Safety in automated trust negotiation

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Safety in automated trust negotiation

Full text

Pdf (383 KB)

Source

ACM Transactions on Information and System Security (TISSEC) archive
Volume 9 , Issue 3 (August 2006) table of contents

Pages: 352 - 390

Year of Publication: 2006

ISSN:1094-9224

Authors

William H. Winsborough	University of Texas at San Antonio, San Antonio, TX
Ninghui Li	Purdue University, West Lafayette, IN

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 13, Downloads (12 Months): 146, Citation Count: 6

Additional Information:

abstract references cited by index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1178618.1178623 What is a DOI?

ABSTRACT

Exchange of attribute credentials is a means to establish mutual trust between strangers wishing to share resources or conduct business transactions. Automated Trust Negotiation (ATN) is an approach to regulate the exchange of sensitive information during this process. It treats credentials as potentially sensitive resources, access to which is under policy control. Negotiations that correctly enforce policies have been called “safe” in the literature. Prior work on ATN lacks an adequate definition of this safety notion. In large part, this is because fundamental questions such as “what needs to be protected in ATN?” and “what are the security requirements?” are not adequately answered. As a result, many prior methods of ATN have serious security holes. We introduce a formal framework for ATN in which we give precise, usable, and intuitive definitions of correct enforcement of policies in ATN. We argue that our chief safety notion captures intuitive security goals. We give precise comparisons of this notion with two alternative safety notions that may seem intuitive, but that are seen to be inadequate under closer inspection. We prove that an approach to ATN from the literature meets the requirements set forth in the preferred safety definition, thus validating the safety of that approach, as well as the usability of the definition.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Matt Blaze , Joan Feigenbaum , Jack Lacy, Decentralized Trust Management, Proceedings of the 1996 IEEE Symposium on Security and Privacy, p.164, May 06-08, 1996
	2	Piero Bonatti , Pierangela Samarati, Regulating service access and information release on the Web, Proceedings of the 7th ACM conference on Computer and communications security, p.134-143, November 01-04, 2000, Athens, Greece [doi>10.1145/352600.352620]
	3	Piero A. Bonatti , Sarit Kraus , V. s. Subrahmanian, Foundations of Secure Deductive Databases, IEEE Transactions on Knowledge and Data Engineering, v.7 n.3, p.406-422, June 1995 [doi>10.1109/69.390247]
	4	Inference Control in Statistical Databases, From Theory to Practice, January 2002
	5	Goguen, J. and Meseguer, J. 1982. Security policies and security models. In Proceedings of the 1982 IEEE Symposium on Security and Privacy. IEEE Computer Society Press, Piscataway, New Jersey. 11--20.
	6	Oded Goldreich, Foundations of Cryptography: Basic Tools, Cambridge University Press, New York, NY, 2000
	7	Amir Herzberg , Yosi Mass , Joris Michaeli , Yiftach Ravid , Dalit Naor, Access Control Meets Public Key Infrastructure, Or: Assigning Roles to Strangers, Proceedings of the 2000 IEEE Symposium on Security and Privacy, p.2, May 14-17, 2000
	8	Hess, A., Jacobson, J., Mills, H., Wamsley, R., Seamons, K. E., and Smith, B. 2002. Advanced client/server authentication in TLS. In Network and Distributed System Security Symposium. 203--214.
	9	Jason E. Holt , Robert W. Bradshaw , Kent E. Seamons , Hilarie Orman, Hidden Credentials, Proceedings of the 2003 ACM workshop on Privacy in the electronic society, October 30, 2003, Washington, DC [doi>10.1145/1005140.1005142]
	10	Jiangtao Li , Ninghui Li , William H. Winsborough, Automated trust negotiation using cryptographic credentials, Proceedings of the 12th ACM conference on Computer and communications security, November 07-11, 2005, Alexandria, VA, USA [doi>10.1145/1102120.1102129]
	11	Ninghui Li , John C. Mitchell , William H. Winsborough, Design of a Role-Based Trust-Management Framework, Proceedings of the 2002 IEEE Symposium on Security and Privacy, p.114, May 12-15, 2002
	12	Ninghui Li , Wenliang Du , Dan Boneh, Oblivious signature-based envelope, Proceedings of the twenty-second annual symposium on Principles of distributed computing, p.182-189, July 13-16, 2003, Boston, Massachusetts [doi>10.1145/872035.872061]
	13	Ninghui Li , Benjamin N. Grosof , Joan Feigenbaum, Delegation logic: A logic-based approach to distributed authorization, ACM Transactions on Information and System Security (TISSEC), v.6 n.1, p.128-171, February 2003 [doi>10.1145/605434.605438]
	14	Ninghui Li , William H. Winsborough , John C. Mitchell, Distributed credential chain discovery in trust management, Journal of Computer Security, v.11 n.1, p.35-86, February 2003
	15	R. L. Rivest , A. Shamir , L. Adleman, A method for obtaining digital signatures and public-key cryptosystems, Communications of the ACM, v.21 n.2, p.120-126, Feb. 1978 [doi>10.1145/359340.359342]
	16	Seamons, K. E., Winslett, M., and Yu, T. 2001. Limiting the disclosure of access control policies during automated trust negotiation. In Proceedings of the Symposium on Network and Distributed System Security (NDSS'01).
	17	Seamons, K. E., Winslett, M., Yu, T., Yu, L., and Jarvis, R. 2002. Protecting privacy during on-line trust negotiation. In 2nd Workshop on Privacy Enhancing Technologies. Springer-Verlag, New York.
	18	Jessica Staddon, Dynamic inference control, Proceedings of the 8th ACM SIGMOD workshop on Research issues in data mining and knowledge discovery, June 13-13, 2003, San Diego, California [doi>10.1145/882082.882103]
	19	Sutherland, D. 1986. A model of information. In Proceedings of the 9th National Computer Security Conference. 175--183.
	20	Lingyu Wang , Duminda Wijesekera , Sushil Jajodia, Cardinality-based inference control in data cubes, Journal of Computer Security, v.12 n.5, p.655-692, September 2004
	21	William H. Winsborough , Ninghui Li, Protecting sensitive attributes in automated trust negotiation, Proceedings of the 2002 ACM workshop on Privacy in the Electronic Society, p.41-51, November 21-21, 2002, Washington, DC [doi>10.1145/644527.644532]
	22	N. Li , W. Winsborough, Towards Practical Automated Trust Negotiation, Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02), p.92, June 05-07, 2002
	23	Winsborough, W. H., Seamons, K. E., and Jones, V. E. 2000. Automated trust negotiation. In DARPA Information Survivability Conference and Exposition. Vol. I. IEEE Press, Piscataway, New Jersey. 88--102.
	24	Marianne Winslett , Ting Yu , Kent E. Seamons , Adam Hess , Jared Jacobson , Ryan Jarvis , Bryan Smith , Lina Yu, Negotiating Trust on the Web, IEEE Internet Computing, v.6 n.6, p.30-37, November 2002 [doi>10.1109/MIC.2002.1067734]
	25	Ting Yu , Marianne Winslett, Policy migration for sensitive credentials in trust negotiation, Proceedings of the 2003 ACM workshop on Privacy in the electronic society, October 30, 2003, Washington, DC [doi>10.1145/1005140.1005143]
	26	Ting Yu , Marianne Winslett, A Unified Scheme for Resource Protection in Automated Trust Negotiation, Proceedings of the 2003 IEEE Symposium on Security and Privacy, p.110, May 11-14, 2003
	27	Ting Yu , Xiaosong Ma , Marianne Winslett, PRUNES: an efficient and complete strategy for automated trust negotiation over the Internet, Proceedings of the 7th ACM conference on Computer and communications security, p.210-219, November 01-04, 2000, Athens, Greece [doi>10.1145/352600.352633]
	28	Ting Yu , Marianne Winslett , Kent E. Seamons, Supporting structured credentials and sensitive policies through interoperable strategies for automated trust negotiation, ACM Transactions on Information and System Security (TISSEC), v.6 n.1, p.1-42, February 2003 [doi>10.1145/605434.605435]

CITED BY 6

	Isaac Agudo , Javier Lopez , Jose A. Montenegro, Enabling attribute delegation in ubiquitous environments, Mobile Networks and Applications, v.13 n.3, p.398-410, August 2008
	Anna C. Squicciarini , Alberto Trombetta , Elisa Bertino , Stefano Braghin, Identity-based long running negotiations, Proceedings of the 4th ACM workshop on Digital identity management, October 31-31, 2008, Alexandria, Virginia, USA
	Adam J. Lee , Marianne Winslett, Enforcing Safety and Consistency Constraints in Policy-Based Authorization Systems, ACM Transactions on Information and System Security (TISSEC), v.12 n.2, p.1-33, December 2008
	Hristo Koshutanski , Fabio Massacci, Interactive access control for autonomic systems: From theory to implementation, ACM Transactions on Autonomous and Adaptive Systems (TAAS), v.3 n.3, p.1-31, August 2008
	Isaac Agudo , Javier Lopez , Jose A. Montenegro, Attribute delegation in ubiquitous environments, Proceedings of the 3rd international conference on Mobile multimedia communications, August 27-29, 2007, Nafpaktos, Greece
	Sabrina De Capitani di Vimercati , Sara Foresti , Sushil Jajodia , Stefano Paraboschi , Gerardo Pelosi , Pierangela Samarati, Preserving confidentiality of security policies in data outsourcing, Proceedings of the 7th ACM workshop on Privacy in the electronic society, October 27-27, 2008, Alexandria, Virginia, USA