Skip to main content

Model Checking of Qualitative Sensitivity Preferences to Minimize Credential Disclosure

  • Conference paper
Formal Aspects of Component Software (FACS 2012)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 7684))

Included in the following conference series:


In most client-server interactions over the Web, the server requires the client to disclose certain credentials before providing the client with the requested service (server policy). The client, on the other hand, wants to minimize the sensitivity of the set of credentials disclosed (client preference). We present a qualitative preference formalism based on conditional importance networks (CI-nets) for representing and reasoning with client preferences over the relative sensitivity of sets of credentials. The semantics of CI-net preferences is described using a preference graph over the set of credentials for which the preferences are expressed. We develop a model checking-based approach for analyzing the preference graph, efficiently verifying whether one set of credentials is more sensitive than another (dominance testing). Further, we identify the least (minimum) sensitive set of information that may be disclosed by the client to get access to the desired service. We present a technique based on iterative verification and refinement of the preference graph for computing a sequence of credential sets, ensuring that a credential set with higher sensitivity is never returned before one with lower sensitivity. We present a prototype implementation and preliminary simulation results.

This work is supported in part by U.S. National Science Foundation grants CCF0702758 and CCF1143734.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
EUR 32.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
USD 54.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 72.00
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others


  1. Ardagna, C.A., De Capitani di Vimercati, S., Foresti, S., Neven, G., Paraboschi, S., Preiss, F.-S., Samarati, P., Verdicchio, M.: Fine-Grained Disclosure of Access Policies. In: Soriano, M., Qing, S., López, J. (eds.) ICICS 2010. LNCS, vol. 6476, pp. 16–30. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  2. Bouveret, S., Endriss, U., Lang, J.: Conditional importance networks: A graphical language for representing ordinal, monotonic preferences over sets of goods. In: Boutilier, C. (ed.) IJCAI, pp. 67–72 (2009)

    Google Scholar 

  3. Brafman, R.I., Domshlak, C., Shimony, S.E.: On graphical modeling of preference and importance. J. Artif. Intell. Res. (JAIR) 25, 389–424 (2006)

    MathSciNet  MATH  Google Scholar 

  4. Chen, W., Clarke, L., Kurose, J., Towsley, D.: Optimizing cost-sensitive trust-negotiation protocols. In: INFOCOM, pp. 1431–1442 (2005)

    Google Scholar 

  5. Clarke, E., Grumberg, O., Peled, D.: Model Checking. MIT Press (January 2000)

    Google Scholar 

  6. Goldsmith, J., Lang, J., Truszczynski, M., Wilson, N.: The computational complexity of dominance and consistency in CP-nets. JAIR 33, 403–432 (2008)

    MathSciNet  MATH  Google Scholar 

  7. Kärger, P., Olmedilla, D., Balke, W.-T.: Exploiting Preferences for Minimal Credential Disclosure in Policy-Driven Trust Negotiations. In: Jonker, W., Petković, M. (eds.) SDM 2008. LNCS, vol. 5159, pp. 99–118. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  8. McMillan, K.L.: Cadence SMV (software). Release 10-11-02p1 (2002),

  9. Oster, Z.J., Santhanam, G.R., Basu, S.: Automating analysis of qualitative preferences in goal-oriented requirements engineering. In: Alexander, P., Pasareanu, C.S., Hosking, J.G. (eds.) ASE, pp. 448–451. IEEE (2011)

    Google Scholar 

  10. Pnueli, A.: The temporal logic of programs. In: FOCS, pp. 46–57. IEEE Computer Society (1977)

    Google Scholar 

  11. Santhanam, G.R., Basu, S., Honavar, V.: Dominance testing via model checking. In: AAAI, pp. 357–362. AAAI Press (2010)

    Google Scholar 

  12. Winsborough, W., Seamons, K., Jones, V.: Automated trust negotiation. In: Proceedings DARPA Information Survivability Conference and Exposition, DISCEX 2000, vol. 1, pp. 88–102. IEEE (2000)

    Google Scholar 

  13. Winsborough, W.H., Li, N.: Safety in automated trust negotiation. In: IEEE Symposium on Security and Privacy, pp. 147–160. IEEE Computer Society (2004)

    Google Scholar 

  14. Yao, D., Frikken, K.B., Atallah, M.J., Tamassia, R.: Private information: To reveal or not to reveal. ACM Trans. Inf. Syst. Secur. 12, 6:1–6:27 (2008)

    Google Scholar 

  15. Yu, T., Winslett, M., Seamons, K.E.: Interoperable strategies in automated trust negotiation. In: Reiter, M.K., Samarati, P. (eds.) ACM Conference on Computer and Communications Security, pp. 146–155. ACM (2001)

    Google Scholar 

Download references

Author information

Authors and Affiliations


Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Oster, Z.J., Santhanam, G.R., Basu, S., Honavar, V. (2013). Model Checking of Qualitative Sensitivity Preferences to Minimize Credential Disclosure. In: Păsăreanu, C.S., Salaün, G. (eds) Formal Aspects of Component Software. FACS 2012. Lecture Notes in Computer Science, vol 7684. Springer, Berlin, Heidelberg.

Download citation

  • DOI:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-35860-9

  • Online ISBN: 978-3-642-35861-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics