Article

Policy migration for sensitive credentials in trust negotiation

Authors:

Marianne WinslettAuthors Info & Claims

WPES '03: Proceedings of the 2003 ACM workshop on Privacy in the electronic society

Pages 9 - 20

https://doi.org/10.1145/1005140.1005143

Published: 30 October 2003 Publication History

Abstract

Trust negotiation is an approach to establishing trust between strangers through the bilateral, iterative disclosure of digital credentials. Under automated trust negotiation, access control policies are associated with sensitive credentials to control under what circumstances those credentials can be disclosed. Ideally, the information in a user's sensitive credential should not be known by others unless the corresponding policy is satisfied. However, the original model for user interaction in trust negotiation has pitfalls which can be easily exploited to infer one's private information, even if access control policies are strictly enforced. To preserve one's privacy, a more flexible interaction model for trust negotiation is required. On the other hand, it is also desirable for two parties to be able to establish trust whenever possible. There is potentially a conflict between privacy preservation and the assurance of a successful trust negotiation. In this paper, we identify the situation where sensitive information can be inferred through observing one's behavior in trust negotiation. Then we propose policy migration as one approach to preventing such inference. Compared to previously proposed approaches, policy migration has a low management overhead, and provides a nice balance between inference prevention and guarantees of success in trust establishment. We also discuss the limitations of policy migration, and possible directions for more comprehensive solutions.

References

[1]

R. Agrawal, J. Kiernan, R. Srikant, and Y. Xu. Hippocratic Databases. In 28th International Conference on Very Large Data Bases, Hong Kong, Aug. 2002.]]

Digital Library

[2]

R. Agrawal, J. Kiernan, R. Srikant, and Y. Xu. Implementing P3P Using Database Technology. In 19th International Conference on Data Engineering, Bangalore, Mar. 2003.]]

[3]

D. Balfanz, G. Durfee, N. Shankar, D. Smetters, J. Staddon, and H. Wong. Secret Handshakes from Pairing-Based Key Agreements. In IEEE Symposium on Security and Privacy, Berkeley, CA, May 2003.]]

Digital Library

[4]

J. Biskup and P. Bonatti. Lying Versus Refusal for Known Potential Secrets. Data & Knowledge Engineering, 38(2), 2001.]]

Digital Library

[5]

J. Biskup and P. Bonatti. Controlled Query Evaluation for Known Policies by Combining Lying and Refusal. In International Symposium on Foundations of Information and Knowledge Systems, Salzau Castle, Germany, Feb. 2002.]]

Digital Library

[6]

M. Blaze, J. Feigenbaum, and A. D. Keromytis. KeyNote: Trust Management for Public-Key Infrastructures. In Security Protocols Workshop, Cambridge, UK, 1998.]]

Digital Library

[7]

P. Bonatti and P. Samarati. Regulating Service Access and Information Release on the Web. In Conference on Computer and Communications Security, Athens, Nov. 2000.]]

Digital Library

[8]

S. Brands. Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy. The MIT Press, 2000.]]

Digital Library

[9]

J. Camenisch and E. Herreweghen. Design and Implementation of the Idemix Anonymous Credential System. In ACM Conference on Computer and Communication Security, Washington D.C., Nov. 2002.]]

Digital Library

[10]

L. Chang and I. Moskowitz. An Integrated Framework for Database Privacy Protection. In 14th IFIP WG11.3 Working Conference on Data and Application Security, Amsterdam, Aug. 2000.]]

Digital Library

[11]

I. Dinur and K. Nissim. Revealing Information while Preserving Privacy. In ACM SIGACT-SIGMOD-SIGART Symposium on Principles of Database Systems, San Diego, CA, June 2003.]]

Digital Library

[12]

A. Herzberg, J. Mihaeli, Y. Mass, D. Naor, and Y. Ravid. Access Control Meets Public Key Infrastructure, Or: Assigning Roles to Strangers. In IEEE Symposium on Security and Privacy, Oakland, CA, May 2000.]]

Digital Library

[13]

A. Hess, J. Jacobson, H. Mills, R. Wamsley, K. Seamons, and B. Smith. Advanced Client/Server Authentication in TLS. In Network and Distributed System Security Symposium, San Diego, CA, Feb. 2002.]]

[14]

J. Holt, K. Seamons, and H. Orman. Hidden Credentials. In ACM Workshop on Privacy in the Electornic Society, Washington, DC, Oct. 2003.]]

Digital Library

[15]

R. Jarvis. Selective Disclosure of Credential Content during Trust Negotiation. Master's thesis, Depart. of Computer Science, Brigham Young University, Apr. 2003.]]

[16]

T. Jim. SD3: A Trust Management System with Certified Evaluation. In IEEE Symposium on Security and Privacy, Oakland, CA, May 2001.]]

Digital Library

[17]

W. Johnson, S. Mudumbai, and M. Thompson. Authorization and Attribute Certificates for Widely Distributed Access Control. In IEEE International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises, 1998.]]

Digital Library

[18]

G. Karjoth, M. Schunter, and M. Waidner. Platform for Enterprise Privacy Practices: Privacy-enabled Management of Customer Data. In 2nd Workshop on Privacy Enhancing Technologies, San Francisco, CA, Apr. 2002.]]

Digital Library

[19]

N. Li, W. Du, and D. Boneh. Oblivious Signature-Based Envelope. In ACM Symposium on Principles of Distributed Computing, Boston, MA, July 2003.]]

Digital Library

[20]

N. Li, J. Mitchell, and W. Winsborough. Design of A Role-based Trust-management Framework. In IEEE Symposium on Security and Privacy, Berkeley, California, May 2002.]]

Digital Library

[21]

N. Li, W. Winsborough, and J. Mitchell. Distributed Credential Chain Discovery in Trust Management. Journal of Computer Security, 11(1), Feb. 2003.]]

Digital Library

[22]

K. Seamons, M. Winslett, and T. Yu. Limiting the Disclosure of Access Control Policies during Automated Trust Negotiation. In Network and Distributed System Security Symposium, San Diego, CA, Feb. 2001.]]

[23]

K. Seamons, M. Winslett, T. Yu, L. Yu, and R. Jarvis. Protecting Privacy during On-line Trust Negotiation. In 2nd Workshop on Privacy Enhancing Technologies, San Francisco, CA, Apr. 2002.]]

Digital Library

[24]

W3C, http://www.w3.org/TR/WD-P3P/Overview.html. Platform for Privacy Preferences (P3P) Specification.]]

[25]

W. Winsborough and N. Li. Protecting Sensitive Attributes in Automated Trust Negotiation. In ACM Workshop on Privacy in the Electronic Society, Washington, DC, Nov. 2002.]]

Digital Library

[26]

W. Winsborough and N. Li. Towards Practical Automated Trust Negotiation. In 3rd International Workshop on Policies for Distributed Systems and Networks, Monterey, California, June 2002.]]

Digital Library

[27]

W. Winsborough, K. Seamons, and V. Jones. Automated Trust Negotiation. In DARPA Information Survivability Conference and Exposition, Hilton Head Island, SC, Jan. 2000.]]

[28]

T. Yu. Dynamic Trust Establishment in Open Systems. PhD thesis, Department of Computer Science, University of Illinois, Sept. 2003.]]

Digital Library

[29]

T. Yu and M. Winslett. A Unified Scheme for Resource Protection in Automated Trust Negotiation. In IEEE Symposium on Security and Privacy, Oakland, CA, May 2003.]]

Digital Library

[30]

T. Yu, M. Winslett, and K. Seamons. Supporting Structured Credentials and Sensitive Policies through Interoperable Strategies in Automated Trust Negotiation. ACM Transactions on Information and System Security, 6(1), Feb. 2003.]]

Digital Library

Cited By

Jayasinghe ULee GMacDermott A(2018)Trust-Based Data Controller for Personal Information Management2018 International Conference on Innovations in Information Technology (IIT)10.1109/INNOVATIONS.2018.8605979(123-128)Online publication date: Nov-2018
https://doi.org/10.1109/INNOVATIONS.2018.8605979
Xu CZhang J(2017)Collusive Opinion Fraud Detection in Online ReviewsACM Transactions on the Web10.1145/309885911:4(1-28)Online publication date: 24-Jul-2017
https://dl.acm.org/doi/10.1145/3098859
Hogan A(2017)Canonical Forms for Isomorphic and Equivalent RDF GraphsACM Transactions on the Web10.1145/306833311:4(1-62)Online publication date: 25-Jul-2017
https://dl.acm.org/doi/10.1145/3068333
Show More Cited By

Index Terms

Policy migration for sensitive credentials in trust negotiation
1. Security and privacy
2. Social and professional topics
  1. Computing / technology policy
    1. Computer crime

Recommendations

Protecting sensitive attributes in automated trust negotiation
WPES '02: Proceedings of the 2002 ACM workshop on Privacy in the Electronic Society

Exchange of attribute credentials is a means to establish mutual trust between strangers that wish to share resources or conduct business transactions. Automated Trust Negotiation (ATN) is an approach to regulate the flow of sensitive attributes during ...
Preventing attribute information leakage in automated trust negotiation
CCS '05: Proceedings of the 12th ACM conference on Computer and communications security

Automated trust negotiation is an approach which establishes trust between strangers through the bilateral, iterative disclosure of digital credentials. Sensitive credentials are protected by access control policies which may also be communicated to the ...
Harvesting credentials in trust negotiation as an honest-but-curious adversary
WPES '07: Proceedings of the 2007 ACM workshop on Privacy in electronic society

Need-to-know is a fundamental security concept: a party should not learn information that is irrelevant to its mission. In this paper we show that during a trust negotiation in which parties show their credentials to one another, an adversary can ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

WPES '03: Proceedings of the 2003 ACM workshop on Privacy in the electronic society

October 2003

135 pages

ISBN:1581137761

DOI:10.1145/1005140

General Chair:
Sushil Jajodia
George Mason University
,
Program Chairs:
Pierangela Samarati
University of Milan, Italy
,
Paul Syverson
Naval Research Lab

Copyright © 2003 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 30 October 2003

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

CCS03

Sponsor:

SIGSAC

CCS03: Tenth ACM Conference on Computer and Communications Security 2003

30 10 2003

Washington, DC

Acceptance Rates

Overall Acceptance Rate 106 of 355 submissions, 30%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

39
Total Citations
View Citations
717
Total Downloads

Downloads (Last 12 months)2
Downloads (Last 6 weeks)0

Reflects downloads up to 05 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Jayasinghe ULee GMacDermott A(2018)Trust-Based Data Controller for Personal Information Management2018 International Conference on Innovations in Information Technology (IIT)10.1109/INNOVATIONS.2018.8605979(123-128)Online publication date: Nov-2018
https://doi.org/10.1109/INNOVATIONS.2018.8605979
Xu CZhang J(2017)Collusive Opinion Fraud Detection in Online ReviewsACM Transactions on the Web10.1145/309885911:4(1-28)Online publication date: 24-Jul-2017
https://dl.acm.org/doi/10.1145/3098859
Hogan A(2017)Canonical Forms for Isomorphic and Equivalent RDF GraphsACM Transactions on the Web10.1145/306833311:4(1-62)Online publication date: 25-Jul-2017
https://dl.acm.org/doi/10.1145/3068333
Bernaschi MCelestini AGuarino SLombardi F(2017)Exploring and Analyzing the Tor Hidden Services GraphACM Transactions on the Web10.1145/300866211:4(1-26)Online publication date: 24-Jul-2017
https://dl.acm.org/doi/10.1145/3008662
Hassanein W(2016)Understanding and improving JVM GC work stealing at the data center scaleACM SIGPLAN Notices10.1145/3241624.292670651:11(46-54)Online publication date: 14-Jun-2016
https://dl.acm.org/doi/10.1145/3241624.2926706
Parihar RBrock JDing CHuang M(2016)Hardware support for protective and collaborative cache sharingACM SIGPLAN Notices10.1145/3241624.292670551:11(24-35)Online publication date: 14-Jun-2016
https://dl.acm.org/doi/10.1145/3241624.2926705
Ren YParmer GGeorgiev TBloom G(2016)CBufs: efficient, system-wide memory management and sharingACM SIGPLAN Notices10.1145/3241624.292670351:11(68-77)Online publication date: 14-Jun-2016
https://dl.acm.org/doi/10.1145/3241624.2926703
Österlund ELöwe W(2016)Block-free concurrent GC: stack scanning and copyingACM SIGPLAN Notices10.1145/3241624.292670151:11(1-12)Online publication date: 14-Jun-2016
https://dl.acm.org/doi/10.1145/3241624.2926701
Ma ADragga CArpaci-Dusseau AArpaci-Dusseau RMckusick M(2014)FfsckACM Transactions on Storage10.1145/256001110:1(1-28)Online publication date: 1-Jan-2014
https://dl.acm.org/doi/10.1145/2560011
Zhang GLiu JLiu J(2013)Protecting Sensitive Attributes in Attribute Based Access ControlService-Oriented Computing10.1007/978-3-642-37804-1_30(294-305)Online publication date: 2013
https://doi.org/10.1007/978-3-642-37804-1_30
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten