Abstract
In recent years, trust negotiation has been proposed as a novel authorization solution for use in open-system environments, in which resources are shared across organizational boundaries. Researchers have shown that trust negotiation is indeed a viable solution for these environments by developing a number of policy languages and strategies for trust negotiation that have desirable theoretical properties. Further, existing protocols, such as TLS, have been altered to interact with prototype trust negotiation systems, thereby illustrating the utility of trust negotiation. Unfortunately, modifying existing protocols is often a time-consuming and bureaucratic process that can hinder the adoption of this promising technology.
In this paper, we present Traust, a third-party authorization service that leverages the strengths of existing prototype trust negotiation systems. Traust acts as an authorization broker that issues access tokens for resources in an open system after entities use trust negotiation to satisfy the appropriate resource access policies. The Traust architecture was designed to allow Traust to be integrated either directly with newer trust-aware applications or indirectly with existing legacy applications; this flexibility paves the way for the incremental adoption of trust negotiation technologies without requiring widespread software or protocol upgrades. We discuss the design and implementation of Traust, the communication protocol used by the Traust system, and its performance. We also discuss our experiences using Traust to broker access to legacy resources, our proposal for a Traust-aware version of the GridFTP protocol, and Traust's resilience to attack.
- Allcock, W. 2003. GridFTP protocol specification. Global Grid Forum Recommendation GFD.20. ⟨http://www.globus.org/alliance/publications/papers/GFD-R.0201.pdf⟩.Google Scholar
- Basney, J. 2005. MyProxy protocol. Global Grid Forum Experimental Document GFD-E.54.Google Scholar
- Basney, J., Humphrey, M., and Welch, V. 2005. The MyProxy online credential repository. Soft.: Prac. Exper. 35, 9 (July) 801--816. Google ScholarDigital Library
- Bauer, L., Garriss, S., and Reiter, M. K. 2005. Distributed proving in access-control systems. In Proceedings of the IEEE Symposium on Security and Privacy. 81--95. Google ScholarDigital Library
- Becker, M. Y. and Sewell, P. 2004. Cassandra: Distributed access control policies with tunable expressiveness. In Proceedings of the 5th IEEE International Workshop on Policies for Distributed Systems and Networks. 159--168. Google ScholarDigital Library
- Berners-Lee, T., Fielding, R. T., and Masinter, L. 2005. Uniform resource identifier (URI): Generic syntax. IETF Request for Comments RFC-3986. Google ScholarDigital Library
- Berners-Lee, T., Masinter, L., and McCahill, M. 1994. Uniform resource locators (URL). IETF Request for Comments RFC-1738. Google ScholarDigital Library
- Bertino, E., Ferrari, E., and Squicciarini, A. C. 2003. X-TNL: An XML-based language for trust negotiations. In Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'03). 81--84. Google ScholarDigital Library
- Bertino, E., Ferrari, E., and Squicciarini, A. C. 2004. Trust-X: A peer-to-peer framework for trust establishment. IEEE Trans. Knowl. Data Eng. 16, 7 (July) 827--842. Google ScholarDigital Library
- Blakley, G. R. 1979. Safeguarding cryptographic keys. In AFIPS Conference Proceedings. Vol. 48. 313--317.Google Scholar
- Bonatti, P. and Samarati, P. 2000. Regulating service access and information release on the Web. In Proceedings of the 7th ACM Conference on Computer and Communications Security. 134--143. Google ScholarDigital Library
- Borders, K., Zhao, X., and Prakash, A. 2005. CPOL: High-performance policy evaluation. In Proceedings of the 12th ACM Conference on Computer and Communications Security (CCS'05). 147--157. Google ScholarDigital Library
- Camenisch, J. and Herreweghen, E. V. 2002. Design and implementation of the idemix anonymous credential system. In Proceedings of the 9th ACM Conference on Computer and Communications Security. 21--30. Google ScholarDigital Library
- Dierks, T. and Allen, C. 1999. The TLS protocol version 1.0. IETF Request for Comments RFC-2246. Google ScholarDigital Library
- Dolev, D. and Yao, A. C. 1983. On the security of public key protocols. IEEE Trans. Inform. Theory IT-29, 2 (March) 198--208.Google ScholarDigital Library
- Herzberg, A., Mass, Y., Michaeli, J., Naor, D., and Ravid, Y. 2000. Access control meets public key infrastructure, or: assigning roles to strangers. In Proceedings of the IEEE Symposium on Security and Privacy. 2--14. Google ScholarDigital Library
- Hess, A., Holt, J., Jacobson, J., and Seamons, K. E. 2004. Content-triggered trust negotiation. ACM Trans. Inform. Syst. Secur. 7, 3 (Aug.) 428--456. Google ScholarDigital Library
- Hess, A., Jacobson, J., Mills, H., Wamsley, R., Seamons, K. E., and Smith, B. 2002. Advanced client/server authentication in TLS. In Proceedings of the Network and Distributed Systems Security Symposium. 203--214.Google Scholar
- Holt, J., Bradshaw, R., Seamons, K. E., and Orman, H. 2003. Hidden credentials. In Proceedings of the 2nd ACM Workshop on Privacy in the Electronic Society. 1--8. Google ScholarDigital Library
- ISRL. 2005. Internet security research lab--projects. ⟨http://isrl.cs.byu.edu/TrustBuilder.html⟩.Google Scholar
- Koshutanski, H. and Massacci, F. 2004a. Interactive access control for web services. In Proceedings of the 19th IFIP Information Security Conference (SEC). 151--166.Google Scholar
- Koshutanski, H. and Massacci, F. 2004b. Interactive trust management and negotiation scheme. In Proceedings of the Second International Workshop on Formal Aspects in Security and Trust (FAST). 139--152.Google Scholar
- Koshutanski, H. and Massacci, F. 2005. Interactive credential negotiation for stateful business processes. In Proceedings of the 3rd International Conference on Trust Management (iTrust). 257--273. Google ScholarDigital Library
- Lee, A. J. and Winslett, M. 2006. Virtual fingerprinting as a foundation for reputation in open systems. In Proceedings of the 4th International Conference on Trust Management (iTrust'06). Number 3986 in Lecture Notes in Computer Science. Springer, 236--251. Google ScholarDigital Library
- Li, J., Li, N., and Winsborough, W. H. 2005. Automated trust negotiation using cryptographic credentials. In Proceedings of 12th ACM Conference on Computer and Communications Security (CCS). 46--57. Google ScholarDigital Library
- Li, N., Du, W., and Boneh, D. 2003. Oblivious signature-based envelope. In Proceedings of the 22nd ACM Symposium on Principles of Distributed Computing. 182--189. Google ScholarDigital Library
- Li, N. and Mitchell, J. C. 2003. RT: A role-based trust-management framework. In Proceedings of the 3rd DARPA Information Survivability Conference and Exposition. 201--212.Google Scholar
- Li, N., Winsborough, W. H., and Mitchell, J. C. 2003. Distributed credential chain discovery in trust management. J. Comput. Secur. 11, 1 (Feb.) 35--86. Google ScholarDigital Library
- Minami, K. and Kotz, D. 2005. Secure context-sensitive authorization. J. Pervas. Mobile Comput. 1, 1 (March) 123--156. Google ScholarDigital Library
- Minami, K. and Kotz, D. 2006. Scalability in a secure distributed proof system. In Proceedings of the International Conference on Pervasive Computing. 220--237. Google ScholarDigital Library
- Moats, R. 1997. URN syntax. IETF Request for Comments RFC-2141. Google ScholarDigital Library
- Morris, J. H., Satyanarayanan, M., Conner, M. H., Howard, J. H., Rosenthal, D. S., and Smith, F. D. 1986. Andrew: A distributed personal computing environment. Comm. ACM 29, 3 (March) 184--201. Google ScholarDigital Library
- Novotny, J., Tuecke, S., and Welch, V. 2001. An online credential repository for the grid: MyProxy. In Proceedings of the International Symposium on High Performance Distributed Computing (HPDC-10). 104--111. Google ScholarDigital Library
- O'Donnell, A. J. and Sethu, H. 2004. On achieving software diversity for improved network security using distributed coloring algorithms. In Proceedings of the 11th ACM Conference on Computer and Communications Security. 121--131. Google ScholarDigital Library
- Pearlman, L., Welch, V., Foster, I., Kesselman, C., and Tuecke, C. 2002. A community authorization service for group collaboration. In Proceedings of the 3rd IEEE International Workshop on Policies for Distributed Systems and Networks. 50--59. Google ScholarDigital Library
- Postel, J. and Reynolds, J. 1985. File transfer protocol (FTP). IETF Request for Comments RFC-959. Google ScholarDigital Library
- Ryutov, T., Zhou, L., Neuman, C., Leithead, T., and Seamons, K. E. 2005. Adaptive trust negotiation and access control. In Proceedings of the Tenth ACM Symposium on Access Control Models and Technologies. 139--146. Google ScholarDigital Library
- Sahai, A. and Waters, B. 2005. Fuzzy identity based encryption. In Proceedings of Eurocrypt. Lecture Notes in Computer Science, vol. 3494, Springer, 457--473. Google ScholarDigital Library
- Saltzer, J. H. and Schroeder, M. D. 1975. The protection of information in computer systems. In Proceedings of IEEE 63, 9 (Sept.) 1278--1308.Google ScholarCross Ref
- Shamir, A. 1979. How to share a secret. Comm. ACM 22, 11 (Nov.) 612--613. Google ScholarDigital Library
- Tuecke, S., Welch, V., Engert, D., Pearlman, L., and Thompson, M. 2004. Internet X.509 public key infrastructure (PKI) proxy certificate profile. IETF Request for Comments RFC-3820.Google Scholar
- Wang, L., Wijesekera, D., and Jajodia, S. 2004. A logic-based framework for attribute based access control. In Proceedings of the 2nd ACM Workshop on Formal Methods in Security Engineering (FMSE'04). 45--55. Google ScholarDigital Library
- Welch, V., Siebenlist, F., Foster, I., Bresnahan, J., Czajkowski, K., Gawor, J., Kesselman, C., Meder, S., Pearlman, L., and Tuecke, S. 2003. Security for grid services. In Proceedings of the 12th International Symposium on High Performance Distributed Computing (HPDC12). 48--57. Google ScholarDigital Library
- Winsborough, W. H. and Li, N. 2002. Towards practical automated trust negotiation. In Proceedings of the 3rd IEEE International Workshop on Policies for Distributed Systems and Networks. 92--103. Google ScholarDigital Library
- Winsborough, W. H., Seamons, K. E., and Jones, V. E. 2000. Automated trust negotiation. In Proceedings of the DARPA Information Survivability Conference and Exposition. 88--102.Google Scholar
- Winslett, M., Yu, T., Seamons, K. E., Hess, A., Jacobson, J., Jarvis, R., Smith, B., and Yu, L. 2002. The TrustBuilder architecture for trust negotiation. IEEE Intern. Comput. 6, 6 (Nov./Dec.) 30--37. Google ScholarDigital Library
- Winslett, M., Zhang, C., and Bonatti, P. A. 2005. PeerAccess: A logic for distributed authorization. In Proceedings of the 12th ACM Conference on Computer and Communications Security (CCS'05). 168--179. Google ScholarDigital Library
- Ylonen, T. and Lonvick, C. 2005. SSH transport layer protocol. IETF Network Working Group Internet-Draft.Google Scholar
- Yu, T., Winslett, M., and Seamons, K. E. 2003. Supporting structured credentials and sensitive policies through interoperable strategies for automated trust negotiation. ACM Trans. Inform. Syst. Secur. 6, 1 (Feb.) 1--42. Google ScholarDigital Library
- Zhang, Y., Vin, H., Alvisi, L., Lee, W., and Dao, S. K. 2001. Heterogeneous networking: A new survivability paradigm. In Proceedings of the Workshop on New Security Paradigms. 33--39. Google ScholarDigital Library
Index Terms
- The Traust Authorization Service
Recommendations
Traust: a trust negotiation-based authorization service for open systems
SACMAT '06: Proceedings of the eleventh ACM symposium on Access control models and technologiesIn recent years, trust negotiation (TN) has been proposed as a novel access control solution for use in open system environments in which resources are shared across organizational boundaries. Researchers have shown that TN is indeed a viable solution ...
Protecting sensitive attributes in automated trust negotiation
WPES '02: Proceedings of the 2002 ACM workshop on Privacy in the Electronic SocietyExchange of attribute credentials is a means to establish mutual trust between strangers that wish to share resources or conduct business transactions. Automated Trust Negotiation (ATN) is an approach to regulate the flow of sensitive attributes during ...
Safety in automated trust negotiation
Exchange of attribute credentials is a means to establish mutual trust between strangers wishing to share resources or conduct business transactions. Automated Trust Negotiation (ATN) is an approach to regulate the exchange of sensitive information ...
Comments