jako rozwiązanie zarówno przyjazne dla użytkownika jak i bezpieczne. (Analiza bezpieczeństwa metod uwierzytelniania i autoryzacji z wykorzystaniem telefonu komórkowego).

A Novel Approach to National-level Cyber Risk Assessment Based on Vulnerability Management and Threat Intelligence

Journal of Telecommunications and Information Technology, 2019

Real-time assessment of IT-related risks, performed at the national level, is very important due ... more Real-time assessment of IT-related risks, performed at the national level, is very important due to the evolving nature of threats that may originate from individual hackers, organized cyber-criminal groups, as well as state activities. Evaluation of risk that is based on technical information, as well as on mutual relationships between various institutions and services, may result in very valuable situational awareness. The paper describes (in general) cyber risk analysis method which will be implemented in Polish National Cybersecurity Platform.

Trust and Risk Assessment Model of Popular Software Based on Known Vulnerabilities

International Journal of Electronics and Telecommunications, 2017

This paper presents a new concept of an approach to risk assessment which can be done on the basi... more This paper presents a new concept of an approach to risk assessment which can be done on the basis of publicly available information about vulnerabilities. The presented approach uses also the notion of trust and implements many concepts used in so called trust and reputation management systems (which are widely used in WSN, MANET or P2P networks, but also in ecommerce platforms). The article shows first outcomes obtained from the presented model. The outcomes demonstrate that the model can be implemented in real system to make software management more quantified and objective process, which can have real and beneficial impact on institutional security. In article, however the emphasis was set not on the model itself (which can be easily changed) but on the possibility of finding useful information about vulnerabilities.

Practical Extensions of Trust Management Credentials

Advances in Intelligent Systems and Computing, 2016

Trust management is a unified approach to access control in open distributed systems, where decis... more Trust management is a unified approach to access control in open distributed systems, where decisions connected with access control are based on policy statements made by many principals. The family of Role-based Trust management languages (RT) is an effective means for representing security policies, credentials and relationship in distributed, decentralized, large scale access control systems. It delivers a set of role assignment credentials and is used in systems where the identities of users are not the most important form of identification. A credential gives information about the privileges of users and the security policies issued by (usually more than one) trusted authorities. The main purpose of this article is to show how some credential extensions can make a trust management system more useful in practice. It shows how security systems can be made more realistic by maintaining the procedure or including timing information.

More Practical Application of Trust Management Credentials

Proceedings of the 2015 Federated Conference on Computer Science and Information Systems, 2015

Trust management is an approach to access control in distributed open systems, where access contr... more Trust management is an approach to access control in distributed open systems, where access control decisions are based on policy statements made by multiple principals. The family of Role-based Trust management languages (RT) is an effective means for representing security policies and credentials in decentralized, distributed, large scale access control systems. It provides a set of role assignment credentials. A credential provides information about the privileges of users and the security policies issued by one or more trusted authorities. The main purpose of this paper is to show how extensions can make the RT family languages more useful in practice. It shows how security policies can be made more realistic by including timing information, maintaining the procedure or parameterizing the validity of credentials.

Time Validity in Role-Based Trust Management Inference System

Communications in Computer and Information Science, 2011

The topic of this paper is RT T , a language from the family of Role-based Trust management (RT) ... more The topic of this paper is RT T , a language from the family of Role-based Trust management (RT) languages, which is used for representing security policies and credentials in distributed large scale access control systems. A credential provides information about the privileges of users and the security policies issued by one or more trusted authorities. RT languages combine trust management and Role Based Access Control features. RT T provides manifold roles to express threshold and separation of duties policies. A manifold role defines sets of entities whose cooperation satisfies the manifold role. The goal of this paper is introduction of time validity constraints to show how that can make RT T language more realistic. The core part of the paper describes a sound and complete inference system, in which credentials can be derived from an initial set of credentials using a set of inference rules.

Deriving RT T Credentials for Role-Based Trust Management

… Software Engineering Journal Selected full …, 2010

Role-based trust management languages define a formalism, which uses credentials to handle trust ... more Role-based trust management languages define a formalism, which uses credentials to handle trust in decentralized, distributed access control systems. A credential provides information about the privileges of users and the security policies issued by one or more trusted authorities. The main topic of this paper is RT T , a language which supports manifold roles and role-product operators to express threshold and separation of duties policies. The core part of the paper defines a relational, set-theoretic semantics for the language, and introduces a deductive system, in which credentials can be derived from an initial set of credentials using a set of inference rules. The soundness and the completeness of the deductive system with respect to the semantics of RT T is proved.

Czasowa ważność poświadczeń języka RT T

Studia Informatica, 2011

Język RTT należy do języków zarządzania zaufaniem z rodziny języków role-based trust management, ... more Język RTT należy do języków zarządzania zaufaniem z rodziny języków role-based trust management, który jest używany do reprezentowania polityk bezpieczeństwa oraz poświadczeń w rozproszonym upoważnianiu. Łączy on zalety kontroli dostępu, opartej na roli i systemów zarządzania zaufaniem. W artykule zaproponowano wprowadzenie ograniczeń czasowych ważności poświadczeń w języku RTT.

Praktyczne Zastosowanie Języków Zarządzania Zaufaniem

PRZEGLĄD TELEKOMUNIKACYJNY - WIADOMOŚCI TELEKOMUNIKACYJNE, 2015

Rozproszona kontrola dost�epu w praktyce

PRZEGLĄD ELEKTROTECHNICZNY, 2016

RTT+ – Time Validity Constraints in RT RTT Language, Journal of Telecommunications and Information Technology, 2012, nr 2

Most of the traditional access control models, like mandatory, discretionary and role based acces... more Most of the traditional access control models, like mandatory, discretionary and role based access control make authorization decisions based on the identity, or the role of the requester, who must be known to the resource owner. Thus, they may be suitable for centralized systems but not for decentralized environments, where the requester and service provider or resource owner are often unknown to each other. To overcome the shortcomings of traditional access control models, trust management models have been presented. The topic of this paper is three different semantics (set-theoretic, operational, and logic- programming) of RTT , language from the family of role-based trust management languages (RT). RT is used for representing security policies and credentials in decentralized, distributed access control systems. A credential provides information about the privileges of users and the security policies issued by one or more trusted authorities. The set-theoretic semantics maps rol...

Methods to Recognition

Bioinformatics is a large group of methods used in biology, mostly for analysis of gene sequences... more Bioinformatics is a large group of methods used in biology, mostly for analysis of gene sequences. The algorithms developed for this task have recently found a new application in network threat detection. This paper is an introduction to this area of research, presenting a survey of bioinformatics methods applied to this task, outlining the individual tasks and methods used to solve them. It is argued that the early conclusion that such methods are ineffective against polymorphic attacks is in fact too pessimistic.

Automatic Actionable Information Processing and Trust Management towards Safer Internet of Things

Sensors, 2021

The security of the Internet of Things (IoT) is a very important aspect of everyday life for peop... more The security of the Internet of Things (IoT) is a very important aspect of everyday life for people and industries, as well as hospitals, military, households and cities. Unfortunately, this topic is still too little researched and developed, which results in exposing users of Internet of Things to possible threats. One of the areas which should be addressed is the creation of a database of information about vulnerabilities and exploits in the Internet of Things; therefore, the goal of our activities under the VARIoT (Vulnerability and Attack Repository for IoT) project is to develop such a database and make it publicly available. The article presents the results of our research aimed at building this database, i.e., how the information about vulnerabilities is obtained, standardized, aggregated and correlated as well as the way of enhancing and selecting IoT related data. We have obtained and proved that existing databases provide various scopes of information and because of that a...

Time validity of credentials in RTT+ language

The topic of this paper is RTT, a language from the family of RT languages, which is used for rep... more The topic of this paper is RTT, a language from the family of RT languages, which is used for representing security policies and credentials in distributed access control systems. The goal of this paper is introduction of time validity constraints to show how that can make RTT language more realistic.

Przegląd i analiza źródeł informacji o poprawkach bezpieczeństwa

RTT+ - Time Validity Constraints in RTT Language

Journal of telecommunications and information technology, 2012

Most of the traditional access control models, like mandatory, discretionary and role based acces... more Most of the traditional access control models, like mandatory, discretionary and role based access control make authorization decisions based on the identity, or the role of the requester, who must be known to the resource owner. Thus, they may be suitable for centralized systems but not for decentralized environments, where the requester and service provider or resource owner are often unknown to each other. To overcome the shortcomings of traditional access control models, trust management models have been presented. The topic of this paper is three different semantics (set-theoretic, operational, and logic-programming) of RT RT RT T T T , language from the family of role-based trust management languages (RT). RT is used for representing security policies and credentials in decentralized, distributed access control systems. A credential provides information about the privileges of users and the security policies issued by one or more trusted authorities. The set-theoretic semantics maps roles to a set of sets of entity names. Members of such a set must cooperate in order to satisfy the role. In the case of logic-programming semantics, the credentials are translated into a logic program. In the operational semantics the credentials can be established using a simple set of inference rules. It turns out to be fundamental mainly in large-scale distributed systems, where users have only partial view of their execution context. The core part of this paper is the introduction of time validity constraints to show how that can make RT RT RT T T T language more realistic. The new language, named RT RT RT T T T + + + takes time validity constraints into account. The semantics for RT RT RT T T T + + + language will also be shown. Inference system will be introduced not just for specific moment but also for time intervals. It will evaluate maximal time validity, when it is possible to derive the credential from the set of available credentials. The soundness and completeness of the inference systems with the time validity constraints with respect to the set-theoretic semantics of RT RT RT T T T + + + will be proven.

Industry and Standardization Aspects

Bezpieczna stacja robocza do przetwarzania danych o różnych klauzulach niejawności

Journal of Konbin, 2011

SpiderTrap—An Innovative Approach to Analyze Activity of Internet Bots on a Website

IEEE Access, 2020

The main idea behind creating SpiderTrap was to build a website that can track how Internet bots ... more The main idea behind creating SpiderTrap was to build a website that can track how Internet bots crawl it. To track bots, honeypot dynamically generates different types of the hyperlinks on the web pages leading from one article to another and logs information passed by web clients in HTTP requests when visiting these links. By analyzing the sequences of visited links and passed HTTP requests it is possible to: detect bots, reveal bots' crawling or scanning algorithms, and other characteristic features of the traffic they generate. In our research we focused on identifying and describing whole bots' operations rather than just classifying single HTTP requests. This novel approach has given us insight into what different types of Internet bots are looking for and how they work. This information can be used to optimize the websites for search engines' bots for a better place on a search's results page or prepare a set of rules for tools that filter traffic to the web pages to minimize the impact of bad and unwanted bots on the websites' availability and security. We present the results of the five months of SpiderTrap's activity when honeypot was accessible by two domains (.pl and.eu), as well as by an IP address. The results show examples of activity of well-known Internet bots, such as Googlebot or Bingbot, unknown crawlers, and scanners trying to exploit vulnerabilities in the most popular web frameworks or looking for active webshells (i.e. access points to control a web server left by other attackers).

Towards a Safer Internet of Things—A Survey of IoT Vulnerability Data Sources

Sensors, 2020

The security of the Internet of Things (IoT) is an important yet often overlooked subject. Specif... more The security of the Internet of Things (IoT) is an important yet often overlooked subject. Specifically, the publicly available information sources about vulnerabilities affecting the connected devices are unsatisfactory. Our research shows that, while the information is available on the Internet, there is no single service offering data focused on the IoT in existence. The national vulnerability databases contain some IoT related entries, but they lack mechanisms to distinguish them from the remaining vulnerabilities. Moreover, information about many vulnerabilities affecting the IoT world never reaches these databases but can still be found scattered over the Internet. This review summarizes our effort at identifying and evaluating publicly available sources of information about vulnerabilities, focusing on their usefulness in the scope of IoT. The results of our search show that there is not yet a single satisfactory source covering vulnerabilities affecting IoT devices and softw...

Security analysis for authentication and authorisation in mobile phone

PRZEGLĄD ELEKTROTECHNICZNY, 2019

zawiera analizę bezpieczeństwa wykorzystania telefonu komórkowego jako istotnego elementu procesu... more zawiera analizę bezpieczeństwa wykorzystania telefonu komórkowego jako istotnego elementu procesu uwierzytelniania użytkownika w systemach teleinformatycznych (np. systemach SCADA). Analiza bezpieczeństwa obejmuje zarówno same metody uwierzytelniania jak i wykorzystanie telefonów komórkowych oraz sieci komórkowej w procesie uwierzytelniania. W podsumowaniu analizy bezpieczeństwa wskazujemy aplikację do generowania haseł jednorazowych jako rozwiązanie zarówno przyjazne dla użytkownika jak i bezpieczne. (Analiza bezpieczeństwa metod uwierzytelniania i autoryzacji z wykorzystaniem telefonu komórkowego).

A Novel Approach to National-level Cyber Risk Assessment Based on Vulnerability Management and Threat Intelligence

Journal of Telecommunications and Information Technology, 2019

Real-time assessment of IT-related risks, performed at the national level, is very important due ... more Real-time assessment of IT-related risks, performed at the national level, is very important due to the evolving nature of threats that may originate from individual hackers, organized cyber-criminal groups, as well as state activities. Evaluation of risk that is based on technical information, as well as on mutual relationships between various institutions and services, may result in very valuable situational awareness. The paper describes (in general) cyber risk analysis method which will be implemented in Polish National Cybersecurity Platform.

Trust and Risk Assessment Model of Popular Software Based on Known Vulnerabilities

International Journal of Electronics and Telecommunications, 2017

This paper presents a new concept of an approach to risk assessment which can be done on the basi... more This paper presents a new concept of an approach to risk assessment which can be done on the basis of publicly available information about vulnerabilities. The presented approach uses also the notion of trust and implements many concepts used in so called trust and reputation management systems (which are widely used in WSN, MANET or P2P networks, but also in ecommerce platforms). The article shows first outcomes obtained from the presented model. The outcomes demonstrate that the model can be implemented in real system to make software management more quantified and objective process, which can have real and beneficial impact on institutional security. In article, however the emphasis was set not on the model itself (which can be easily changed) but on the possibility of finding useful information about vulnerabilities.

Practical Extensions of Trust Management Credentials

Advances in Intelligent Systems and Computing, 2016

Trust management is a unified approach to access control in open distributed systems, where decis... more Trust management is a unified approach to access control in open distributed systems, where decisions connected with access control are based on policy statements made by many principals. The family of Role-based Trust management languages (RT) is an effective means for representing security policies, credentials and relationship in distributed, decentralized, large scale access control systems. It delivers a set of role assignment credentials and is used in systems where the identities of users are not the most important form of identification. A credential gives information about the privileges of users and the security policies issued by (usually more than one) trusted authorities. The main purpose of this article is to show how some credential extensions can make a trust management system more useful in practice. It shows how security systems can be made more realistic by maintaining the procedure or including timing information.

More Practical Application of Trust Management Credentials

Proceedings of the 2015 Federated Conference on Computer Science and Information Systems, 2015

Trust management is an approach to access control in distributed open systems, where access contr... more Trust management is an approach to access control in distributed open systems, where access control decisions are based on policy statements made by multiple principals. The family of Role-based Trust management languages (RT) is an effective means for representing security policies and credentials in decentralized, distributed, large scale access control systems. It provides a set of role assignment credentials. A credential provides information about the privileges of users and the security policies issued by one or more trusted authorities. The main purpose of this paper is to show how extensions can make the RT family languages more useful in practice. It shows how security policies can be made more realistic by including timing information, maintaining the procedure or parameterizing the validity of credentials.

Time Validity in Role-Based Trust Management Inference System

Communications in Computer and Information Science, 2011

The topic of this paper is RT T , a language from the family of Role-based Trust management (RT) ... more The topic of this paper is RT T , a language from the family of Role-based Trust management (RT) languages, which is used for representing security policies and credentials in distributed large scale access control systems. A credential provides information about the privileges of users and the security policies issued by one or more trusted authorities. RT languages combine trust management and Role Based Access Control features. RT T provides manifold roles to express threshold and separation of duties policies. A manifold role defines sets of entities whose cooperation satisfies the manifold role. The goal of this paper is introduction of time validity constraints to show how that can make RT T language more realistic. The core part of the paper describes a sound and complete inference system, in which credentials can be derived from an initial set of credentials using a set of inference rules.