[go: up one dir, main page]
More Web Proxy on the site http://driver.im/ skip to main content
article

Supporting structured credentials and sensitive policies through interoperable strategies for automated trust negotiation

Published: 01 February 2003 Publication History

Abstract

Business and military partners, companies and their customers, and other closely cooperating parties may have a compelling need to conduct sensitive interactions on line, such as accessing each other's local services and other local resources. Automated trust negotiation is an approach to establishing trust between parties so that such interactions can take place, through the use of access control policies that specify what combinations of digital credentials a stranger must disclose to gain access to a local resource. A party can use many different strategies to negotiate trust, offering tradeoffs between the length of the negotiation, the amount of extraneous information disclosed, and the computational effort expended. To preserve parties' autonomy, each party should ideally be able to choose its negotiation strategy independently, while still being guaranteed that negotiations will succeed whenever possible---that the two parties' strategies will interoperate. In this paper we provide the formal underpinnings for that goal, by formalizing the concepts of negotiation protocols, strategies, and interoperation. We show how to model the information flow of a negotiation for use in analyzing strategy interoperation. We also present two large sets of strategies whose members all interoperate with one another, and show that these sets contain many practical strategies. We develop the theory for black-box propositional credentials as well as credentials with internal structure, and for access control policies whose contents are (respectively are not) sensitive. We also discuss how these results fit into TrustBuilder, our prototype system for trust negotiation.

References

[1]
Apt, K. R., Warren, D. S., and Truszczynski, M., Eds. 1999. The Logic Programming Paradigm: A 25-Year Perspective. Springer-Verlag.]]
[2]
Blaze, M., Feigenbaum, J., Ioannidis, J., and Keromytis, A. 1999. The KeyNote Trust Management System Version 2. In Internet Draft RFC 2704.]]
[3]
Blaze, M., Feigenbaum, J., and Keromytis, A. D. 1998. KeyNote: Trust Management for Public-Key Infrastructures. In Security Protocols Workshop. Cambridge, UK.]]
[4]
Bonatti, P. and Samarati, P. 2000. Regulating Service Access and Information Release on the Web. In Conference on Computer and Communications Security. Athens.]]
[5]
Dierks, T. and Allen, C. 1999. The TLS Protocol Version 1.0. IETF.]]
[6]
Farrell, S. 1998. TLS Extension for Attribute Certificate Based Authorization. IETF.]]
[7]
Frier, A., Karlton, P., and Kocher, P. 1996. The SSL 3.0 Protocol. Netscape Communications Corp.]]
[8]
Herzberg, A. and Mass, Y. 2001. Relying Party Credentials Framework. In The Cryptographer's Tract at RSA Conference. San Francisco, CA.]]
[9]
Herzberg, A., Mihaeli, J., Mass, Y., Naor, D., and Ravid, Y. 2000. Access Control Meets Public Key Infrastructure, Or: Assigning Roles to Strangers. In IEEE Symposium on Security and Privacy. Oakland, CA.]]
[10]
Hess, A., Jacobson, J., Mills, H., Wamsley, R., Seamons, K., and Smith, B. 2002. Advanced Client/Server Authetication in TLS. In Network and Distributed System Security Symposium. San Diego, CA.]]
[11]
IETF 2001. Simple Public Key Infrastructure (SPKI) IETF.]]
[12]
IETF 2002. Simple Public Key Infrastructure (X.509) (pkix). IETF.]]
[13]
Islam, N., Anand, R., Jaeger, T., and Rao, J. R. 1997. A Flexible Security System for Using Internet Content. IEEE Software 14, 5 (Sept.).]]
[14]
Johnson, W., Mudumbai, S., and Thompson, M. 1998. Authorization and Attribute Certificates for Widely Distributed Access Control. In IEEE International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises.]]
[15]
Li, N., Grosof, B., and Feigenbaum, J. 2000. A Practically Implementable and Tractable Delegation Logic. In IEEE Symposium on Security and Privacy. Berkeley, California.]]
[16]
Li, N., Winsborough, W., and Mitchell, J. 2001. Distributed Credential Chain Discovery in Trust Management. In Conference on Computer and Communication Security. Philadelphia, PA.]]
[17]
Rescorla, E. 1998. HTTP Over TLS. IETF.]]
[18]
Sagonas, K., Swift, T., and Warren, D. 1994. Xsb as an efficient deductive database engine. In Proceedings of the 1994 ACM SIGMOD International Conference on Management of Data. ACM Press, Minneapolis, MN, 442--453.]]
[19]
Seamons, K., Winslett, M., and Yu, T. 2001. Limiting the Disclosure of Access Control Policies during Automated Trust Negotiation. In Network and Distributed System Security Symposium. San Diego, CA.]]
[20]
W3C 2002. Platform for Privacy Preferences (P3P) Specification W3C.]]
[21]
Winsborough, W., Seamons, K., and Jones, V. 2000. Automated Trust Negotiation. In DARPA Information Survivability Conference and Exposition. Hilton Head Island, SC.]]
[22]
Yu, T., Ma, X., and Winslett, M. 2000. PRUNES: An Efficient and Complete Strategy for Automated Trust Negotiation over the Internet. In Conference on Computer and Communication Security. Athens, Greece.]]
[23]
Yu, T., Winslett, M., and Seamons, K. 2001. Interoperable Strategies in Automated Trust Negotiation. In Conference on Computer and Communication Security. Philadelphia, PA.]]
[24]
Zimmerman, P. 1994. PGP User's Guide. MIT Press.]]

Cited By

View all

Index Terms

  1. Supporting structured credentials and sensitive policies through interoperable strategies for automated trust negotiation

        Recommendations

        Reviews

        Caroline Merriam Eastman

        Most interactions on the Internet require at least a minimal level of trust. If you buy something, you want to receive it. If you sell something, you want to get paid for it. If you give out information, you want the release of that information to be authorized. If you get information, you want it to be correct. This paper describes an approach to handling this trust problem that uses the exchange of digital certificates as part of a process of automated trust negotiation. Negotiation is needed to make sure that digital credentials, like conventional paper credentials, are revealed only when necessary and appropriate. The research described here is part of the TrustBuilder research project, which involves both theoretical research, and experimental implementation. Trust negotiation involves both a protocol that defines the format of messages exchanged, and a strategy for determining the actual content of these messages. If trust is to be negotiated, a procedure for this negotiation in the form of a protocol is necessary. It is extremely unlikely (and probably not even desirable), however, for a standard strategy for trust negotiation to be established, since appropriate strategies may vary with user and context. Nevertheless, it is desirable that the two parties involved not have to first agree on a negotiation protocol before actually doing any negotiation on credentials. If both parties to a negotiation are using compatible interoperable strategies, the negotiation can proceed even if the strategies differ. The focus of this paper is on the identification of families of interoperable strategies for trust negotiation; any two members of such a family use the same protocol, and are guaranteed to be compatible. Two large families of interoperable strategies are identified and analyzed in detail. The simpler disclosure tree strategy (DTS) family assumes propositional credentials; the binding tree strategy (BTS) family allows credentials with internal structure. Examples of realistic strategies within these two families are given. The paper focuses on the theoretical component of the TrustBuilder program, and is thus highly mathematical. It is well written, however, and presents concepts essential for those working in this area. Online Computing Reviews Service

        Access critical reviews of Computing literature here

        Become a reviewer for Computing Reviews.

        Comments

        Please enable JavaScript to view thecomments powered by Disqus.

        Information & Contributors

        Information

        Published In

        cover image ACM Transactions on Information and System Security
        ACM Transactions on Information and System Security  Volume 6, Issue 1
        February 2003
        171 pages
        ISSN:1094-9224
        EISSN:1557-7406
        DOI:10.1145/605434
        Issue’s Table of Contents

        Publisher

        Association for Computing Machinery

        New York, NY, United States

        Publication History

        Published: 01 February 2003
        Published in TISSEC Volume 6, Issue 1

        Permissions

        Request permissions for this article.

        Check for updates

        Author Tags

        1. Automated trust negotiation
        2. access control
        3. digital credentials
        4. interoperable strategies

        Qualifiers

        • Article

        Contributors

        Other Metrics

        Bibliometrics & Citations

        Bibliometrics

        Article Metrics

        • Downloads (Last 12 months)17
        • Downloads (Last 6 weeks)5
        Reflects downloads up to 24 Dec 2024

        Other Metrics

        Citations

        Cited By

        View all
        • (2024)Revisiting Trust Management in the Data Economy: A Road MapIEEE Internet Computing10.1109/MIC.2024.339840328:4(21-29)Online publication date: 1-Jul-2024
        • (2023)Credential-Based Access ControlEncyclopedia of Cryptography, Security and Privacy10.1007/978-3-642-27739-9_898-2(1-3)Online publication date: 29-Jul-2023
        • (2023)Trust ManagementEncyclopedia of Cryptography, Security and Privacy10.1007/978-3-642-27739-9_832-2(1-4)Online publication date: 21-Jul-2023
        • (2022)Toward Architectural and Protocol-Level Foundation for End-to-End Trustworthiness in Cloud/Fog ComputingIEEE Transactions on Big Data10.1109/TBDATA.2017.27054188:1(35-47)Online publication date: 1-Feb-2022
        • (2022)A Construction for General and Efficient Oblivious Commitment Based Envelope ProtocolsInformation and Communications Security10.1007/11935308_10(122-138)Online publication date: 10-Mar-2022
        • (2021)Privacy-preserving policy evaluation in multi-party access controlJournal of Computer Security10.3233/JCS-20000729:6(613-650)Online publication date: 1-Jan-2021
        • (2019)Privacy-Preserving Multi-Party Access ControlProceedings of the 18th ACM Workshop on Privacy in the Electronic Society10.1145/3338498.3358643(1-13)Online publication date: 11-Nov-2019
        • (2019)A glimpse of Semantic Web trustSN Applied Sciences10.1007/s42452-019-1598-61:12Online publication date: 30-Nov-2019
        • (2019)Trust Management Systems: a Retrospective Study on Digital TrustCyber‐Vigilance and Digital Trust10.1002/9781119618393.ch2(51-103)Online publication date: 24-Apr-2019
        • (2017)Impact of social influence on trust management within communities of agentsWeb Intelligence10.3233/WEB-17036115:3(251-268)Online publication date: 11-Aug-2017
        • Show More Cited By

        View Options

        Login options

        Full Access

        View options

        PDF

        View or Download as a PDF file.

        PDF

        eReader

        View online with eReader.

        eReader

        Media

        Figures

        Other

        Tables

        Share

        Share

        Share this Publication link

        Share on social media