Safety in automated trust negotiation

Get BibTex-formatted data

Author

William H. Winsborough, Ninghui Li

Entry type

article

Abstract

Exchange of attribute credentials is a means to establish mutual trust between strangers wishing to share resources or conduct business transactions. Automated Trust Negotiation (ATN) is an approach to regulate the exchange of sensitive information during this process. It treats credentials as potentially sensitive resources, access to which is under policy control. Negotiations that correctly enforce policies have been called â€œsafeâ€ in the literature. Prior work on ATN lacks an adequate definition of this safety notion. In large part, this is because fundamental questions such as â€œwhat needs to be protected in ATN?â€ and â€œwhat are the security requirements?â€ are not adequately answered. As a result, many prior methods of ATN have serious security holes. We introduce a formal framework for ATN in which we give precise, usable, and intuitive definitions of correct enforcement of policies in ATN. We argue that our chief safety notion captures intuitive security goals. We give precise comparisons of this notion with two alternative safety notions that may seem intuitive, but that are seen to be inadequate under closer inspection. We prove that an approach to ATN from the literature meets the requirements set forth in the preferred safety definition, thus validating the safety of that approach, as well as the usability of the definition.

Date

2006 – 08

Journal

ACM Transactions on Information and System Security (TISSEC)

Key alpha

Number

Pages

352-390

Publisher

ACM

Volume

Publication Date

2006-08-00

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.

@Article{ Li,
	title = "Safety in automated trust negotiation",
	author = "William H. Winsborough, Ninghui Li",
	year = "2006",
	month = "08",
	journal = "ACM Transactions on Information and System Security (TISSEC)",
	number = "3",
	pages = "352-390",
	publisher = "ACM",
	volume = "9",
	abstract = "Exchange of attribute credentials is a means to establish mutual trust between strangers wishing to share resources or conduct business transactions. Automated Trust Negotiation (ATN) is an approach to regulate the exchange of sensitive information during this process. It treats credentials as potentially sensitive resources, access to which is under policy control. Negotiations that correctly enforce policies have been called â€œsafeâ€ in the literature. Prior work on ATN lacks an adequate definition of this safety notion. In large part, this is because fundamental questions such as â€œwhat needs to be protected in ATN?â€ and â€œwhat are the security requirements?â€ are not adequately answered. As a result, many prior methods of ATN have serious security holes. We introduce a formal framework for ATN in which we give precise, usable, and intuitive definitions of correct enforcement of policies in ATN. We argue that our chief safety notion captures intuitive security goals. We give precise comparisons of this notion with two alternative safety notions that may seem intuitive, but that are seen to be inadequate under closer inspection. We prove that an approach to ATN from the literature meets the requirements set forth in the preferred safety definition, thus validating the safety of that approach, as well as the usability of the definition.",
}