DocumentCode :
3452464
Title :
A unified scheme for resource protection in automated trust negotiation
Author :
Yu, Ting ; Winslett, Marianne
Author_Institution :
Dept. of Comput. Sci., Illinois Univ., Urbana, IL, USA
fYear :
2003
fDate :
11-14 May 2003
Firstpage :
110
Lastpage :
122
Abstract :
Automated trust negotiation is an approach to establishing trust between strangers through iterative disclosure of digital credentials. In automated trust negotiation, access control policies play a key role in protecting resources from unauthorized access. Unlike in traditional trust management systems, the access control policy for a resource is usually unknown to the party requesting access to the resource, when trust negotiation starts. The negotiating parties can rely on policy disclosures to learn each other´s access control requirements. However a policy itself may also contain sensitive information. Disclosing policies´ contents unconditionally may leak valuable business information or jeopardize individuals´ privacy. In this paper we propose UniPro, a unified scheme to model protection of resources, including policies, in trust negotiation. UniPro improves on previous work by modeling policies as first-class resources, protecting them in the same way as other resources, providing fine-grained control over policy disclosure, and clearly distinguishing between policy disclosure and policy satisfaction, which gives users more flexibility in expressing their authorization requirements. We also show that UniPro can be used with practical negotiation strategies without jeopardizing autonomy in the choice of strategy, and present criteria under which negotiations using UniPro are guaranteed to succeed in establishing trust.
Keywords :
authorisation; computer network management; UniPro; access control policies; authorization; automated trust negotiation; computer network management; digital credentials; fine-grained control; first-class resources; iterative disclosure; policy disclosure; policy satisfaction; resource protection; unified scheme; Access control; Authorization; Computer science; Computer security; Information security; Iterative methods; Open systems; Protection; Resource management; Web and internet services;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Security and Privacy, 2003. Proceedings. 2003 Symposium on
ISSN :
1081-6011
Print_ISBN :
0-7695-1940-7
Type :
conf
DOI :
10.1109/SECPRI.2003.1199331
Filename :
1199331
Link To Document :
بازگشت