PP-trust-X: A system for privacy preserving trust negotiations

ACM Transactions on Information and System Security

Volumn 10, Issue 3, 2007, Pages

  Squicciarini, A ^a,e   Bertino, E ^a,e   Ferrari, Elena ^b   Paci, F ^c   Thuraisingham, B ^d,f  

^a PURDUE UNIVERSITY   (United States)

^b UNIVERSITY OF INSUBRIA   (Italy)

^c UNIVERSITY OF MILAN   (Italy)

^d UNIVERSITY OF TEXAS AT DALLAS   (United States)

^e Purdue University   (United States)

^f The University of Texas at Dallas   (United States)

Author keywords

Access control; Attribute based access control; Automated trust negotiation; Credentials; Privacy; Strategy

Indexed keywords

ATTRIBUTE-BASED ACCESS CONTROL; AUTOMATED TRUST NEGOTIATION; CREDENTIALS; STRATEGY;

ACCESS CONTROL; COMPUTATIONAL EFFICIENCY; DATA PRIVACY; INNOVATION; PROBLEM SOLVING; STANDARDS;

INFORMATION SYSTEMS;

EID: 34547505017     PISSN: 10949224     EISSN: 15577406     Source Type: Journal    
DOI: 10.1145/1266977.1266981     Document Type: Article

References (33)

1. AGRAWAL, R., KIERNAN, J., SRIKANT, R., AND XU, Y. 2003. Implementing P3P using database technology. 19th International Conference on Data Engineering. Bangalore, India.
2. BERTINO, E., FERRARI, E., AND SQUICCIARINI, A. 2003. X-TNL-an XML based language for trust negotiations. Fourth IEEE International Workshop on Policies for Distributed Systems and Networks. Como, Italy.
3. BERTINO, E., FERRARI, E., AND SQUICCIARINI, A. 2004a. Privacy preserving trust negotiations. 4th International Workshop on Privacy Enhancing Technologies. Toronto, Canada.
4. BERTINO, E., FERRARI, E., AND SQUICCIARINI, A. 2004b. Trust-X - a Peer to Peer Framework for Trust Establishment. IEEE Trans. Knowl. Data Eng. 16, 7, 827-842.
5. BONATTI, P. AND SAMARATI, P. 2000. Regulating access services and information release on the Web. 7th ACM Conference on Computer and Communications Security. Athens, Greece.
6. BRADSHAW, R., HOLT, J. E., AND SEAMONS, K. E. 2004. Concealing complex policies with hidden credentials. In CCS '04: Proceedings of the 11th ACM Conference on Computer and Communications Security. ACM Press, New York. 146-157.
7. BRANDS, S. 2000. Rethinking Public Key Infrastructure and Digital Credentials. MIT Press, Cambridge, MA.
8. CAMENISCH, J. AND HERREWEGHEN, E. V. 2002. Design and implementation of the idemix anonymous credential system. In CCS '02: Proceedings of the 9th ACM Conference on Computer and Communications Security. ACM Press, New York. 21-30.
9. CHAUM, D. 1985. Security without identification: transaction systems to make big brother obsolete. Commununications of ACM 28, 10, 1030-1044.
10. CLARK, J. 1999. XSL transformations (XSLT). version 1.0 W3C recommendation. Available at: http://www.w3.org/TR/xslt.
11. CRANOR, L., LANGHERINRIGH, M., AND MARCHIORI, M. 2002. A P3P preference exchange language 1.0 (APPEL1.0). W3C Working Draft.
12. CRANOR, L., LANGHERINRIGH, M., MARCHIORI, M., PRESLER-MARSALL, M., AND REAGLE, J. 2003. P3P-the platform for privacy preferences, version 1.1. Available at: http://www.w3.org/P3P/1.1/.
13. HERZBERG, A. AND J. MIHAELI, E. A. 2000. Access control meets public key infrastructure, or: Assigning Roles to Strangers. IEEE Symposium on Security and Privacy. Oakland, CA.
14. HOUSLEY, R., POLK, W., FORD, W., AND SO, D. 2002. Internet X.509 public key infrastructure certificate and certificate revocation List (crl) profile. RFC 3280.
15. IBM. IBM Tivoli privacy wizard. Available at: www.tivoli.resource-center/ maximize/privacy/wizard.code.html.
16. JARVIS, R. 2003. Selective disclosure of credential content during trust negotiation. Master of Science Thesis, Brigham Young University, Provo, UT.
17. JRC. 2002. JRC P3Presource centre. Available at: http://p3p.jrc.it.
18. LEE, A. J., WINSLETT, M., BASNEY, J., AND WELCH, V. 2006. Traust: A trust negotiation-based authorization service for open systems. In SACMAT '06: Proceedings of the 11th ACM Symposium on Access Control Models and Technologies. ACM Press, New York. 39-48.
19. LI, N., DU, W., AND BONEH, D. 2003. Oblivious signature-based envelope.
20. MICROSOFT. 2004. Infocard project. Available at http://msdn.microsoft.com/winf x/ref erence/infocard/default.aspx.
21. NAOR, M. 1990. Bit commitment using pseudorandomness. Advances in Cryptology- 89. Lecture Notes in Computer Science, vol. 435, New York.
22. PERSIANO, P. AND VISCONTI, I. 2000. User privacy issues regarding certificates and the TLS protocol. Proceedings of the ACM Conference on Computer and Communication Security, Athens, Greece.
23. SEAMONS, K. E., WINSLETT, M., AND YU, T. 2001. Limiting the disclosure of Access Control Policies during automated trust negotiation. Network and Distributed System Security Simposium. San Diego, CA.
24. SEAMONS, K. E., WINSLETT, M., AND YU, T. 2002. Protecting privacy during on line trust negotiation. 2nd Workshop on Privacy Enhancing Technologies. San Francisco, CA.
25. WESTIN, A. F. 1967. Privacy and freedom. Atheneum, New York.
26. WINSBOROUGH, W. AND LI, N. 2002a. Towards practical automated trust negotiation. IEEE 3rd Intl. Workshop on Policies for Distributed Systems and Networks. Monterey, CA.
27. WINSBOROUGH, W H. AND LI, N. 2002b. Protecting sensitive attributes in automated trust negotiation. ACM Workshop on Privacy in the Electronic Society.
28. WINSBOROUGH, W. H., SEAMONS, K. E., AND JONES, V. 2000. Automated trust negotiation. DAAPA Information Survivability Conference and Exposition, Vol. I, 88-102.
29. WINSLETT, M., YU, T., SEAMONS, K. E., HESS, A., JARVIS, J., SMITH, B., AND YU, L. 2002. Negotiating trust on the Web. IEEE Internet Computing, 6, 6, 30-37.
30. WORLD WIDE WEB CONSORTIUM. References for P3P implementation. Available at: http://www.w3org/P3P/implementations.
31. WORLD WIDE WEB CONSORTIUM. Uniform resource identifiers, naming and addressing: URIs, URLs, ... Available at http://www.w3.org/addressing.
32. YU, T. AND WINSLETT, M. 2003. A unified scheme for resource protection in automated trust negotiation. IEEE Symposium on Security and Privacy, 110. Oakland, CA.
33. YU, T., WINSLETT, M., AND SEAMONS, K. E. 2003. Supporting structured credentials and sensitive policies through interoperable strategies for automated trust negotiation. ACM Transactions on Information and System Security 6, 1 (Feb.).