More Web Proxy on the site http://driver.im/

short-paper

Receipt-mode trust negotiation: efficient authorization through outsourced interactions

Authors:

Andrew K. Adams,

Daniel MosséAuthors Info & Claims

ASIACCS '11: Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security

Pages 430 - 434

https://doi.org/10.1145/1966913.1966973

Published: 22 March 2011 Publication History

Abstract

In trust negotiation approaches to authorization, previously unacquainted entities establish trust in one another gradually via the bilateral and iterative exchange of policies and digital credentials. Although this affords resource providers with an expressive means of access control for open systems, the trust negotiation process incurs non-trivial computational and communications costs. In this paper, we propose Receipt-Mode Trust Negotiation (RMTN) as a means of mitigating the performance penalties on servers that use trust negotiation. RMTN provides a means of off-loading the majority of the trust negotiation process to delegated receipt-generating helper servers. RMTN ensures that helpers produce correct trust negotiation protocol receipts, and that the helpers are incapable of impersonating the resource server outside of the RMTN protocol. We describe an initial implementation of our RMTN protocol on a Linux testbed, discuss the security of this protocol, and present experimental results indicating that the receipt-mode protocol does indeed enhance the performance of resource servers that rely on trust negotiation approaches to authorization.

References

[1]

Information technology - open systems interconnection - the directory: Public-key and attribute certificate frameworks, March 2000.

[2]

Link aggregation (ieee 802.1ax), 2008. http://ieeexplore.ieee.org/xpl/freeabs_all.jsp?arnumber=4668665,.

[3]

Y. Amir, R. Caudy, A. Munjal, T. Schlossnagle, and C. Tutu. N-way fail-over infrastructure for reliable servers and routers. In DSN, pages 403--, 2003.

[4]

T. Aura, P. Nikander, and J. Leiwo. Dos-resistant authentication with client puzzles. Cambridge Security Protocols Workshop 2000, Apr. 2000.

Digital Library

[5]

M. Y. Becker and P. Sewell. Cassandra: Distributed access control policies with tunable expressiveness. In 5th IEEE International Workshop on Policies for Distributed Systems and Networks, 2004.

Digital Library

[6]

E. Bertino, E. Ferrari, and A. C. Squicciarini. X -TNL: An XML-based language for trust negotiations. In Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY '03), 2003.

Digital Library

[7]

E. Bertino, E. Ferrari, and A. C. Squicciarini. Trust-x: A peer-to-peer framework for trust establishment. IEEE Transactions on Knowledge and Data Engineering, 16(7):827--842, 2004.

Digital Library

[8]

P. Bonatti and P. Samarati. Regulating service access and information release on the web. In 7th ACM Conference on Computer and Communications Security, pages 134--143, 2000.

Digital Library

[9]

T. Dierks and E. Rescorla. The Transport Layer Security (TLS) Protocol Version 1.2, Aug. 2008.

[10]

C. C. Fan. The raincore distributed session service for networking elements.

[11]

A. Juels and J. Brainard. Client puzzles: A cryptographic countermeasure against connection depletion attacks. Proceedings of NDSS '99 (Networks and Distributed Security Systems), pages 151--165, 1999.

[12]

A. J. Lee and M. Winslett. Towards and efficient and language-agnostic compliance checker for trust negotiation systems. In 3rd ACM Symposium on Information, Computer, and Communication Security (ASIACCS '08), Mar. 2008.

Digital Library

[13]

A. J. Lee, M. Winslett, and K. J. Perano. Trustbuilder2: A reconfigurable framework for trust negotiation. In Third IFIP WG 11.11 International Conference on Trust Management (IFIPTM 2009), June 2009.

[14]

N. Li and J. Mitchell. RT: A role-based trust-management framework. In Third DARPA Information Survivability Conference and Exposition, Apr. 2003.

Digital Library

[15]

W. Nejdl, D. Olmedilla, and M. Winslett. Peertrust: Automated trust negotiation for peers on the semantic web. In LDB Workshop on Secure Data Management (SDM), volume 3178 of Lecture Notes in Computer Science, pages 118--132, 2004.

[16]

T. Ryutov, L. Zhou, C. Neuman, T. Leithead, and K. E. Seamons. Adaptive trust negotiation and access control. In 10th ACM Symposium on Access Control Models and Technologies, June 2005.

Digital Library

[17]

A. Squicciarini, E. Bertino, E. Ferrari, F. Paci, and B. Thuraisingham. Pp-trust-x: A system for privacy preserving trust negotiations, 2007.

[18]

S. Tuecke, V. Welch, D. Engert, L. Pearlman, and M. Thompson. Internet X.509 Public Key Infrastructure (PKI) Proxy Certificate Profile. RFC 3820 (Proposed Standard), June 2004.

[19]

B. Waters, A. Juels, J. A. Halderman, and E. W. Felten. New client puzzle outsourcing techniques for DoS resistance. In Proceedings of the 11th ACM Conference on Computer and Communications Security, pages 246--256, Oct. 2004.

Digital Library

[20]

W. H. Winsborough and N. Li. Automated trust negotiation. In In DARPA Information Survivability Conference and Exposition, volume I, pages 88--102. IEEE Press, 2000.

[21]

M. Winslett, T. Yu, K. E. Seamons, A. Hess, J. Jacobson, R. Jarvis, B. Smith, and L. Yu. Negotiating trust on the web. IEEE Internet Computing, 6(6):30--37, Nov./Dec. 2002.

Digital Library

[22]

M. Winslett, C. Zhang, and P. A. Bonatti. PeerAccess: A logic for distributed authorization. In Proceedings of the 12th ACM Conference on Computer and Communications Security (CCS 2005), Nov. 2005.

Digital Library

[23]

T. Yu, M. Winslett, and K. E. Seamons. Supporting structured credentials and sensitive policies through interoperable strategies in automated trust negotiation. ACM Transaction on Information and System Security (TISSEC), pages 1--42, February 2003.

Digital Library

Cited By

Premarathne UKhalil ITari ZZomaya A(2017)Cloud-Based Utility Service Framework for Trust Negotiations Using Federated Identity ManagementIEEE Transactions on Cloud Computing10.1109/TCC.2015.24048165:2(290-302)Online publication date: 1-Apr-2017
https://doi.org/10.1109/TCC.2015.2404816
Tang BSandhu RLi Q(2015)Multi-tenancy authorization models for collaborative cloud servicesConcurrency and Computation: Practice & Experience10.1002/cpe.344627:11(2851-2868)Online publication date: 10-Aug-2015
https://dl.acm.org/doi/10.1002/cpe.3446
Tang BSandhu RLi Q(2013)Multi-tenancy authorization models for collaborative cloud services2013 International Conference on Collaboration Technologies and Systems (CTS)10.1109/CTS.2013.6567218(132-138)Online publication date: May-2013
https://doi.org/10.1109/CTS.2013.6567218

Index Terms

Receipt-mode trust negotiation: efficient authorization through outsourced interactions

Recommendations

Protecting sensitive attributes in automated trust negotiation
WPES '02: Proceedings of the 2002 ACM workshop on Privacy in the Electronic Society

Exchange of attribute credentials is a means to establish mutual trust between strangers that wish to share resources or conduct business transactions. Automated Trust Negotiation (ATN) is an approach to regulate the flow of sensitive attributes during ...
A Security Log Based Trust Negotiation Model
CINC '09: Proceedings of the 2009 International Conference on Computational Intelligence and Natural Computing - Volume 02

Trust Negotiation (TN) is an approach to establish trust relationship between strangers by disclosing iteratively credentials and access control policies. In open and distributed environment TN brings convenience in resource share, while it still has ...
Policy migration for sensitive credentials in trust negotiation
WPES '03: Proceedings of the 2003 ACM workshop on Privacy in the electronic society

Trust negotiation is an approach to establishing trust between strangers through the bilateral, iterative disclosure of digital credentials. Under automated trust negotiation, access control policies are associated with sensitive credentials to control ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

ASIACCS '11: Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security

March 2011

527 pages

ISBN:9781450305648

DOI:10.1145/1966913

General Chairs:
Bruce Cheung
The University of Hong Kong, China
,
Lucas Chi Kwong Hui
The University of Hong Kong, China
,
Program Chairs:
Ravi Sandhu
University of Texas, San Antonio
,
Duncan S. Wong
City University of Hong Kong, China

Copyright © 2011 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 22 March 2011

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Short-paper

Funding Sources

Conference

ASIA CCS '11

Sponsor:

SIGSAC

ASIA CCS '11: 6th ACM Symposium on Information, Compuer and Communications Security

March 22 - 24, 2011

Hong Kong, China

Acceptance Rates

ASIACCS '11 Paper Acceptance Rate 35 of 217 submissions, 16%;

Overall Acceptance Rate 418 of 2,322 submissions, 18%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
139
Total Downloads

Downloads (Last 12 months)2
Downloads (Last 6 weeks)1

Reflects downloads up to 16 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Premarathne UKhalil ITari ZZomaya A(2017)Cloud-Based Utility Service Framework for Trust Negotiations Using Federated Identity ManagementIEEE Transactions on Cloud Computing10.1109/TCC.2015.24048165:2(290-302)Online publication date: 1-Apr-2017
https://doi.org/10.1109/TCC.2015.2404816
Tang BSandhu RLi Q(2015)Multi-tenancy authorization models for collaborative cloud servicesConcurrency and Computation: Practice & Experience10.1002/cpe.344627:11(2851-2868)Online publication date: 10-Aug-2015
https://dl.acm.org/doi/10.1002/cpe.3446
Tang BSandhu RLi Q(2013)Multi-tenancy authorization models for collaborative cloud services2013 International Conference on Collaboration Technologies and Systems (CTS)10.1109/CTS.2013.6567218(132-138)Online publication date: May-2013
https://doi.org/10.1109/CTS.2013.6567218

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents