A unified scheme for resource protection in automated trust negotiation

Ting Yu, M. Winslett

Research output: Chapter in Book/Report/Conference proceedingConference contribution

20 Citations (Scopus)

Abstract

Automated trust negotiation is an approach to establishing trust between strangers through iterative disclosure of digital credentials. In automated trust negotiation, access control policies play a key role in protecting resources from unauthorized access. Unlike in traditional trust management systems, the access control policy for a resource is usually unknown to the party requesting access to the resource, when trust negotiation starts. The negotiating parties can rely on policy disclosures to learn each other's access control requirements. However a policy itself may also contain sensitive information. Disclosing policies' contents unconditionally may leak valuable business information or jeopardize individuals' privacy. In this paper we propose UniPro, a unified scheme to model protection of resources, including policies, in trust negotiation. UniPro improves on previous work by modeling policies as first-class resources, protecting them in the same way as other resources, providing fine-grained control over policy disclosure, and clearly distinguishing between policy disclosure and policy satisfaction, which gives users more flexibility in expressing their authorization requirements. We also show that UniPro can be used with practical negotiation strategies without jeopardizing autonomy in the choice of strategy, and present criteria under which negotiations using UniPro are guaranteed to succeed in establishing trust.

Original languageEnglish
Title of host publicationProceedings - IEEE Symposium on Security and Privacy
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages110-122
Number of pages13
Volume2003-January
ISBN (Print)0769519407
DOIs
Publication statusPublished - 2003
Externally publishedYes
Event2003 Symposium on Security and Privacy, SP 2003 - Berkeley, United States
Duration: 11 May 200314 May 2003

Other

Other2003 Symposium on Security and Privacy, SP 2003
CountryUnited States
CityBerkeley
Period11/5/0314/5/03

Fingerprint

Access control
Industry

ASJC Scopus subject areas

  • Safety, Risk, Reliability and Quality
  • Software
  • Computer Networks and Communications

Cite this

Yu, T., & Winslett, M. (2003). A unified scheme for resource protection in automated trust negotiation. In Proceedings - IEEE Symposium on Security and Privacy (Vol. 2003-January, pp. 110-122). [1199331] Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/SECPRI.2003.1199331

A unified scheme for resource protection in automated trust negotiation. / Yu, Ting; Winslett, M.

Proceedings - IEEE Symposium on Security and Privacy. Vol. 2003-January Institute of Electrical and Electronics Engineers Inc., 2003. p. 110-122 1199331.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Yu, T & Winslett, M 2003, A unified scheme for resource protection in automated trust negotiation. in Proceedings - IEEE Symposium on Security and Privacy. vol. 2003-January, 1199331, Institute of Electrical and Electronics Engineers Inc., pp. 110-122, 2003 Symposium on Security and Privacy, SP 2003, Berkeley, United States, 11/5/03. https://doi.org/10.1109/SECPRI.2003.1199331
Yu T, Winslett M. A unified scheme for resource protection in automated trust negotiation. In Proceedings - IEEE Symposium on Security and Privacy. Vol. 2003-January. Institute of Electrical and Electronics Engineers Inc. 2003. p. 110-122. 1199331 https://doi.org/10.1109/SECPRI.2003.1199331
Yu, Ting ; Winslett, M. / A unified scheme for resource protection in automated trust negotiation. Proceedings - IEEE Symposium on Security and Privacy. Vol. 2003-January Institute of Electrical and Electronics Engineers Inc., 2003. pp. 110-122
@inproceedings{dd76bb8f3c814f47ae5e673b5576ad85,
title = "A unified scheme for resource protection in automated trust negotiation",
abstract = "Automated trust negotiation is an approach to establishing trust between strangers through iterative disclosure of digital credentials. In automated trust negotiation, access control policies play a key role in protecting resources from unauthorized access. Unlike in traditional trust management systems, the access control policy for a resource is usually unknown to the party requesting access to the resource, when trust negotiation starts. The negotiating parties can rely on policy disclosures to learn each other's access control requirements. However a policy itself may also contain sensitive information. Disclosing policies' contents unconditionally may leak valuable business information or jeopardize individuals' privacy. In this paper we propose UniPro, a unified scheme to model protection of resources, including policies, in trust negotiation. UniPro improves on previous work by modeling policies as first-class resources, protecting them in the same way as other resources, providing fine-grained control over policy disclosure, and clearly distinguishing between policy disclosure and policy satisfaction, which gives users more flexibility in expressing their authorization requirements. We also show that UniPro can be used with practical negotiation strategies without jeopardizing autonomy in the choice of strategy, and present criteria under which negotiations using UniPro are guaranteed to succeed in establishing trust.",
author = "Ting Yu and M. Winslett",
year = "2003",
doi = "10.1109/SECPRI.2003.1199331",
language = "English",
isbn = "0769519407",
volume = "2003-January",
pages = "110--122",
booktitle = "Proceedings - IEEE Symposium on Security and Privacy",
publisher = "Institute of Electrical and Electronics Engineers Inc.",

}

TY - GEN

T1 - A unified scheme for resource protection in automated trust negotiation

AU - Yu, Ting

AU - Winslett, M.

PY - 2003

Y1 - 2003

N2 - Automated trust negotiation is an approach to establishing trust between strangers through iterative disclosure of digital credentials. In automated trust negotiation, access control policies play a key role in protecting resources from unauthorized access. Unlike in traditional trust management systems, the access control policy for a resource is usually unknown to the party requesting access to the resource, when trust negotiation starts. The negotiating parties can rely on policy disclosures to learn each other's access control requirements. However a policy itself may also contain sensitive information. Disclosing policies' contents unconditionally may leak valuable business information or jeopardize individuals' privacy. In this paper we propose UniPro, a unified scheme to model protection of resources, including policies, in trust negotiation. UniPro improves on previous work by modeling policies as first-class resources, protecting them in the same way as other resources, providing fine-grained control over policy disclosure, and clearly distinguishing between policy disclosure and policy satisfaction, which gives users more flexibility in expressing their authorization requirements. We also show that UniPro can be used with practical negotiation strategies without jeopardizing autonomy in the choice of strategy, and present criteria under which negotiations using UniPro are guaranteed to succeed in establishing trust.

AB - Automated trust negotiation is an approach to establishing trust between strangers through iterative disclosure of digital credentials. In automated trust negotiation, access control policies play a key role in protecting resources from unauthorized access. Unlike in traditional trust management systems, the access control policy for a resource is usually unknown to the party requesting access to the resource, when trust negotiation starts. The negotiating parties can rely on policy disclosures to learn each other's access control requirements. However a policy itself may also contain sensitive information. Disclosing policies' contents unconditionally may leak valuable business information or jeopardize individuals' privacy. In this paper we propose UniPro, a unified scheme to model protection of resources, including policies, in trust negotiation. UniPro improves on previous work by modeling policies as first-class resources, protecting them in the same way as other resources, providing fine-grained control over policy disclosure, and clearly distinguishing between policy disclosure and policy satisfaction, which gives users more flexibility in expressing their authorization requirements. We also show that UniPro can be used with practical negotiation strategies without jeopardizing autonomy in the choice of strategy, and present criteria under which negotiations using UniPro are guaranteed to succeed in establishing trust.

UR - http://www.scopus.com/inward/record.url?scp=84954418287&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84954418287&partnerID=8YFLogxK

U2 - 10.1109/SECPRI.2003.1199331

DO - 10.1109/SECPRI.2003.1199331

M3 - Conference contribution

SN - 0769519407

VL - 2003-January

SP - 110

EP - 122

BT - Proceedings - IEEE Symposium on Security and Privacy

PB - Institute of Electrical and Electronics Engineers Inc.

ER -