Supporting privacy preferences in credential-based interactions

Proceedings of the ACM Conference on Computer and Communications Security

Volumn , Issue , 2010, Pages 83-92

  Ardagna, Claudio A ^a   De Capitani Di Vimercati, Sabrina ^a   Foresti, Sara ^a   Paraboschi, Stefano ^b   Samarati, Pierangela ^a  

^a UNIVERSITY OF MILAN   (Italy)

^b UNIVERSITY OF BERGAMO   (Italy)

Author keywords

credentials; portfolio management; privacy; user preferences

Indexed keywords

ACCESS POLICIES; CREDENTIAL-BASED; CREDENTIALS; DIGITAL PORTFOLIOS; DIGITAL RESOURCES; ELECTRONIC INTERACTIONS; GENERIC MODELING; INFORMATION DISCLOSURE; MAX-SAT PROBLEMS; PORTFOLIO MANAGEMENTS; PRIVACY; SAT SOLVERS; USER PREFERENCES;

FINANCIAL DATA PROCESSING; INVESTMENTS; PROBLEM SOLVING; SERVERS;

DECISION THEORY;

EID: 78650214790     PISSN: 15437221     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1866919.1866931     Document Type: Conference Paper

References (19)

1. A. Anderson and H. Lockhart. SAML 2.0 profile of XACML. OASIS, September 2004.
2. C.A. Ardagna, S. De Capitani di Vimercati, S. Foresti, S. Paraboschi, and P. Samarati. Minimizing disclosure of private information in credential-based interactions: A graph-based approach. In Proc. of the 2nd IEEE International Conference on Information Privacy, Security, Risk and Trust (PASSAT 2010), Minneapolis, MN, USA, August 2010.
3. C.A. Ardagna, S. De Capitani di Vimercati, S. Paraboschi, E. Pedrini, P. Samarati, and M. Verdicchio. Expressive and deployable access control in open Web service applications. IEEE Transactions on Service Computing (TSC), 2010. (to appear).
4. D. Bauer, D. Blough, and D. Cash. Minimal information disclosure with efficiently verifiable credentials. In Proc. of the 4th ACM Workshop on Digital Identity Management (DIM 2008), Alexandria, Virginia, USA, October 2008.
5. P. Bonatti and P. Samarati. A uniform framework for regulating service access and information release on the Web. Journal of Computer Security (JCS), 10(3):241-272, 2002.
6. S. Brands. Rethinking public key infrastructure and digital certificates - building in privacy. MIT Press, 2000.
7. J. Camenisch and A. Lysyanskaya. An efficient system for non-transferable anonymous credentials with optional anonymity revocation. In Proc. of the International Conference on the Theory and Application of Cryptographic Techniques (EUROCRYPT 2001), Innsbruck, Austria, May 2001.
8. W. Chen, L. Clarke, J. Kurose, and D. Towsley. Optimizing cost-sensitive trust-negotiation protocols. In Proc. of the 24th Annual Joint Conference of the IEEE Computer and Communications Societies (INFOCOM 2005), Miami, FL, USA, March 2005.
9. D. Hardt, J. Bufu, and J. Hoyt. OpenID attribute exchange 1.0, 2007. http://openid.net/developers/specs/.
10. F. Heras, J. Larrosa, and A. Oliveras. MiniMaxSAT: a new weighted Max-SAT solver. In Proc. of the 10th International Conference on Theory and Applications of Satisfiability Testing (SAT 2007), Lisbon, Portugal, May 2007.
11. K. Irwin and T. Yu. Preventing attribute information leakage in automated trust negotiation. In Proc. of the 12th ACM Conference on Computer and Communications Security (CCS 2005), Alexandria, VA, USA, November 2005.
12. P. Kärger, D. Olmedilla, and W.-T. Balke. Exploiting preferences for minimal credential disclosure in policy-driven trust negotiations. In Proc. of the 5th VLDB Workshop on Secure Data Management (SDM 2008), Auckland, New Zealand, August 2008.
13. A. Lee and M. Winslett. Towards an efficient and language-agnostic compliance checker for trust negotiation systems. In Proc. of the 2008 ACM Symposium on InformAtion, Computer and Communications Security (ASIACCS 2008), March.
14. A. Lee, M. Winslett, J. Basney, and V. Welch. The Traust authorization service. ACM Transactions on Information and System Security (TISSEC), 11(1):1-33, February 2008.
15. F. Paci, D. Bauer, E. Bertino, D. Blough, A. Squicciarini, and A. Gupta. Minimal credential disclosure in trust negotiations. Identity in the Information Society, 2(3):221-239, December 2009.
16. T. Ryutov, L. Zhou, C. Neuman, T. Leithead, and K. Seamons. Adaptive trust negotiation and access control. In Proc. of the 10th Symposium on Access control Models and Technologies (SACMAT 2005), Stockholm, Sweden, June 2005.
17. B. Smith, K. Seamons, and M. Jones. Responding to policies at runtime in trustbuilder. In Proc. of the 5th IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY 2004), Yorktown Heights, NY, USA, June 2004.
18. D. Yao, K. Frikken, M. Atallah, and R. Tamassia. Private information: To reveal or not to reveal. ACM Transactions on Information and System Security (TISSEC), 12(1):1-27, October 2008.
19. T. Yu, M. Winslett, and K. Seamons. Supporting structured credentials and sensitive policies trough interoperable strategies for automated trust. ACM Transactions on Information and System Security (TISSEC), 6(1):1-42, February 2003.