ABSTRACT
In recent years, trust negotiation (TN) has been proposed as a novel access control solution for use in open system environments in which resources are shared across organizational boundaries. Researchers have shown that TN is indeed a viable solution for these environments by developing a number of policy languages and strategies for TN which have desirable theoretical properties. Further, existing protocols, such as TLS, have been altered to interact with prototype TN systems, thereby illustrating the utility of TN. Unfortunately, modifying existing protocols is often a time-consuming and bureaucratic process which can hinder the adoption of this promising technology.In this paper, we present Traust, a third-party authorization service that leverages the strengths of existing proto-type TN systems. Traust acts as an authorization broker that issues access tokens for resources in an open system after entities use TN to satisfy the appropriate resource access policies. The Traust architecture was designed to allow Traust to be integrated either directly with newer trust-aware applications or indirectly with existing legacy applications; this exibility paves the way for the incremental adoption of TN technologies without requiring widespread software or protocol upgrades. We discuss the design and implementation of Traust, the communication protocol used by the Traust system, and its performance. We also discuss our experiences using Traust to broker access to legacy resources, our proposal for a Traust-aware version of the GridFTP protocol, and Traust's resilience to attack.
- M. Y. Becker and P. Sewell. Cassandra: Distributed access control policies with tunable expressiveness. In 5th IEEE International Workshop on Policies for Distributed Systems and Networks, 2004. Google ScholarDigital Library
- E. Bertino, E. Ferrari, and A. C. Squicciarini. X-TNL: An XML-based language for trust negotiations. In Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY '03), 2003. Google ScholarDigital Library
- E. Bertino, E. Ferrari, and A. C. Squicciarini. Trust-X: A peer-to-peer framework for trust establishment. IEEE Transactions on Knowledge and Data Engineering, 16(7):827--842, Jul. 2004. Google ScholarDigital Library
- G. R. Blakley. Safeguarding cryptographic keys. In AFIPS Conference Proceedings, volume 48, pages 313--317, 1979.Google ScholarCross Ref
- P. Bonatti and P. Samarati. Regulating service access and information release on the web. In 7th ACM Conference on Computer and Communications Security, pages 134--143, 2000. Google ScholarDigital Library
- K. Borders, X. Zhao, and A. Prakash. CPOL: High-performance policy evaluation. In Proceedings of the 12th ACM Conference on Computer and Communications Security (CCS 2005), Nov. 2005. Google ScholarDigital Library
- T. Dierks and C. Allen. The TLS protocol version 1.0. IETF Request for Comments RFC-2246, Jan. 1999. Google ScholarDigital Library
- D. Dolev and A. C. Yao. On the security of public key protocols. IEEE Transactions on Information Theory, IT-29(2):198--208, Mar. 1983.Google ScholarDigital Library
- A. Herzberg, Y. Mass, J. Michaeli, D. Naor, and Y. Ravid. Access control meets public key infrastructure, or: assigning roles to strangers. In IEEE Symposium on Security and Privacy, May 2000. Google ScholarDigital Library
- A. Hess, J. Holt, J. Jacobson, and K. E. Seamons. Content-triggered trust negotiation. ACM Transactions on Information System Security, 7(3), Aug. 2004. Google ScholarDigital Library
- A. Hess, J. Jacobson, H. Mills, R. Wamsley, K. E. Seamons, and B. Smith. Advanced client/server authentication in TLS. In Network and Distributed Systems Security Symposium, Feb. 2002.Google Scholar
- Internet security research lab-projects. Web Page, May 2005. http://isrl.cs.byu.edu/TrustBuilder.html.Google Scholar
- H. Koshutanski and F. Massacci. Interactive access control for web services. In 19th IFIP Information Security Conference (SEC), pages 151--166, Aug. 2004.Google ScholarCross Ref
- H. Koshutanski and F. Massacci. Interactive trust management and negotiation scheme. In 2nd International Workshop on Formal Aspects in Security and Trust (FAST), pages 139--152, Aug. 2004.Google Scholar
- H. Koshutanski and F. Massacci. Interactive credential negotiation for stateful business processes. In 3rd International Conference on Trust Management (iTrust), pages 257--273, May 2005. Google ScholarDigital Library
- N. Li and J. Mitchell. RT: A role-based trust-management framework. In Third DARPA Information Survivability Conference and Exposition, Apr. 2003. Google ScholarDigital Library
- J. Novotny, S. Tuecke, and V. Welch. An online credential repository for the grid: MyProxy. In Tenth International Symposium on High Performance Distributed Computing (HPDC-10), Aug. 2001. Google ScholarDigital Library
- A. J. O'Donnell and H. Sethu. On achieving software diversity for improved network security using distributed coloring algorithms. In 11th ACM Conference on Computer and Communications Security, Oct. 2004. Google ScholarDigital Library
- L. Pearlman, V. Welch, I. Foster, C. Kesselman, and C. Tuecke. A community authorization service for group collaboration. In IEEE 3rd International Workshop on Policies for Distributed Systems and Networks, 2002. Google ScholarDigital Library
- T. Ryutov, L. Zhou, C. Neuman, T. Leithead, and K. E. Seamons. Adaptive trust negotiation and access control. In 10th ACM Symposium on Access Control Models and Technologies, Jun. 2005. Google ScholarDigital Library
- J. H. Saltzer and M. D. Schroeder. The protection of information in computer systems. Proceedings of the IEEE, 63(9):1278--1308, Sep. 1975.Google ScholarCross Ref
- A. Shamir. How to share a secret. Communications of the ACM, 22(11):612--613, Nov. 1979. Google ScholarDigital Library
- L. Wang, D. Wijesekera, and S. Jajodia. A logic-based framework for attribute based access control. In 2nd ACM Workshop on Formal Methods in Security Engineering (FMSE 2004), pages 45--55, Oct. 2004. Google ScholarDigital Library
- V. Welch, F. Siebenlist, I. Foster, J. Bresnahan, K. Czajkowski, J. Gawor, C. Kesselman, S. Meder, L. Pearlman, and S. Tuecke. Security for grid services. In Twelfth International Symposium on High Performance Distributed Computing (HPDC-12), Jun. 2003. Google ScholarDigital Library
- W. H. Winsborough and N. Li. Towards practical automated trust negotiation. In Third IEEE International Workshop on Policies for Distributed Systems and Networks, Jun. 2002. Google ScholarDigital Library
- W. H. Winsborough, K. E. Seamons, and V. E. Jones. Automated trust negotiation. In DARPA Information Survivability Conference and Exposition, Jan. 2000. Google ScholarDigital Library
- M. Winslett, T. Yu, K. E. Seamons, A. Hess, J. Jacobson, R. Jarvis, B. Smith, and L. Yu. The TrustBuilder architecture for trust negotiation. IEEE Internet Computing, 6(6):30--37, Nov./Dec. 2002. Google ScholarDigital Library
- M. Winslett, C. Zhang, and P. A. Bonatti. PeerAccess: A logic for distributed authorization. In Proceedings of the 12th ACM Conference on Computer and Communications Security (CCS 2005), Nov. 2005. Google ScholarDigital Library
- T. Ylonen and C. Lonvick. SSH transport layer protocol. IETF Network Working Group Internet-Draft, Mar. 2005. http://www.ietf.org/internet-drafts/draft-ietf-secsh-transport-24. txt.Google Scholar
- T. Yu, M. Winslett, and K. E. Seamons. Supporting structured credentials and sensitive policies through interoperable strategies for automated trust negotiation. ACM Transactions on Information and System Security, 6(1), Feb. 2003. Google ScholarDigital Library
- Y. Zhang, H. Vin, L. Alvisi, W. Lee, and S. K. Dao. Heterogeneous networking: A new survivability paradigm. In 2001 Workshop on New Security Paradigms, pages 33--39, 2001. Google ScholarDigital Library
Index Terms
- Traust: a trust negotiation-based authorization service for open systems
Recommendations
The Traust Authorization Service
In recent years, trust negotiation has been proposed as a novel authorization solution for use in open-system environments, in which resources are shared across organizational boundaries. Researchers have shown that trust negotiation is indeed a viable ...
Protecting sensitive attributes in automated trust negotiation
WPES '02: Proceedings of the 2002 ACM workshop on Privacy in the Electronic SocietyExchange of attribute credentials is a means to establish mutual trust between strangers that wish to share resources or conduct business transactions. Automated Trust Negotiation (ATN) is an approach to regulate the flow of sensitive attributes during ...
An access control model for dynamic client-side content
SACMAT '03: Proceedings of the eighth ACM symposium on Access control models and technologiesThe focus of access control in client/server environments is on protecting sensitive server resources by determining whether or not a client is authorized to access those resources. The set of resources are usually static, and an access control policy ...
Comments