skip to main content
article

Safety in automated trust negotiation

Published: 01 August 2006 Publication History

Abstract

Exchange of attribute credentials is a means to establish mutual trust between strangers wishing to share resources or conduct business transactions. Automated Trust Negotiation (ATN) is an approach to regulate the exchange of sensitive information during this process. It treats credentials as potentially sensitive resources, access to which is under policy control. Negotiations that correctly enforce policies have been called “safe” in the literature. Prior work on ATN lacks an adequate definition of this safety notion. In large part, this is because fundamental questions such as “what needs to be protected in ATN?” and “what are the security requirements?” are not adequately answered. As a result, many prior methods of ATN have serious security holes. We introduce a formal framework for ATN in which we give precise, usable, and intuitive definitions of correct enforcement of policies in ATN. We argue that our chief safety notion captures intuitive security goals. We give precise comparisons of this notion with two alternative safety notions that may seem intuitive, but that are seen to be inadequate under closer inspection. We prove that an approach to ATN from the literature meets the requirements set forth in the preferred safety definition, thus validating the safety of that approach, as well as the usability of the definition.

References

[1]
Blaze, M., Feigenbaum, J., and Lacy, J. 1996. Decentralized trust management. In Proceedings of the 1996 IEEE Symposium on Security and Privacy. IEEE Computer Society Press, Piscataway, New Jersey. 164--173.
[2]
Bonatti, P. and Samarati, P. 2000. Regulating service access and information release on the web. In Proceedings of the 7th ACM Conference on Computer and Communications Security (CCS-7). ACM Press, New York. 134--143.
[3]
Bonatti, P., Kraus, S., and Subrahmanian, V. S. 1995. Foundations of secure deductive databases. Knowledge and Data Engineering 7, 3, 406--422.
[4]
Domingo-Ferrer, J., Ed. 2002. Inference Control in Statistical Databases, From Theory to Practice. Lecture Notes in Computer Science, vol. 2316. Springer-Verlag, New York.
[5]
Goguen, J. and Meseguer, J. 1982. Security policies and security models. In Proceedings of the 1982 IEEE Symposium on Security and Privacy. IEEE Computer Society Press, Piscataway, New Jersey. 11--20.
[6]
Goldreich, O. 2001. The foundations of cryptography---Vol. 1: Basic tools. Cambridge University Press, Cambridge.
[7]
Herzberg, A., Mass, Y., Mihaeli, J., Naor, D., and Ravid, Y. 2000. Access control meets public key infrastructure, or: Assigning roles to strangers. In Proceedings of the 2000 IEEE Symposium on Security and Privacy. IEEE Computer Society Press, Piscataway, New Jersey. 2--14.
[8]
Hess, A., Jacobson, J., Mills, H., Wamsley, R., Seamons, K. E., and Smith, B. 2002. Advanced client/server authentication in TLS. In Network and Distributed System Security Symposium. 203--214.
[9]
Holt, J. E., Bradshaw, R. W., Seamons, K. E., and Orman, H. 2003. Hidden credentials. In Proceedings of the 2nd ACM Workshop on Privacy in the Electronic Society.
[10]
Li, J., Li, N., and Winsborough, W. H. 2005. Automated trust negotiation using cryptographic credentials. In CCS '05: Proceedings of the 12th ACM conference on Computer and communications security. ACM Press, New York. 46--57.
[11]
Li, N., Mitchell, J. C., and Winsborough, W. H. 2002. Design of a role-based trust management framework. In Proceedings of the 2002 IEEE Symposium on Security and Privacy. IEEE Computer Society Press, Piscataway, New Jersey. 114--130.
[12]
Li, N., Du, W., and Boneh, D. 2003a. Oblivious signature-based envelope. In Proceedings of the 22nd ACM Symposium on Principles of Distributed Computing (PODC 2003). ACM Press, New York.
[13]
Li, N., Grosof, B. N., and Feigenbaum, J. 2003b. Delegation Logic: A logic-based approach to distributed authorization. ACM Transactions on Information and System Security (TISSEC) 6, 1 (Feb.), 128--171.
[14]
Li, N., Winsborough, W. H., and Mitchell, J. C. 2003c. Distributed credential chain discovery in trust management. Journal of Computer Security 11, 1 (Feb.), 35--86.
[15]
Rivest, R. L., Shamir, A., and Adleman, L. M. 1978. A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM 21, 120--126.
[16]
Seamons, K. E., Winslett, M., and Yu, T. 2001. Limiting the disclosure of access control policies during automated trust negotiation. In Proceedings of the Symposium on Network and Distributed System Security (NDSS'01).
[17]
Seamons, K. E., Winslett, M., Yu, T., Yu, L., and Jarvis, R. 2002. Protecting privacy during on-line trust negotiation. In 2nd Workshop on Privacy Enhancing Technologies. Springer-Verlag, New York.
[18]
Staddon, J. 2003. Dynamic inference control. In Proceedings of the 8th ACM SIGMOD Workshop on Research issues in data mining and knowledge discovery. ACM Press, New York. 94--100.
[19]
Sutherland, D. 1986. A model of information. In Proceedings of the 9th National Computer Security Conference. 175--183.
[20]
Wang, L., Wijesekera, D., and Jajodia, S. 2003. Cardinality-based inference control in data cubes. Journal of Computer Security 12, 5 (Sept. 2004), 655--692.
[21]
Winsborough, W. H. and Li, N. 2002a. Protecting sensitive attributes in automated trust negotiation. In Proceedings of the ACM Workshop on Privacy in the Electronic Society. ACM Press, New York, 41--51.
[22]
Winsborough, W. H. and Li, N. 2002b. Towards practical automated trust negotiation. In Proceedings of the Third International Workshop on Policies for Distributed Systems and Networks (Policy 2002). IEEE Computer Society Press, Piscataway, New Jersey. 92--103.
[23]
Winsborough, W. H., Seamons, K. E., and Jones, V. E. 2000. Automated trust negotiation. In DARPA Information Survivability Conference and Exposition. Vol. I. IEEE Press, Piscataway, New Jersey. 88--102.
[24]
Winslett, M., Yu, T., Seamons, K. E., Hess, A., Jacobson, J., Jarvis, R., Smith, B., and Yu, L. 2002. Negotiating trust on the web. IEEE Internet Computing 6, 6 (Nov./Dec.), 30--37.
[25]
Yu, T. and Winslett, M. 2003a. Policy migration for sensitive credentials in trust negotiation. In Proceedings of the ACM Workshop on Privacy in the Electronic Society. ACM Press, New York. 9--20.
[26]
Yu, T. and Winslett, M. 2003b. Unified scheme for resource protection in automated trust negotiation. In Proceedings of IEEE Symposium on Security and Privacy. IEEE Computer Society Press, Piscataway, New Jersey. 110--122.
[27]
Yu, T., Ma, X., and Winslett, M. 2000. Prunes: An efficient and complete strategy for trust negotiation over the internet. In Proceedings of the 7th ACM Conference on Computer and Communications Security (CCS-7). ACM Press, 210--219.
[28]
Yu, T., Winslett, M., and Seamons, K. E. 2003. Supporting structured credentials and sensitive policies through interoperable strategies for automated trust negotiation. ACM Transactions on Information and System Security (TISSEC) 6, 1 (Feb.), 1--42.

Cited By

View all
  • (2019)Trust Management Systems: a Retrospective Study on Digital TrustCyber‐Vigilance and Digital Trust10.1002/9781119618393.ch2(51-103)Online publication date: 24-Apr-2019
  • (2017)Impact of social influence on trust management within communities of agentsWeb Intelligence10.3233/WEB-17036115:3(251-268)Online publication date: 11-Aug-2017
  • (2015)A description logic-based policy compliance checker for trust negotiationPeer-to-Peer Networking and Applications10.1007/s12083-015-0343-19:2(372-383)Online publication date: 1-Apr-2015
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Transactions on Information and System Security
ACM Transactions on Information and System Security  Volume 9, Issue 3
August 2006
156 pages
ISSN:1094-9224
EISSN:1557-7406
DOI:10.1145/1178618
Issue’s Table of Contents

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 August 2006
Published in TISSEC Volume 9, Issue 3

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. Access control
  2. attribute-based access control
  3. automated trust negotiation
  4. credentials
  5. safety
  6. strategy

Qualifiers

  • Article

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)8
  • Downloads (Last 6 weeks)2
Reflects downloads up to 21 Jan 2025

Other Metrics

Citations

Cited By

View all
  • (2019)Trust Management Systems: a Retrospective Study on Digital TrustCyber‐Vigilance and Digital Trust10.1002/9781119618393.ch2(51-103)Online publication date: 24-Apr-2019
  • (2017)Impact of social influence on trust management within communities of agentsWeb Intelligence10.3233/WEB-17036115:3(251-268)Online publication date: 11-Aug-2017
  • (2015)A description logic-based policy compliance checker for trust negotiationPeer-to-Peer Networking and Applications10.1007/s12083-015-0343-19:2(372-383)Online publication date: 1-Apr-2015
  • (2013)An ontology-based approach to automated trust negotiationComputer Standards & Interfaces10.1016/j.csi.2013.03.00336:1(219-230)Online publication date: 1-Nov-2013
  • (2012)Integrating trust management and access control in data-intensive Web applicationsACM Transactions on the Web10.1145/2180861.21808636:2(1-43)Online publication date: 4-Jun-2012
  • (2012)A Flexible Approach to Multisession Trust NegotiationsIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2011.319:1(16-29)Online publication date: 1-Jan-2012
  • (2011)Opacity analysis in trust management systemsProceedings of the 14th international conference on Information security10.5555/2051002.2051024(229-245)Online publication date: 26-Oct-2011
  • (2011)A probability-based approach to modeling the risk of unauthorized propagation of information in on-line social networksProceedings of the first ACM conference on Data and application security and privacy10.1145/1943513.1943522(51-62)Online publication date: 21-Feb-2011
  • (2011)RESEARCH ON TRUST PREDICTION MODEL FOR SELECTING WEB SERVICES BASED ON MULTIPLE DECISION FACTORSInternational Journal of Software Engineering and Knowledge Engineering10.1142/S021819401100560821:08(1075-1096)Online publication date: Dec-2011
  • (2011)Opacity Analysis in Trust Management SystemsInformation Security10.1007/978-3-642-24861-0_16(229-245)Online publication date: 2011
  • Show More Cited By

View Options

Login options

Full Access

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media