Automated trust negotiation using cryptographic credentials

ACM Transactions on Information and System Security

Volumn 13, Issue 1, 2009, Pages

  Li, Jiangtao ^a   Li, Ninghui ^b   Winsborough, William H ^c  

^a INTEL CORPORATION   (United States)

^b Purdue University   (United States)

^c University of Texas at San Antonio   (United States)

Author keywords

Access control; Automated trust negotiation; Digital credentials; Privacy

Indexed keywords

ACCESS CONTROL DECISIONS; ACCESS CONTROL POLICIES; ATTRIBUTE INFORMATION; ATTRIBUTE VALUES; CYCLIC DEPENDENCIES; DIGITAL CREDENTIALS; POLICY CONTROL; POLICY LANGUAGE; TRUST NEGOTIATIONS;

AUTOMATION; CRYPTOGRAPHY; LINGUISTICS; SECURITY SYSTEMS;

ACCESS CONTROL;

EID: 72449173381     PISSN: 10949224     EISSN: 15577406     Source Type: Journal    
DOI: 10.1145/1609956.1609958     Document Type: Conference Paper

References (50)

1. BAGGA, W. ANDMOLVA, R. 2005. Policy-based cryptography and applications. In Proceedings of the 9th International Conference on Financial Cryptography and Data Security. Springer, Berlin.
2. BALFANZ, D., DURFEE, G., SHANKAR, N., SMETTERS, D., STADDON, J., AND WONG, H.-C. 2003. Secret handshakes from pairing-based key agreements. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE, Los Alamitos, CA, 180-196.
3. BLAZE, M., FEIGENBAUM, J., IOANNIDIS, J., AND KEROMYTIS, A. D. 1999. The KeyNote Trust- Management System, version 2. IETF RFC 2704. http://www.cis. upenn.edu/?excl;angelos/Papers/rfc2704.txt.
4. BLAZE, M., FEIGENBAUM, J., AND LACY, J. 1996. Decentralized trust management. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE, Los Alamitos, CA, 164-173.
5. BOEYEN, S., HOWES, T., AND RICHARD, P. 1999. Internet X.509 Public Key Infrastructure LDAPc2 Schema. IETF RFC 2587.
6. BONATTI, P. AND SAMARATI, P. 2000. Regulating service access and information release on theWeb. In Proceedings of the 7th ACMConference on Computer and Communications Security. ACM,New York, 134-143.
7. BOUDOT, F. 2000. Efficient proofs that a committed number lies in an interval. In Advances in Cryptology (EUROCRYPT'00). Springer, Berlin, 431-444.
8. BRADSHAW, R., HOLT, J., AND SEAMONS, K. 2004. Concealing complex policies with hidden credentials. In Proceedings of 11th ACM Conference on Computer and Communications Security. ACM, New York, 146-157.
9. BRANDS, S. A. 2000. Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy. MIT Press, Cambridge, MA.
10. CAMENISCH, J. AND HERREWEGHEN, E. V. 2002. Design and implementation of the idemix anonymous credential system. In Proceedings of the 9th ACM Conference on Computer and Communications Security. ACM, New York, 21-30.
11. CAMENISCH, J. AND LYSYANSKAYA, A. 2001. An efficient system for non-transferable anonymous credentials with optional anonymity revocation. In Advances in Cryptology (EUROCRYPT'01). Springer, Berlin, 93-118.
12. CASTELLUCCIA, C., JARECKI, S., AND TSUDIK, G. 2004. Secret handshakes from CA-oblivious encryption. In Advances in Cryptology (ASIACRYPT'04). Springer, Berlin, 293-307.
13. CHAUM, D. 1985. Security without identification: Transaction systems to make big brother obsolete. Comm. ACM 28, 10, 1030-1044.
14. CLARKE, D., ELIEN, J.-E., ELLISON, C., FREDETTE, M., MORCOS, A., AND RIVEST, R. L. 2001. Certificate chain discovery in SPKI/SDSI. J. Comput. Secur. 9, 4, 285-322.
15. CRAMER, R. AND DAMGARD, I. 1998. Zero-knowledge proof for finite field arithmetic, or: Can zeroknowledge be for free? In Advances in Cryptology (CRYPTO'98). Springer, Berlin, 424-441.
16. CRAMER, R., FRANKLIN, M. K., SCHOENMAKERS, B., AND YUNG, M. 1996. Multi-authority secret-ballot elections with linear work. In Advances in Cryptology (EUROCRYPT'96). Springer, Berlin, 72-83.
17. DAMGARD, I. AND FUJISAKI, E. 2002. An integer commitment scheme based on groups with hidden order. In Advances in Cryptology (ASIACRYPT'02). Springer, Berlin, 125-142.
18. DETREVILLE, J. 2002. Binder, a logic-based security language. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE, Los Alamitos, CA, 105-113.
19. DODIS, Y.,KIAYIAS, A.,NICOLOSI, A., AND SHOUP, V. 2004. Anonymous identification in ad hoc groups. In Advances in Cryptology (EUROCRYPT'04). Springer, Berlin, 609-626.
20. DURFEE, G. AND FRANKLIN, M. 2000. Distribution chain security. In Proceedings of the 7th ACM Conference on Computer and Communications Security. ACM, New York, 63-70.
21. ELLISON, C., FRANTZ, B., LAMPSON, B., RIVEST, R., THOMAS, B., AND YLONEN, T. 1999. SPKI certificate theory. IETF RFC 2693.
22. FRIKKEN, K. B., ATALLAH, M. J., AND LI, J. 2004. Hidden access control policies with hidden credentials. In Proceedings of the 3rd ACM Workshop on Privacy in the Electronic Society. ACM, New York.
23. FRIKKEN, K. B., LI, J., AND ATALLAH, M. J. 2006. Trust negotiation with hidden credentials, hidden policies, and policy cycles. In Proceedings of 13th Network and Distributed System Security Symposium. ISOC, Reston, VA, 157-172.
24. GUNTER, C. A. AND JIM, T. 2000. Policy-directed certificate retrieval. Softw. Pract. Exp. 30, 15, 1609-1640.
25. HESS, A., JACOBSON, J., MILLS, H., WAMSLEY, R., SEAMONS, K. E., AND SMITH, B. 2002. Advanced client/server authentication in TLS. In Proceedings of the Network and Distributed System Security Symposium. ISOC, Reston, VA, 203-214.
26. HOLT, J. E., BRADSHAW, R.W., SEAMONS, K. E., AND ORMAN, H. 2003. Hidden credentials. In Proceedings of the 2nd ACM Workshop on Privacy in the Electronic Society. ACM, New York, 1-8.
27. HOUSLEY, R., FORD, W., POLK, T., AND SOLO, D. 1999. Internet X.509 public key infrastructure certificate and CRL profile. IETF RFC 2459.
28. IRWIN, K. AND YU, T. 2005. Preventing attribute information leakage in automated trust negotiation. In Proceedings of the 12th ACM conference on Computer and Communications Security. ACM, New York, 36-45.
29. JIM, T. 2001. SD3: A trust management system with certified evaluation. In Proceedings of the 2001 IEEE Symposium on Security and Privacy. IEEE, Los Alamitos, CA, 106-115.
30. LI, J. AND LI, N. 2005a. OACerts: Oblivious attribute certificates. In Proceedings of the 3rd Conference on Applied Cryptography and Network Security. Springer, Berlin, 301-317.
31. LI, J. AND LI, N. 2005b. Policy-hiding access control in open environment. In Proceedings of the 24nd ACM Symposium on Principles of Distributed Computing. ACM, New York, 29-38.
32. LI, N., DU, W., AND BONEH, D. 2003. Oblivious signature-based envelope. In Proceedings of the 22nd ACM Symposium on Principles of Distributed Computing. ACM, New York, 182-189.
33. LI, N., GROSOF, B. N., AND FEIGENBAUM, J. 2003. Delegation Logic: A logic-based approach to distributed authorization. ACM Trans. Inf. Syst. Secur. 6, 1, 128-171.
34. LI, N. AND MITCHELL, J. C. 2003. Datalog with constraints: A foundation for trust management languages. In Proceedings of the 5th International Symposium on Practical Aspects of Declarative Languages. Springer, Berlin, 58-73.
35. LI, N., MITCHELL, J. C., AND WINSBOROUGH, W. H. 2002. Design of a role-based trust management framework. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE, Los Alamitos, CA, 114-130.
36. LI, N., WINSBOROUGH, W. H., AND MITCHELL, J. C. 2003. Distributed credential chain discovery in trust management. J. Comput. Secur. 11, 1, 35-86.
37. LYSYANSKAYA, A., RIVEST, R. L., SAHAI, A., AND WOLF, S. 1999. Pseudonym systems. In Proceedings of the 6th Workshop on Selected Areas in Cryptography. Springer, Berlin, 184-199.
38. PEDERSEN, T. P. 1991. Non-interactive and information-theoretic secure verifiable secret sharing. In Advances in Cryptology (CRYPTO'91). Springer, Berlin, 129-140.
39. RIVEST, R. L. AND LAMPSON, B. 1996. SDSI: A Simple Distributed Security Infrastructure. http://groups.csail.mit.edu/cis/sdsi.html.
40. SEAMONS, K. E., WINSLETT, M., AND YU, T. 2001. Limiting the disclosure of access control policies during automated trust negotiation. In Proceedings of the Symposium on Network and Distributed System Security. ISOC, Reston, VA.
41. SEAMONS, K. E., WINSLETT, M., YU, T., YU, L., AND JARVIS, R. 2002. Protecting privacy during online trust negotiation. In Proceedings of the 2nd Workshop on Privacy Enhancing Technologies. Springer-Verlag, Berlin.
42. SMART, N. 2003. Access control using pairing based cryptography. In Proceedings of the Cryptographers' Track at the RSA Conference. Springer-Verlag, Berlin, 111-121.
43. WINSBOROUGH, W. H. AND LI, N. 2002a. Protecting sensitive attributes in automated trust negotiation. In Proceedings of the ACMWorkshop on Privacy in the Electronic Society. ACM, New York, 41-51.
44. WINSBOROUGH, W. H. AND LI, N. 2002b. Towards practical automated trust negotiation. In Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks. IEEE, Los Alamitos, CA, 92-103.
45. WINSBOROUGH, W. H. AND LI, N. 2004. Safety in automated trust negotiation. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE, Los Alamitos, CA, 147-160.
46. WINSBOROUGH,W. H., SEAMONS, K. E., AND JONES, V. E. 2000. Automated trust negotiation. In Proceedings of theDARPAInformation Survivability Conference and Exposition. IEEE, Los Alamitos, CA, 88-102.
47. WINSLETT, M., YU, T., SEAMONS, K. E., HESS, A., JACOBSON, J., JARVIS, R., SMITH, B., AND YU, L. 2002. Negotiating trust on the Web. IEEE Internet Comput. 6, 6, 30-37.
48. YU, T. AND WINSLETT, M. 2003a. Policy migration for sensitive credentials in trust negotiation. In Proceedings of the ACM Workshop on Privacy in the Electronic Society. ACM, New York, 9-20.
49. YU, T. AND WINSLETT, M. 2003b. Unified scheme for resource protection in automated trust negotiation. In Proceedings of IEEE Symposium on Security and Privacy. IEEE, Los Alamitos, CA, 110-122.
50. YU, T., WINSLETT, M., AND SEAMONS, K. E. 2003. Supporting structured credentials and sensitive policies through interoperable strategies for automated trust negotiation. ACM Trans. Inf. Syst. Secur. 6, 1, 1-42.