1 / 27

Automatic Trust Negotiation

Automatic Trust Negotiation. Rajesh Gangam http://people.cs.vt.edu/~gangamra/index.html. Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech. Quick Facts of Logic /Deductive Language. Predicates: p and q True, False Is p OR q  ⇔ NOT( (NOT p) AND (NOT q)) ? Yes!

hieu
Download Presentation

Automatic Trust Negotiation

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Automatic Trust Negotiation Rajesh Gangam http://people.cs.vt.edu/~gangamra/index.html Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech

  2. Quick Facts of Logic /Deductive Language. • Predicates: p and q • True, False • Is p OR q ⇔ NOT( (NOT p) AND (NOT q)) ? • Yes! • With “logical NOT” and “logical AND” You can make any logic statement. • Positive Rules or Horn clause. • No NOT Statement • Only “Logical AND” Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech

  3. Demo of PROTUNE • http://policy.l3s.uni-hannover.de:9080/policyFramework/protune/demo.html

  4. No Registration Needed: How to use Declarative Policies an Negotiation to access Sensitive Resources on the Semantic Web. Rita Gavriloaie, Wolfgang Nejdl, Daniel Olmedilla, Kent E. Seamons Marianne Winslett

  5. Overview • Problem • Solution • Trust Negotiation • Guarded Distributed Logic Programs • “PeerTrust” execution environment. • Application Scenario.

  6. Problems In Web • Resource Access • Registration, Login/Password • No Automation • Trust based on Shared Information of Service • One Way of Trust. • Two Way Trust / Conditional Disclosure. • Multiple Levels of Trust. • Validity of Information, No Standards.

  7. Proposal/Solution: • Policy based access control. • Automated Trust negotiation. User User Trust Trust Semantic Web

  8. Trust Negotiation • Digital Credentials. • Credential Issuer • X.509 certificates • Anonymous credentials/ Zero Knowledge • Simplest Form. • Signed XML statements.

  9. Trust Negotiation Vs Traditional Trust • Mutual Trust with Digital credentials. • Resources protected by ACL • Includes Services, Roles, Credentials. Policies, Capabilities. • Equivalent Peer to Peer Trust.

  10. Goal • Resource “R” and Credentials “C”. • R  C1AND C2….ANDCk

  11. PeerTrust Guarded Distributed Logic Program • PeerTrust Logic Program • Distributed Logic Program • Guarded Logic Program

  12. PeerTrust Logic Program • Its Horn’s Clause. • No Negative Rules.

  13. Distributed Logic Program • References to Other Peers. • Issuer argument • Delegation of the Rule Evaluation to the Peer/Third Party. ( Like RPC – Remote Procedure Call) • Nested References ( Like Nested RPC). • Attached to Evaluation part of String. • Requester argument • Nested References. • Attached to Result Part of String.

  14. Distributed Logic Program • Local Rules • ACL rules • Party specific rules • Cached rules  (Needs Signed Rules) • Signed Rules • Rules can be signed. • Reference Rules Should/Must be signed.

  15. Guarded Logic • Guards • Precedence Order of Rules • In Parallel Logic Programming Systems. • Public and Private Predicates • Object Oriented Rules.

  16. Execution Environment • Dynamic Policy for each resource. • Act on Meta-Data • Security Infrastructure.

  17. Conclusion • The problem of explicit registration is solved. • Guarded Distributed Logic Programs is Developed.

  18. A Flexible Policy-Driven Trust Negotiation Model . De Coi, J. L. and Olmedilla, D.

  19. Overview • Problem • Negotiation Requirements • Negotiation Model • Conclusion

  20. Problem • Numerous Trust Negotiation Software • Dissimilar Features • Dissimilar scenarios • Need for a Generic Model.

  21. Negotiation Requirements

  22. Negotiation Model • Policy • Set of Rules • No Negation applied to any predicate • Negotiation Message • Policy • Notifications • Negotiation History • To provide an explanation.

  23. Negotiation Model • Negotiation State Machine • To identify the next steps. • Bilateral Negotiation • No Empty Negotiations. Empty = No New Info. • Monotonic : Any Other Rules added will not change from False to True..

  24. Conclusion • Summarized the Main features any Trust Negotiation Software Should follow.

  25. Discussion • Semi Automatic Negotiations? • Users Will Have Better Control • But It will be visible to user and How easy would be the Usability? • No Usability Tests done? • What could be the possible Usability tests?

  26. THANK YOU

More Related