Advertisement

A New Approach to Hide Policy for Automated Trust Negotiation

  • Hai Jin
  • Zhensong Liao
  • Deqing Zou
  • Weizhong Qiang
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4266)

Abstract

Automated trust negotiation (ATN) is an important approach to establish trust between strangers through the exchange of credentials and access control policies. In practice, access control policy may contain sensitive information. The negotiation process becomes complicated when the access control policy is designed complex in order to avoid information leakage. Furthermore, if the access control policy has conflicts or cycles, normal negotiation strategies often fail. In this paper, a new approach to hide access control policy is proposed based on the study on the existing problems. In the approach, the policy consistency is checked so as to detect policy conflicts. 0-1 table is used to implement it as well as discover minimal credential-set. Meanwhile, a practical example shows that the approach is suitable and can effectively protect sensitive information in access control policy.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Winsborough, W.H., Li, N.: Towards practical automated trust negotiation. In: Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks, pp. 92–103 (2002)Google Scholar
  2. 2.
    Yu, T., Winslett, M.: A Unified Scheme for Resource Protection in Automated Trust Negotiation. In: Proceedings of IEEE Symposium on Security and Privacy, pp. 245–257 (2003)Google Scholar
  3. 3.
    Yu, T.: Dynamic Trust Establishment in Open Systems, PhD thesis, Department of Computer Science, University of Illinois (September 2003)Google Scholar
  4. 4.
    Winsborough, W.H., Seamons, K.E., Jones, V.E.: Automated trust negotiation. In: Proceedings of DARPA Information Survivability Conference and Exposition, pp. 88–102 (2000)Google Scholar
  5. 5.
    Winsborough, W.H., Li, N.: Protecting sensitive attributes in automated trust negotiation. In: Proceeding of ACM Workshop on Privacy in the Electronic Society, pp. 102–113 (2002)Google Scholar
  6. 6.
    Winsborough, W.H., Li, N.: Safety in automated trust negotiation. In: Proceedings of the IEEE symposium on Security and Privacy, pp. 147–160 (2004)Google Scholar
  7. 7.
    Seamons, K., Winslett, M., Yu, T.: Limiting the Disclosure of Access Control Policies during Automated Trust Negotiation. In: Proceedings of Network and Distributed System Security Symposium, pp. 45–56 (2001)Google Scholar
  8. 8.
    Bonatti, P., Samarati, P.: Regulating Service Access and Information Release on the Web. In: Proceeding of 7th ACM Conference on Computer and Communications Security, pp. 78–87 (2000)Google Scholar
  9. 9.
    Li, N., Du, W., Boneh, D.: Oblivious signature-based envelope. In: Proceeding of the 22nd ACM Symposium on Principles of Distributed Computing, pp. 182–189 (2003)Google Scholar
  10. 10.
    Bertino, E., Ferrari, E., Squicciarini, A.C.: Privacy-preserving trust negotiation. In: Martin, D., Serjantov, A. (eds.) PET 2004. LNCS, vol. 3424, pp. 283–301. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  11. 11.
    Holt, J.E., Bradshaw, R., Seamons, K.E., Orman, H.: Hidden credentials. In: Proceedings of 2nd ACM Workshop on Privacy in the Electronic Society, pp. 1–8 (2003)Google Scholar
  12. 12.
    Boneh, D., Franklin, M.: Identity based encryption from the Weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  13. 13.
    Bradshaw, R.W., Holt, J.E., Seamons, K.E.: Concealing Complex Policies with Hidden Credentials. In: Proceedings of the 4th ACM Conference on Computer and Communications Security, pp. 245–253 (2004)Google Scholar
  14. 14.
    Frikken, K., Atallah, M., Li, J.: Hidden Access Control Policies with Hidden Credentials. In: Proceedings of the 3rd ACM Workshop on Privacy in the Electronic Society, pp. 130–131 (2004)Google Scholar
  15. 15.
    Li, J., Li, N.: OACerts: Oblivious Attribute Certificates. In: Proceeding of 3rd Conference on Applied Cryptography and Network Security, pp. 108–121 (2003)Google Scholar
  16. 16.
    Yu, T., Ma, X., Winslett, M.: PRUNES: An Efficient and Complete Strategy for Automated Trust Negotiation over the Internet. In: Proceeding of the 2000 ACM Conference on Computer and Communications Security, pp. 88–97 (2000)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Hai Jin
    • 1
  • Zhensong Liao
    • 1
  • Deqing Zou
    • 1
  • Weizhong Qiang
    • 1
  1. 1.Cluster and Grid Computing LabHuazhong University of Science and TechnologyWuhanChina

Personalised recommendations