The focus of access control in client/server environments is on protecting sensitive server resources by determining whether or not a client is authorized to access those resources. The resources are usually static, and an access control policy associated with each resource specifies who is authorized to access the resource. In this project, we turn the traditional client/server access control model on its head, and address how to protect the sensitive content that clients disclose to servers. Since client content is dynamic, the usual approach of associating a policy with the resource a priori does not work. We propose an access control model for protecting dynamic client-side content that identifies sensitive dynamic client content, maps sensitive content to an access control policy, and establishes the trustworthiness of the server before disclosing sensitive content to the server. The model targets open systems, where clients and servers do not have pre-existing trust relationships. We have implemented the model within TrustBuilder, an architecture for negotiating trust between strangers based on properties other than identity. The implementation currently supports access control for sensitive content disclosed by web and email clients.
T. Barlow, A. Hess, and K. E. Seamons. Trust Negotiation in Electronic Markets. Eighth Research Symposium in Emerging Electronic Markets, Maastricht, Netherlands, September 2001
A. Hess and K. E. Seamons. An Access Control Model for Dynamic Client Content. 8th ACM Symposium on Access Control Models and Technologies, Como, Italy, June 2003.