Preventing attribute information leakage in automated trust negotiation

Irwin, Keith; Yu, Ting

doi:10.1145/1102120.1102128

Cited by 32 publications

(31 citation statements)

References 28 publications

(43 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…They propose several more refined notions of safety for trust negotiation protocols based on the concept of indistinguishability, each of which gives users stronger guarantees regarding the amount of private information leaked during the negotiation. Irwin and Yu [11] propose another definition of safety based on the idea of information gain. Our work is orthogonal to these previous works in that we are concerned with safety problems that emerge as a result of the consistency of the underlying state information used during policy evaluation rather than those that arise due to information leakage during a negotiation.…”

Section: Related Workmentioning

confidence: 99%

Safety and consistency in policy-based authorization systems

Lee

Winslett

2006

Proceedings of the 13th ACM Conference on Computer and Communications Security

View full text Add to dashboard Cite

In trust negotiation and other distributed proving systems, networked entities cooperate to form proofs that are justified by collections of certified attributes. These attributes may be obtained through interactions with any number of external entities and are collected and validated over an extended period of time. Though these collections of credentials in some ways resemble partial system snapshots, these systems currently lack the notion of a consistent global state in which the satisfaction of authorization policies should be checked. In this paper, we argue that unlike the notions of consistency studied in other areas of distributed computing, the level of consistency required during policy evaluation is predicated solely upon the security requirements of the policy evaluator. As such, there is little incentive for entities to participate in complicated consistency preservation schemes like those used in distributed computing, distributed databases, and distributed shared memory. We go on to show that the most intuitive notion of consistency fails to provide basic safety guarantees under certain circumstances and then propose several more refined notions of consistency which provide stronger safety guarantees. We provide algorithms that allow each of these refined notions of consistency to be attained in practice with minimal overheads.

show abstract

Section: Related Workmentioning

confidence: 99%

Safety and consistency in policy-based authorization systems

Lee

Winslett

2006

Proceedings of the 13th ACM Conference on Computer and Communications Security

View full text Add to dashboard Cite

show abstract

“…Research on credential-based access control (e.g., [2], [3], [9], [11], [12], [15]) primarily focused on solutions for controlling access to resources, for specifying and enforcing policies, and for enabling negotiation strategies, which may be indifferently adopted by the client and the server. Such solutions however do not allow the client to exploit the emerging technology (e.g., SAML [1], OpenID [8], and anonymous credentials [4], [5]) for determining which credentials and/or properties release to minimize the sensitive information communicated to the server.…”

Section: Related Workmentioning

confidence: 99%

Minimizing Disclosure of Private Information in Credential-based Interactions: A Graph-based Approach

Ardagna

Vimercati

Foresti

et al. 2010

2010 IEEE Second International Conference on Social Computing

View full text Add to dashboard Cite

Abstract-We address the problem of enabling clients to regulate disclosure of their credentials and properties when interacting with servers in open scenarios. We provide a means for clients to specify the sensitivity of information in their portfolio at a fine-grain level and to determine the credentials and properties to disclose to satisfy a server request while minimizing the sensitivity of the information disclosed. Exploiting a graph modeling of the problem, we develop a heuristic approach for determining a disclosure minimizing released information, that offers execution times compatible with the requirements of interactive access to Web resources.

show abstract

“…Some of the contexts in which information leakage is currently being addressed are privacypreserving databases [6,24,27,29], automated trust negotiation [15], and error correction [9]. However, there is little work on information leakage through integrity verification and signature of data, especially trees.…”

Section: Related Workmentioning

confidence: 99%

Structural signatures for tree data structures

Kundu

Bertino

2008

Proc. VLDB Endow.

View full text Add to dashboard Cite

Data sharing with multiple parties over a third-party distribution framework requires that both data integrity and confidentiality be assured. One of the most widely used data organization structures is the tree structure. When such structures encode sensitive information (such as in XML documents), it is crucial that integrity and confidentiality be assured not only for the content, but also for the structure. Digital signature schemes are commonly used to authenticate the integrity of the data. The most widely used such technique for tree structures is the Merkle hash technique, which however is known to be "not hiding", thus leading to unauthorized leakage of information. Most techniques in the literature are based on the Merkle hash technique and thus suffer from the problem of unauthorized information leakages. Assurance of integrity and confidentiality (no leakages) of tree-structured data is an important problem in the context of secure data publishing and content distribution systems.In this paper, we propose a signature scheme for tree structures, which assures both confidentiality and integrity and is also efficient, especially in third-party distribution environments. Our integrity assurance technique, which we refer to as the "Structural signature scheme", is based on the structure of the tree as defined by tree traversals (pre-order, post-order, in-order) and is defined using a randomized notion of such traversal numbers. In addition to formally defining the technique, we prove that it protects against violations of content and structural integrity and information leakages. We also show through complexity and performance analysis that the structural signature scheme is efficient; with respect to the Merkle hash technique, it incurs comparable cost for signing the trees and incurs lower cost for user-side integrity verification.

show abstract

Preventing attribute information leakage in automated trust negotiation

Cited by 32 publications

References 28 publications

Safety and consistency in policy-based authorization systems

Safety and consistency in policy-based authorization systems

Minimizing Disclosure of Private Information in Credential-based Interactions: A Graph-based Approach

Structural signatures for tree data structures

Contact Info

Product

Resources

About