Automated trust negotiation is a new approach to establishing trust between strangers through the exchange of digital credentials and the use of mobile access control policies that specify what combinations of credentials a stranger must supply in order to gain access to each local service or credential. Access control policies can also contain sensitive information that should be protected from inappropriate access by strangers during negotiation. We have developed and analyzed two automated trust negotiation strategies that support protection for access control policies. The first is the relevant credentials set strategy, which does not directly disclose access control policies and has a fast running time, but may disclose more credentials than strictly necessary. The second strategy is the all relevant policies strategy, which freely discloses all relevant access control policies that the other negotiating party has earned access to during negotiation, and offers the possibility of disclosing fewer credentials during negotiation.
Related Publications
K. E. Seamons, M. Winslett, and T. Yu. Limiting the Disclosure of Access Control Policies During Automated Trust Negotiation. Network and Distributed System Security Symposium, San Diego, CA, February 2001.
T. Yu, M. Winslett, and K. E. Seamons. Interoperable Strategies in Automated Trust Negotiation. 8th ACM Conference on Computer and Communications Security, Philadelphia, Pennsylvania, November 2001.
T. Yu, M. Winslett, and K. E. Seamons. "Supporting Structured Credentials and Sensitive Policies through Interoperable Strategies for Automated Trust Negotiation" to appear in ACM Transactions on Information and System Security, volume 6, number 1, February 2003.