Abstract
Compliance checker is an important component for automated trust negotiation (ATN) to examine whether the credentials match the access control policies. A good design for compliance checker helps to speed up trust establishment between parties during the negotiation, and can also improve negotiation efficiency. Unfortunately, it has been noted that compliance checker has got little attention in design and implementation. On the contrary, more work has been spent on the algorithms on how to protect sensitive information. A RT 0 based compliance checker (RBCC) model for ATN is presented in this paper. We give its architecture and workflow, and illustrate how it works through a practical example. The case study shows that the model satisfies compliance checker’s basic requirements and provides good information feedback mechanism to protect sensitive information.
The paper is supported by National Natural Science Foundation of China under grant No.90412010.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Winsborough, W.H., Li, N.: Towards practical automated trust negotiation. In: Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks, pp. 92–103. IEEE Computer Society Press, Los Alamitos (2002)
Liao, Z., et al.: Automated trust negotiation and its development trend (in Chinese with English abstract). Journal of Software 17(9), 1933–1948 (2006)
Jin, H., et al.: A new approach to hide policy for automated trust negotiation. In: Yoshiura, H., et al. (eds.) IWSEC 2006. LNCS, vol. 4266, pp. 168–178. Springer, Heidelberg (2006)
Blaze, M., Feigenbaum, J., Strauss, M.: Compliance checking in the PolicyMaker Trust Management System. In: Financial Cryptography 1998, pp. 254–274 (1998)
Holt, J.E., et al.: Hidden credentials. In: Proceedings of 2nd ACM Workshop on Privacy in the Electronic Society, pp. 1–8. ACM Press, New York (2003)
Li, N., Du, W., Boneh, D.: Oblivious signature-based envelope. In: Proceeding of the 22nd ACM Symposium on Principles of Distributed Computing, pp. 182–189. ACM Press, New York (2003)
Kapadia, A., Sampemane, G., Campbell, R.H.: Know: Why Your Access Was Denied: Regulating Feedback for Usable Security. In: Proceeding of the 22nd ACM Symposium on Computer and Communication Security, pp. 74–84. ACM Press, New York (2004)
Blaze, M., et al.: The KeyNote Trust-Management System. In: RFC 2704 (September 1999)
Blaze, M., Ioannidis, J., Keromytis, A.D.: Trust Management and Network Layer Security Protocols. In: Proceedings of ACM Transactions on Information and System Security, pp. 95–118. ACM Press, New York (2002)
Li, N., Winsborough, W.H., Mitchell, J.C.: Distributed credential chain discovery in trust management. Journal of Computer Security 11(1), 35–86 (2003)
Li, J., Li, N.: OACerts: Oblivious Attribute Certificates. In: Proceeding of 3rd Conference on Applied Cryptography and Network Security, pp. 108–121. ACM Press, New York (2003)
Seamons, K.E., et al.: Requirements for Policy languages for Trust Negotiation. In: Proceeding of 3rd IEEE International Workshop on Policies for Distributed Systems and Networks, pp. 68–79. IEEE Computer Society Press, Los Alamitos (2002)
International Telecommunication Union. Recommendation X.509 – Information Technology – Open System Interconnection – The Directory: Authentication Framework (Aug. 1997)
Capkun, S., Buttyan, L., Hubaux, J.P.: Small worlds in security systems: an analysis of the PGP certificate graph. In: Proceeding of the 2002 Workshop on New Security Paradigms, pp. 187–201. IEEE Computer Society Press, Los Alamitos (2002)
Clarke, D., et al.: Certificate chain discovery in SPKI/SDSI. Journal of Computer Security 9(4), 285–322 (2001)
Rivest, R.L., Shamir, A., Adleman, L.M.: A method for obtaining digital signatures and public key crytosystems. Communications of the ACM, 120–126 (1978)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer Berlin Heidelberg
About this paper
Cite this paper
Liao, Z., Jin, H. (2007). A RT0-Based Compliance Checker Model for Automated Trust Negotiation. In: Yang, C.C., et al. Intelligence and Security Informatics. PAISI 2007. Lecture Notes in Computer Science, vol 4430. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-71549-8_11
Download citation
DOI: https://doi.org/10.1007/978-3-540-71549-8_11
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-71548-1
Online ISBN: 978-3-540-71549-8
eBook Packages: Computer ScienceComputer Science (R0)