Abstract
In a pervasive computing environment, the need to establish trust amongst distributed services has attracted increasing attentions from both the industry and academia. As a widely adopted solution to carry a principal’s identity and attributes of different organizations, the credential-based trust establishment has become popular over Internet. In this paper, we propose a hybrid negotiation tree based modeling approach, named HiTrust, to build cross-organizational trust relationship. The HiTrust is used to characterize the gradual interactions state during the trust establishment between the principals from different security organizations. Compared with the original disclosure tree model, the hybrid tree model in HiTrust can embed both policies and credential sets in a tree node, and is able to describe fine-grained security policy with attributes or negotiation context information. This property endows the HiTrust with the capability of describing complex trust establishment requirements, and makes it more efficient to search desired tree node. Furthermore, to enhance the usability and efficiency of negotiation service, we propose a session state maintenance mechanism based on a policy stack and an asynchronous trust chain propagation mechanism. We have implemented the HiTrust prototype system, and experimentally verified that the HiTrust is effective and scalable.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Hansmann, U. (2003). Pervasive computing: the mobile world. Berlin: Springer. ISBN 3540002189.
Ahmed, A., & Zhang, N. (2009). Towards the realisation of context-risk-aware access control in pervasive computing. Telecommunication Systems Journal. doi:10.1007/s11235-009-9240-3.
Winsborough, W. H., & Li, N. (2002). Towards practical automated trust negotiation. In Proceedings of the 3rd international workshop on policies for distributed systems and networks (POLICY’02) Monterey, CA, USA.
Zou, D., Park, J. H., Yang, L. T., Liao, Z., & Kim, T. (2008). A formal framework for expressing trust negotiation in the ubiquitous computing environment. In Proceedings of the 5th international conference on ubiquitous intelligence and computing, Oslo, Norway, June 23–25. Lecture notes in computer science (Vol. 5061, pp. 35–45). Berlin: Springer.
Li, N., Winsborough, W. H., & Mitchell, J. C. (2003). Distributed credential chain discovery in trust management. Journal of Computer Security, 11, 35–86.
Winslett, M., Yu, T., Seamons, K. E., Hess, A., Jacobson, J., Jarvis, R., Smith, B., & Yu, L. (2002). The TrustBuilder architecture for trust negotiation. IEEE Internet Computing, 6(6), 30–37.
Constandache, I., Olmedilla, D., & Nejdl, W. (2005). Policy based dynamic negotiation for grid services authorization. In Semantic web policy workshop in conjunction with 4th international semantic web conference, Galway, Ireland.
Bertino, E., Ferrari, E., & Squicciarini, A. C. (2004). Trust-X:A peer to peer Framework for trust negotiations. IEEE Transactions on Knowledge and Data Engineering, 16, 827–841.
Yamaki, H., Fujii, M., & Nakatsuka, K. (2005). A dynamic programming approach to automated trust negotiation for multiagent systems. In 1st international workshop on rational, robust, and secure negotiations in multi-agent systems (RRS2005).
Dragoni, N., Massacci, F., & Saidane, A. (2009). A self-protecting and self-healing framework for negotiating services and trust in autonomic communication systems. Computer Networks, 53, 1628–1648.
Dragoni, N., & Saidane, A. (2008). A framework for dependable trust negotiation in open environments. In Fifth IEEE workshop on engineering of autonomic and autonomous systems, Belfast.
Winslett, M., Adam, J. L., & Kenneth, J. P. (2009). Trust negotiation: authorization for virtual organizations. In Proceedings of the 5th annual workshop on cyber security and information intelligence research: cyber security and information intelligence challenges and Strategies. Oak Ridge: ACM.
Li, J., Li, B., Wo, T., Hu, C., Huai, J., Liu, L., & Lam, K. P. (2011). CyberGuarder: A virtualization security assurance architecture for green cloud computing. Future Generation Computer Systems. doi:10.1016/j.future.2011.04.012.
Winsborough, W. H., Seamons, K. E., & Jones, V. E. (2000). Automated trust negotiation. In DARPA information survivability conference and exposition.
Winslett, T. Y. M., & Seamons, K. (2003). Supporting structured credentials and sensitive policies through interoperable strategies for automated trust negotiation. ACM Transactions on Information and System Security 6, 1–42.
Yu, T., & Winslett, X. M. M. (2000). PRUNES: an efficient and complete strategy for automated trust negotiation over the Internet. In Conference on computer and communications security (CCS00), Athens, Greece.
Yu, T., & Winslett, M. (2003). A unified scheme for resource protection in automated trust negotiation. In IEEE symposium on security and privacy, Berkeley, California.
Skogsrud, H., Benatallah, B., & Casati, F. (2004). Trust-Serv: model-driven lifecycle management of trust negotiation policies for web services. In Proceeding of 13th world wide web conference (WWW2004), New York, NY, USA.
Chen, W., Clarke, L., Kurose, J., & Towsley, D. (2005). Optimizing cost-sensitive trust-negotiation protocols. In Proceedings of the 24th conference of the IEEE communications society (Infocom 2005), Miami, FL.
Bonatti, P., & Olmedilla, D. (2005). Driving and monitoring provisional trust negotiation with metapolicies. In Sixth IEEE international workshop on policies for distributed systems and networks (POLICY’05), Stockholm, Sweden.
Huai, J., Hu, C., Li, J., et al. (2007). CROWN: A service grid middleware with trust management mechanism. Science in China Series F: Information Sciences, 49, 731–758.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Li, J., Liu, X., Liu, L. et al. HiTrust: building cross-organizational trust relationship based on a hybrid negotiation tree. Telecommun Syst 52, 1353–1365 (2013). https://doi.org/10.1007/s11235-011-9648-4
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11235-011-9648-4