ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
PP-trust-X: A system for privacy preserving trust negotiations
Full text PdfPdf (1.05 MB)
Source
ACM Transactions on Information and System Security (TISSEC) archive
Volume 10 ,  Issue 3  (July 2007) table of contents
Article No. 12  
Year of Publication: 2007
ISSN:1094-9224
Authors
A. Squicciarini  Purdue University, West Lafayette, IN
E. Bertino  Purdue University, West Lafayette, IN
Elena Ferrari  Universita' degli Studi dell'Insubria, Varese
F. Paci  Universita' degli Studi di Milano, Milano
B. Thuraisingham  The University of Texas at Dallas, Dallas, Texas
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 21,   Downloads (12 Months): 208,   Citation Count: 1
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1266977.1266981
What is a DOI?

ABSTRACT

Trust negotiation is a promising approach for establishing trust in open systems, in which sensitive interactions may often occur between entities with no prior knowledge of each other. Although, to date several trust negotiation systems have been proposed, none of them fully address the problem of privacy preservation. Today, privacy is one of the major concerns of users when exchanging information through the Web and thus we believe that trust negotiation systems must effectively address privacy issues in order to be widely applicable. For these reasons, in this paper, we investigate privacy in the context of trust negotiations. We propose a set of privacy-preserving features for inclusion in any trust negotiation system, such as the support for the P3P standard, as well as a number of innovative features, such as a novel format for encoding digital credentials specifically designed for preserving privacy. Further, we present a variety of interoperable strategies to carry on the negotiation with the aim of improving both privacy and efficiency.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
Agrawal, R., Kiernan, J., Srikant, R., and Xu, Y. 2003. Implementing P3P using database technology. 19th International Conference on Data Engineering. Bangalore, India.
 
2
E. Bertino , E. Ferrari , A. Squicciarini, X -TNL: An XML-based Language for Trust Negotiations, Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks, p.81, June 04-06, 2003
 
3
Bertino, E., Ferrari, E., and Squicciarini, A. 2004a. Privacy preserving trust negotiations. 4th International Workshop on Privacy Enhancing Technologies. Toronto, Canada.
 
4
Trust-X: A Peer-to-Peer Framework for Trust Establishment, IEEE Transactions on Knowledge and Data Engineering, v.16 n.7, p.827-842, July 2004  [doi>10.1109/TKDE.2004.1318565]
5
Piero Bonatti , Pierangela Samarati, Regulating service access and information release on the Web, Proceedings of the 7th ACM conference on Computer and communications security, p.134-143, November 01-04, 2000, Athens, Greece  [doi>10.1145/352600.352620]
6
Robert W. Bradshaw , Jason E. Holt , Kent E. Seamons, Concealing complex policies with hidden credentials, Proceedings of the 11th ACM conference on Computer and communications security, October 25-29, 2004, Washington DC, USA  [doi>10.1145/1030083.1030104]
 
7
Stefan A. Brands, Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy, MIT Press, Cambridge, MA, 2000
8
Jan Camenisch , Els Van Herreweghen, Design and implementation of the idemix anonymous credential system, Proceedings of the 9th ACM conference on Computer and communications security, November 18-22, 2002, Washington, DC, USA  [doi>10.1145/586110.586114]
9
David Chaum, Security without identification: transaction systems to make big brother obsolete, Communications of the ACM, v.28 n.10, p.1030-1044, Oct. 1985  [doi>10.1145/4372.4373]
 
10
Clark, J. 1999. XSL transformations (XSLT). version 1.0 W3C recommendation. Available at: http://www.w3.org/TR/xslt.
 
11
Cranor, L., Langherinrigh, M., and Marchiori, M. 2002. A P3P preference exchange language 1.0 (APPEL1.0). W3C Working Draft.
 
12
Cranor, L., Langherinrigh, M., Marchiori, M., Presler-Marsall, M., and Reagle, J. 2003. P3P- the platform for privacy preferences, version 1.1. Available at: http://www.w3.org/P3P/1.1/.
 
13
Amir Herzberg , Yosi Mass , Joris Michaeli , Yiftach Ravid , Dalit Naor, Access Control Meets Public Key Infrastructure, Or: Assigning Roles to Strangers, Proceedings of the 2000 IEEE Symposium on Security and Privacy, p.2, May 14-17, 2000
 
14
Housley, R., Polk, W., Ford, W., and So, D. 2002. Internet X.509 public key infrastructure certificate and certificate revocation List (crl) profile. RFC 3280.
 
15
IBM. IBM Tivoli privacy wizard. Available at: www.tivoli.resource_center/maximize/privacy/wizard_code.html.
 
16
Jarvis, R. 2003. Selective disclosure of credential content during trust negotiation. Master of Science Thesis, Brigham Young University, Provo, UT.
 
17
JRC. 2002. JRC P3P resource centre. Available at: http://p3p.jrc.it.
18
Adam J. Lee , Marianne Winslett , Jim Basney , Von Welch, Traust: a trust negotiation-based authorization service for open systems, Proceedings of the eleventh ACM symposium on Access control models and technologies, June 07-09, 2006, Lake Tahoe, California, USA  [doi>10.1145/1133058.1133066]
 
19
Li, N., Du, W., and Boneh, D. 2003. Oblivious signature-based envelope.
 
20
Microsoft. 2004. Infocard project. Available at http://msdn.microsoft.com/winfx/reference/infocard/default.aspx.
 
21
Moni Naor, Bit Commitment Using Pseudo-Randomness, Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology, p.128-136, August 20-24, 1989
22
Pino Persiano , Ivan Visconti, User privacy issues regarding certificates and the TLS protocol: the design and implementation of the SPSL protocol, Proceedings of the 7th ACM conference on Computer and communications security, p.53-62, November 01-04, 2000, Athens, Greece  [doi>10.1145/352600.352609]
 
23
Seamons, K. E., Winslett, M., and Yu, T. 2001. Limiting the disclosure of Access Control Policies during automated trust negotiation. Network and Distributed System Security Simposium. San Diego, CA.
 
24
Seamons, K. E., Winslett, M., and Yu, T. 2002. Protecting privacy during on line trust negotiation. 2nd Workshop on Privacy Enhancing Technologies. San Francisco, CA.
 
25
Westin, A. F. 1967. Privacy and freedom. Atheneum, New York.
 
26
N. Li , W. Winsborough, Towards Practical Automated Trust Negotiation, Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02), p.92, June 05-07, 2002
27
William H. Winsborough , Ninghui Li, Protecting sensitive attributes in automated trust negotiation, Proceedings of the 2002 ACM workshop on Privacy in the Electronic Society, p.41-51, November 21-21, 2002, Washington, DC  [doi>10.1145/644527.644532]
 
28
Winsborough, W. H., Seamons, K. E., and Jones, V. 2000. Automated trust negotiation. DARPA Information Survivability Conference and Exposition, Vol. I, 88--102.
 
29
Marianne Winslett , Ting Yu , Kent E. Seamons , Adam Hess , Jared Jacobson , Ryan Jarvis , Bryan Smith , Lina Yu, Negotiating Trust on the Web, IEEE Internet Computing, v.6 n.6, p.30-37, November 2002  [doi>10.1109/MIC.2002.1067734]
 
30
World Wide Web Consortium. References for P3P implementation. Available at: http://www.w3org/P3P/implementations.
 
31
World Wide Web Consortium. Uniform resource identifiers, naming and addressing: URIs, URLs, … Available at http://www.w3.org/addressing.
 
32
Ting Yu , Marianne Winslett, A Unified Scheme for Resource Protection in Automated Trust Negotiation, Proceedings of the 2003 IEEE Symposium on Security and Privacy, p.110, May 11-14, 2003
33
Ting Yu , Marianne Winslett , Kent E. Seamons, Supporting structured credentials and sensitive policies through interoperable strategies for automated trust negotiation, ACM Transactions on Information and System Security (TISSEC), v.6 n.1, p.1-42, February 2003  [doi>10.1145/605434.605435]

CITED BY
Gerardo Canfora , Elisa Costante , Igino Pennino , Corrado Aaron Visaggio, A three-layered model to implement data privacy policies, Computer Standards & Interfaces, v.30 n.6, p.398-409, August, 2008

INDEX TERMS

Primary Classification:
  K. Computing Milieux
  K.6 MANAGEMENT OF COMPUTING AND INFORMATION SYSTEMS
      K.6.5 Security and Protection (D.4.6, K.4.2)

Additional Classification:
  D. Software
  D.4 OPERATING SYSTEMS
      D.4.6 Security and Protection
          Subjects: Information flow controls; Access controls


General Terms:
Algorithms, Design, Security


Keywords:
Access control, attribute-based access control, automated trust negotiation, credentials, privacy, strategy

Collaborative Colleagues:
A. Squicciarini: colleagues
E. Bertino: colleagues
Elena Ferrari: colleagues
F. Paci: colleagues
B. Thuraisingham: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player