TY - GEN
T1 - Preventing attribute information leakage in automated trust negotiation
AU - Irwin, Keith
AU - Yu, Ting
PY - 2005
Y1 - 2005
N2 - Automated trust negotiation is an approach which establishes trust between strangers through the bilateral, iterative disclosure of digital credentials. Sensitive credentials are protected by access control policies which may also be communicated to the other party. Ideally, sensitive information should not be known by others unless its access control policy has been satisfied. However, due to bilateral information exchange, information may flow to others in a variety of forms, many of which cannot be protected by access control policies alone. In particular, sensitive information may be inferred by observing negotiation participants' behavior even when access control policies are strictly enforced. In this paper, we propose a general framework for the safety of trust negotiation systems. Compared to the existing safety model, our framework focuses on the actual information gain during trust negotiation instead of the exchanged messages. Thus, it directly reflects the essence of safety in sensitive information protection. Based on the proposed framework, we develop policy databases as a mechanism to help prevent unauthorized information inferences during trust negotiation. We show that policy databases achieve the same protection of sensitive information as existing solutions without imposing additional complications to the interaction between negotiation participants or restricting users' autonomy in defining their own policies.
AB - Automated trust negotiation is an approach which establishes trust between strangers through the bilateral, iterative disclosure of digital credentials. Sensitive credentials are protected by access control policies which may also be communicated to the other party. Ideally, sensitive information should not be known by others unless its access control policy has been satisfied. However, due to bilateral information exchange, information may flow to others in a variety of forms, many of which cannot be protected by access control policies alone. In particular, sensitive information may be inferred by observing negotiation participants' behavior even when access control policies are strictly enforced. In this paper, we propose a general framework for the safety of trust negotiation systems. Compared to the existing safety model, our framework focuses on the actual information gain during trust negotiation instead of the exchanged messages. Thus, it directly reflects the essence of safety in sensitive information protection. Based on the proposed framework, we develop policy databases as a mechanism to help prevent unauthorized information inferences during trust negotiation. We show that policy databases achieve the same protection of sensitive information as existing solutions without imposing additional complications to the interaction between negotiation participants or restricting users' autonomy in defining their own policies.
KW - Attribute-based access control
KW - Privacy
KW - Trust negotiation
UR - http://www.scopus.com/inward/record.url?scp=33745772562&partnerID=8YFLogxK
U2 - 10.1145/1102120.1102128
DO - 10.1145/1102120.1102128
M3 - Conference contribution
AN - SCOPUS:33745772562
SN - 1595932267
SN - 9781595932266
T3 - Proceedings of the ACM Conference on Computer and Communications Security
SP - 36
EP - 45
BT - CCS 2005 - Proceedings of the 12th ACM Conference on Computer and Communications Security
T2 - CCS 2005 - 12th ACM Conference on Computer and Communications Security
Y2 - 7 November 2005 through 11 November 2005
ER -