Abstract
Business and military partners, companies and their customers, and other closely cooperating parties may have a compelling need to conduct sensitive interactions on line, such as accessing each other's local services and other local resources. Automated trust negotiation is an approach to establishing trust between parties so that such interactions can take place, through the use of access control policies that specify what combinations of digital credentials a stranger must disclose to gain access to a local resource. A party can use many different strategies to negotiate trust, offering tradeoffs between the length of the negotiation, the amount of extraneous information disclosed, and the computational effort expended. To preserve parties' autonomy, each party should ideally be able to choose its negotiation strategy independently, while still being guaranteed that negotiations will succeed whenever possible---that the two parties' strategies will interoperate. In this paper we provide the formal underpinnings for that goal, by formalizing the concepts of negotiation protocols, strategies, and interoperation. We show how to model the information flow of a negotiation for use in analyzing strategy interoperation. We also present two large sets of strategies whose members all interoperate with one another, and show that these sets contain many practical strategies. We develop the theory for black-box propositional credentials as well as credentials with internal structure, and for access control policies whose contents are (respectively are not) sensitive. We also discuss how these results fit into TrustBuilder, our prototype system for trust negotiation.
- Apt, K. R., Warren, D. S., and Truszczynski, M., Eds. 1999. The Logic Programming Paradigm: A 25-Year Perspective. Springer-Verlag.]] Google Scholar
- Blaze, M., Feigenbaum, J., Ioannidis, J., and Keromytis, A. 1999. The KeyNote Trust Management System Version 2. In Internet Draft RFC 2704.]] Google Scholar
- Blaze, M., Feigenbaum, J., and Keromytis, A. D. 1998. KeyNote: Trust Management for Public-Key Infrastructures. In Security Protocols Workshop. Cambridge, UK.]] Google Scholar
- Bonatti, P. and Samarati, P. 2000. Regulating Service Access and Information Release on the Web. In Conference on Computer and Communications Security. Athens.]] Google Scholar
- Dierks, T. and Allen, C. 1999. The TLS Protocol Version 1.0. IETF.]] Google Scholar
- Farrell, S. 1998. TLS Extension for Attribute Certificate Based Authorization. IETF.]]Google Scholar
- Frier, A., Karlton, P., and Kocher, P. 1996. The SSL 3.0 Protocol. Netscape Communications Corp.]]Google Scholar
- Herzberg, A. and Mass, Y. 2001. Relying Party Credentials Framework. In The Cryptographer's Tract at RSA Conference. San Francisco, CA.]] Google Scholar
- Herzberg, A., Mihaeli, J., Mass, Y., Naor, D., and Ravid, Y. 2000. Access Control Meets Public Key Infrastructure, Or: Assigning Roles to Strangers. In IEEE Symposium on Security and Privacy. Oakland, CA.]] Google Scholar
- Hess, A., Jacobson, J., Mills, H., Wamsley, R., Seamons, K., and Smith, B. 2002. Advanced Client/Server Authetication in TLS. In Network and Distributed System Security Symposium. San Diego, CA.]]Google Scholar
- IETF 2001. Simple Public Key Infrastructure (SPKI) IETF.]]Google Scholar
- IETF 2002. Simple Public Key Infrastructure (X.509) (pkix). IETF.]]Google Scholar
- Islam, N., Anand, R., Jaeger, T., and Rao, J. R. 1997. A Flexible Security System for Using Internet Content. IEEE Software 14, 5 (Sept.).]] Google Scholar
- Johnson, W., Mudumbai, S., and Thompson, M. 1998. Authorization and Attribute Certificates for Widely Distributed Access Control. In IEEE International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises.]] Google Scholar
- Li, N., Grosof, B., and Feigenbaum, J. 2000. A Practically Implementable and Tractable Delegation Logic. In IEEE Symposium on Security and Privacy. Berkeley, California.]] Google Scholar
- Li, N., Winsborough, W., and Mitchell, J. 2001. Distributed Credential Chain Discovery in Trust Management. In Conference on Computer and Communication Security. Philadelphia, PA.]] Google Scholar
- Rescorla, E. 1998. HTTP Over TLS. IETF.]] Google Scholar
- Sagonas, K., Swift, T., and Warren, D. 1994. Xsb as an efficient deductive database engine. In Proceedings of the 1994 ACM SIGMOD International Conference on Management of Data. ACM Press, Minneapolis, MN, 442--453.]] Google Scholar
- Seamons, K., Winslett, M., and Yu, T. 2001. Limiting the Disclosure of Access Control Policies during Automated Trust Negotiation. In Network and Distributed System Security Symposium. San Diego, CA.]]Google Scholar
- W3C 2002. Platform for Privacy Preferences (P3P) Specification W3C.]]Google Scholar
- Winsborough, W., Seamons, K., and Jones, V. 2000. Automated Trust Negotiation. In DARPA Information Survivability Conference and Exposition. Hilton Head Island, SC.]]Google Scholar
- Yu, T., Ma, X., and Winslett, M. 2000. PRUNES: An Efficient and Complete Strategy for Automated Trust Negotiation over the Internet. In Conference on Computer and Communication Security. Athens, Greece.]] Google Scholar
- Yu, T., Winslett, M., and Seamons, K. 2001. Interoperable Strategies in Automated Trust Negotiation. In Conference on Computer and Communication Security. Philadelphia, PA.]] Google Scholar
- Zimmerman, P. 1994. PGP User's Guide. MIT Press.]]Google Scholar
Index Terms
- Supporting structured credentials and sensitive policies through interoperable strategies for automated trust negotiation
Recommendations
Automated trust negotiation using cryptographic credentials
In automated trust negotiation (ATN), two parties exchange digitally signed credentials that contain attribute information to establish trust and make access control decisions. Because the information in question is often sensitive, credentials are ...
Automated trust negotiation using cryptographic credentials
CCS '05: Proceedings of the 12th ACM conference on Computer and communications securityIn automated trust negotiation (ATN), two parties exchange digitally signed credentials that contain attribute information to establish trust and make access control decisions. Because the information in question is often sensitive, credentials are ...
Policy migration for sensitive credentials in trust negotiation
WPES '03: Proceedings of the 2003 ACM workshop on Privacy in the electronic societyTrust negotiation is an approach to establishing trust between strangers through the bilateral, iterative disclosure of digital credentials. Under automated trust negotiation, access control policies are associated with sensitive credentials to control ...
Comments