Policy Migration for Sensitive Credentials in Trust Negotiation

Ting Yu, Marianne Winslett

Research output: Chapter in Book/Report/Conference proceedingConference contribution

33 Citations (Scopus)

Abstract

Trust negotiation is an approach to establishing trust between strangers through the bilateral, iterative disclosure of digital credentials. Under automated trust negotiation, access control policies are associated with sensitive credentials to control under what circumstances those credentials can be disclosed. Ideally, the information in a user's sensitive credential should not be known by others unless the corresponding policy is satisfied. However, the original model for user interaction in trust negotiation has pitfalls which can be easily exploited to infer one's private information, even if access control policies are strictly enforced. To preserve one's privacy, a more flexible interaction model for trust negotiation is required. On the other hand, it is also desirable for two parties to be able to establish trust whenever possible. There is potentially a conflict between privacy preservation and the assurance of a successful trust negotiation. In this paper, we identify the situation where sensitive information can be inferred through observing one's behavior in trust negotiation. Then we propose policy migration as one approach to preventing such inference. Compared to previously proposed approaches, policy migration has a low management overhead, and provides a nice balance between inference prevention and guarantees of success in trust establishment. We also discuss the limitations of policy migration, and possible directions for more comprehensive solutions.

Original languageEnglish
Title of host publicationProceedings of the ACM Workshop on Privacy in the Electronic Society
EditorsP. Samarati, P. Syverson, P. Samarati, P. Syverson
Pages9-20
Number of pages12
Publication statusPublished - 1 Dec 2003
Externally publishedYes
EventProceedings of the 2003 ACM Workshop on Privacy in the Electronic Society, WPES 2003 - Washington, DC, United States
Duration: 30 Oct 200330 Oct 2003

Other

OtherProceedings of the 2003 ACM Workshop on Privacy in the Electronic Society, WPES 2003
CountryUnited States
CityWashington, DC
Period30/10/0330/10/03

Fingerprint

Access control

Keywords

  • Policy migration
  • Trust negotiation

ASJC Scopus subject areas

  • Human-Computer Interaction
  • Computer Networks and Communications

Cite this

Yu, T., & Winslett, M. (2003). Policy Migration for Sensitive Credentials in Trust Negotiation. In P. Samarati, P. Syverson, P. Samarati, & P. Syverson (Eds.), Proceedings of the ACM Workshop on Privacy in the Electronic Society (pp. 9-20)

Policy Migration for Sensitive Credentials in Trust Negotiation. / Yu, Ting; Winslett, Marianne.

Proceedings of the ACM Workshop on Privacy in the Electronic Society. ed. / P. Samarati; P. Syverson; P. Samarati; P. Syverson. 2003. p. 9-20.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Yu, T & Winslett, M 2003, Policy Migration for Sensitive Credentials in Trust Negotiation. in P Samarati, P Syverson, P Samarati & P Syverson (eds), Proceedings of the ACM Workshop on Privacy in the Electronic Society. pp. 9-20, Proceedings of the 2003 ACM Workshop on Privacy in the Electronic Society, WPES 2003, Washington, DC, United States, 30/10/03.
Yu T, Winslett M. Policy Migration for Sensitive Credentials in Trust Negotiation. In Samarati P, Syverson P, Samarati P, Syverson P, editors, Proceedings of the ACM Workshop on Privacy in the Electronic Society. 2003. p. 9-20
Yu, Ting ; Winslett, Marianne. / Policy Migration for Sensitive Credentials in Trust Negotiation. Proceedings of the ACM Workshop on Privacy in the Electronic Society. editor / P. Samarati ; P. Syverson ; P. Samarati ; P. Syverson. 2003. pp. 9-20
@inproceedings{906aad089c28442ea3e3f2b195550679,
title = "Policy Migration for Sensitive Credentials in Trust Negotiation",
abstract = "Trust negotiation is an approach to establishing trust between strangers through the bilateral, iterative disclosure of digital credentials. Under automated trust negotiation, access control policies are associated with sensitive credentials to control under what circumstances those credentials can be disclosed. Ideally, the information in a user's sensitive credential should not be known by others unless the corresponding policy is satisfied. However, the original model for user interaction in trust negotiation has pitfalls which can be easily exploited to infer one's private information, even if access control policies are strictly enforced. To preserve one's privacy, a more flexible interaction model for trust negotiation is required. On the other hand, it is also desirable for two parties to be able to establish trust whenever possible. There is potentially a conflict between privacy preservation and the assurance of a successful trust negotiation. In this paper, we identify the situation where sensitive information can be inferred through observing one's behavior in trust negotiation. Then we propose policy migration as one approach to preventing such inference. Compared to previously proposed approaches, policy migration has a low management overhead, and provides a nice balance between inference prevention and guarantees of success in trust establishment. We also discuss the limitations of policy migration, and possible directions for more comprehensive solutions.",
keywords = "Policy migration, Trust negotiation",
author = "Ting Yu and Marianne Winslett",
year = "2003",
month = "12",
day = "1",
language = "English",
isbn = "1581137761",
pages = "9--20",
editor = "P. Samarati and P. Syverson and P. Samarati and P. Syverson",
booktitle = "Proceedings of the ACM Workshop on Privacy in the Electronic Society",

}

TY - GEN

T1 - Policy Migration for Sensitive Credentials in Trust Negotiation

AU - Yu, Ting

AU - Winslett, Marianne

PY - 2003/12/1

Y1 - 2003/12/1

N2 - Trust negotiation is an approach to establishing trust between strangers through the bilateral, iterative disclosure of digital credentials. Under automated trust negotiation, access control policies are associated with sensitive credentials to control under what circumstances those credentials can be disclosed. Ideally, the information in a user's sensitive credential should not be known by others unless the corresponding policy is satisfied. However, the original model for user interaction in trust negotiation has pitfalls which can be easily exploited to infer one's private information, even if access control policies are strictly enforced. To preserve one's privacy, a more flexible interaction model for trust negotiation is required. On the other hand, it is also desirable for two parties to be able to establish trust whenever possible. There is potentially a conflict between privacy preservation and the assurance of a successful trust negotiation. In this paper, we identify the situation where sensitive information can be inferred through observing one's behavior in trust negotiation. Then we propose policy migration as one approach to preventing such inference. Compared to previously proposed approaches, policy migration has a low management overhead, and provides a nice balance between inference prevention and guarantees of success in trust establishment. We also discuss the limitations of policy migration, and possible directions for more comprehensive solutions.

AB - Trust negotiation is an approach to establishing trust between strangers through the bilateral, iterative disclosure of digital credentials. Under automated trust negotiation, access control policies are associated with sensitive credentials to control under what circumstances those credentials can be disclosed. Ideally, the information in a user's sensitive credential should not be known by others unless the corresponding policy is satisfied. However, the original model for user interaction in trust negotiation has pitfalls which can be easily exploited to infer one's private information, even if access control policies are strictly enforced. To preserve one's privacy, a more flexible interaction model for trust negotiation is required. On the other hand, it is also desirable for two parties to be able to establish trust whenever possible. There is potentially a conflict between privacy preservation and the assurance of a successful trust negotiation. In this paper, we identify the situation where sensitive information can be inferred through observing one's behavior in trust negotiation. Then we propose policy migration as one approach to preventing such inference. Compared to previously proposed approaches, policy migration has a low management overhead, and provides a nice balance between inference prevention and guarantees of success in trust establishment. We also discuss the limitations of policy migration, and possible directions for more comprehensive solutions.

KW - Policy migration

KW - Trust negotiation

UR - http://www.scopus.com/inward/record.url?scp=1642275617&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=1642275617&partnerID=8YFLogxK

M3 - Conference contribution

SN - 1581137761

SN - 9781581137767

SP - 9

EP - 20

BT - Proceedings of the ACM Workshop on Privacy in the Electronic Society

A2 - Samarati, P.

A2 - Syverson, P.

A2 - Samarati, P.

A2 - Syverson, P.

ER -