Negotiating trust in the Web

Winslett, Marianne; Yu, Ting; Seamons, Kent E.; Hess, Adam; Jacobson, J.; Jarvis, Ryan; Smith, Bryan L.; Yu, Lina

doi:10.1109/mic.2002.1067734

Cited by 204 publications

(99 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Trust Builder [24] by Winslett et al and Trust-X [6] by Bertino et al are significant Automated Trust Negotiation systems. Guha et al [12] describe a set of trust propagation schemes and evaluate them on a large trust network consisting of 800K trust scores expressed among 130K people.…”

Section: Literature Reviewmentioning

confidence: 99%

Establishing Trust Beliefs Based on a Uniform Disposition to Trust

Saadi

Hasan

Pierson

et al. 2007

2007 Third International IEEE Conference on Signal-Image Technologies and Internet-Based System

View full text Add to dashboard Cite

show abstract

Section: Literature Reviewmentioning

confidence: 99%

Establishing Trust Beliefs Based on a Uniform Disposition to Trust

Saadi

Hasan

Pierson

et al. 2007

2007 Third International IEEE Conference on Signal-Image Technologies and Internet-Based System

View full text Add to dashboard Cite

show abstract

“…In the approach of automated trust negotiation [26,27], mechanisms for mutual trust establishment were proposed, which support the protection of the contents of the client's credentials as well. Hess et al [14] proposed the Trust Negotiation in TLS (TNT) protocol to integrate trust negotiation into the SSL/TLS handshake protocol.…”

Section: Related Workmentioning

confidence: 99%

Denial of Service Attacks and Defenses in Decentralized Trust Management

2006

2006 Securecomm and Workshops

View full text Add to dashboard Cite

Trust management is an approach to scalable and flexible access control in decentralized systems. In trust management, a server often needs to evaluate a chain of credentials submitted by a client, which requires the server to perform multiple expensive digital signature verifications. In this paper, we study low-bandwidth Denial-of-Service (DoS) attacks that exploit the existence of trust management systems to deplete server resources. Although DoS threat has been studied for some application-level protocols, e.g. authentication protocols, we show that it is especially destructive for trust management systems: exploiting the delegation feature in trust management languages, an attacker can forge a long credential chain to force a server to consume a large amount of computing resource. Using game theory as an analytic tool, we demonstrate that unprotected trust management servers will easily fall prey to a witty attacker who moves smartly. We report our empirical study of existing trust management systems, which manifests the gravity of this threat. We also propose a defense technique using credential caching, and show that it is effective in the presence of intelligent attackers.

show abstract

“…During the past few years, some of the most innovative ideas on security policies arose in the area of automated trust negotiation [44,8,45,7,46,47,48,49,50]. That branch of research considers peers that are able to automatically negotiate credentials according to their own declarative, rule-based policies.…”

Section: Trust Managementmentioning

confidence: 99%

“…As we pointed out, requests are formulated by selecting some rules from the policies. This basic schema has been refined along the years taking several factors into account [44,8,45,7,46,47,48,49,50].…”

Section: Negotiationsmentioning

confidence: 99%

Rule-Based Policy Representation and Reasoning for the Semantic Web

Bonatti

Olmedilla

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Summary. The Semantic Web aims at enabling sophisticated and autonomic machine to machine interactions without human intervention, by providing machines not only with data but also with its meaning (semantics). In this setting, traditional security mechanisms are not suitable anymore. For example, identity-based access control assumes that parties are known in advance. Then, a machine first determines the identity of the requester in order to either grant or deny access, depending on its associated information (e.g., by looking up its set of permissions). In the Semantic Web, any two strangers can interact with each other automatically and therefore this assumption does not hold. Hence, a semantically enriched process is required in order to regulate an automatic access to sensitive information. Policy-based access control provides sophisticated means in order to support protecting sensitive resources and information disclosure.

show abstract

Negotiating trust in the Web

Cited by 204 publications

References 11 publications

Establishing Trust Beliefs Based on a Uniform Disposition to Trust

Establishing Trust Beliefs Based on a Uniform Disposition to Trust

Denial of Service Attacks and Defenses in Decentralized Trust Management

Rule-Based Policy Representation and Reasoning for the Semantic Web

Contact Info

Product

Resources

About