Trust-X: A Peer-to-Peer Framework for Trust Establishment Elisa Bertino, et.al. Presented by: Carlos Caicedo.

Slides:



Advertisements
Similar presentations
What is. Digital Certificate It is an identity.
Advertisements

Policy Based Dynamic Negotiation for Grid Services Authorization Infolunch, L3S Research Center Hannover, 29 th Jun Ionut Constandache Daniel Olmedilla.
Windows 2000 Security --Kerberos COSC513 Project Sihua Xu June 13, 2014.
Chapter 14 – Authentication Applications
CSCE 815 Network Security Lecture 10 KerberosX.509 February 13, 2003.
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
PIS: Unit III Digital Signature & Authentication Sanjay Rawat PIS Unit 3 Digital Sign Auth Sanjay Rawat1 Based on the slides of Lawrie.
Automatic Trust Negotiation 1Dennis Kafura – CS5204 – Operating Systems.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
Chapter 4 Authentication Applications. Objectives: authentication functions developed to support application-level authentication & digital signatures.
1 Security Assertion Markup Language (SAML). 2 SAML Goals Create trusted security statements –Example: Bill’s address is and he was authenticated.
Agenda Trust negotiation frameworks Introduction TrustBuilder Trust-X Laboratory assignment #2 IPSec review IPSec connections and configuration requirements.
Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (
1 Authentication Applications Digital Signatures Security Concerns X.509 Authentication Service Kerberos Based on slides by Dr. Lawrie Brown of the Australian.
1 Trust and Privacy in Authorization Bharat Bhargava Yuhui Zhong Leszek Lilien CERIAS Security Center CWSA Wireless Center Department of CS and ECE Purdue.
Privacy-Preserving Trust Negotiations Mikhail Atallah Department of Computer Science Purdue University.
ECONOMICS Year in review. Market economy – economic system in which the people, rather than the government, own the resources and run the business Mixed.
A Trust Based Assess Control Framework for P2P File-Sharing System Speaker : Jia-Hui Huang Adviser : Kai-Wei Ke Date : 2004 / 3 / 15.
1 Using Certified Policies to Regulate E-Commerce Transactions Victoria Ungureanu Rutgers University.
Asper School of Business University of Manitoba Systems Analysis & Design Instructor: Bob Travica System interfaces Updated: November 2014.
An Access Control Model for Video Database Systems As a joint work of: Elisa Bertino 1, Ahmed K. Elmagarmid 2 and Moustafa M. Hammad 2 1 Dipartimento di.
SLIDE 1 Department of Computer Science A flexible access control model for web services Elisa Bertino, Anna Cinzia Squicciarini Lorenzo Martino, Federica.
Security Management.
Trust Course CS Grid and Peer-to-Peer Computing Gerardo Padilla.
IDENTITY MANAGEMENT Hoang Huu Hanh (PhD), OST – Hue University hanh-at-hueuni.edu.vn.
Trust Negotiation Concepts and Issues Elisa Bertino CS & ECE Departments, CERIAS Purdue University Boston November 9, 2004.
Part Two Network Security Applications Chapter 4 Key Distribution and User Authentication.
SWIS Digital Inspections Project (SWIS DIP) Chris Allen, Information Management Branch California Integrated Waste Management Board November 5, 2008 The.
Automatic Trust Negotiation Presented by: Scott Hackman 1Scott Hackman – CS5204 – Operating Systems.
Web Policy Zeitgeist Panel SWPW 2005 – Galway, Ireland Piero Bonatti, November 7th, 2005.
SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.
Adaptive Trust Negotiation and Access Control Tatyana Ryutov, et.al. Presented by: Carlos Caicedo.
TRUST NEGOTIATION IN ONLINE BUSINESS TRANSACTIONS BY CHANDRAKANTH REDDY.
OHT 11.1 © Marketing Insights Limited 2004 Chapter 9 Analysis and Design EC Security.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 22 – Internet Authentication.
SECURITY MANAGEMENT Key Management in the case of public-key cryptosystems, we assumed that a sender of a message had the public key of the receiver at.
SAML CCOW Work Item HL7 Working Group Meeting San Antonio - January 2008 Presented by: David Staggs, JD CISSP VHA Office of Information Standards.
Proof-Carrying Code & Proof-Carrying Authentication Stuart Pickard CSCI 297 June 2, 2005.
A Flexible Access Control Model for Web Services Elisa Bertino CERIAS and CS Department, Purdue University Joint work with Anna C. Squicciarini – University.
SAML: An XML Framework for Exchanging Authentication and Authorization Information + SPML, XCBF Prateek Mishra August 2002.
WS-Trust “From each,according to his ability;to each, according to his need. “ Karl marx Ahmet Emre Naza Selçuk Durna
Cryptography and Network Security Chapter 14 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Claims-Based Identity Solution Architect Briefing zoli.herczeg.ro Taken from David Chappel’s work at TechEd Berlin 2009.
Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Policies September 7, 2010.
Workshop IV Current Developments in Digital Trust.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Hidden Access Control Policies with Hidden Credentials Keith Frikken, Mikhail Atallah, Jiangtao Li CERIAS and Department of Computer Sciences Purdue University.
Secure . is a means of exchanging digital messages from an author to one or more recipients – it is instant with no delay or postal costs.
Key Management. Authentication Using Public-Key Cryptography  K A +, K B + : public keys Alice Bob K B + (A, R A ) 1 2 K A + (R A, R B,K A,B ) 3 K A,B.
Web Services Security Patterns Alex Mackman CM Group Ltd
User Authentication  fundamental security building block basis of access control & user accountability  is the process of verifying an identity claimed.
Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Policies June 2011.
An electronic phytosanitary certificate. Is NOT a copy of a printed phytosanitary certificate that is ed. Is a secured data set using XML for transmission.
Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #18 Secure Knowledge Management:
Pertemuan #8 Key Management Kuliah Pengaman Jaringan.
U.S. Department of Agriculture eGovernment Program eAuthentication Initiative eAuthentication Solution Screens Review Meeting October 7, 2003.
Simile Billing Process. On the 20 th of the month the Project Administrators monthly billing reminders to all subcontractors that need to be paid.
Advanced Client/Server Authentication in TLS
SSL Certificates for Secure Websites
Kent Seamons Brigham Young University Marianne Winslett, Ting Yu
Cryptography and Network Security
Authentication Applications
Protecting Privacy During On-line Trust Negotiation
Policy Language Requirements for Trust Negotiation
Presentation transcript:

Trust-X: A Peer-to-Peer Framework for Trust Establishment Elisa Bertino, et.al. Presented by: Carlos Caicedo

Introduction Trust establishment via trust negotiation Exchange of digital credentials Credential exchange has to be protected Policies for credential disclosure Claim: Current approaches to trust negotiation don’t provide a comprehensive solution that takes into account all phases of the negotiation process

Trust Negotiation model Client Policy Base Server Policy Base Resource request Policies Subject Profile Resource granted Credentials

Trust-X XML-based system Designed for a peer-to-peer environment Both parties are equally responsible for negotiation management. Either party can act as a requester or a controller of a resource X-TNL: XML based language for specifying certificates and policies

Trust-X (2) Certificates: They are of two types Credentials: States personal characteristics of its owner and is certified by a CA Declarations: collect personal information about its owner that does not need to be certified Trust tickets (X-TNL) Used to speed up negotiations for a resource when access was granted in a previous negotiation Support for policy pre-conditions Negotiation conducted in phases

Trust-X (3) a) Credential b) Declaration

The basic Trust- X system Tree TreeManager Manager X Profile Policy Database ComplianceChecker ComplianceChecker AliceBob

Bob Prerequisite acknowledge Match disclosure policies Alice Request RESOURCE DISCLOSURE Message exchange in a Trust- X negotiation POLICY EXCHANGE Bilateral disclosure of policies INTRODUCTORY PHASE Preliminary Information exchange CREDENTIAL DISCLOSURE Actual credential disclosure Service request Credential and/or Declaration Disclosure policies Service granted Disclosure policies Credential and/or Declaration

Disclosure Policies “They state the conditions under which a resource can be released during a negotiation” Prerequisites – associated to a policy, it’s a set of alternative disclosure policies that must be satisfied before the disclosure of the policy they refer to.

Modeling negotiation: logic formalism P() credential type C set of conditions P(C) TERM R  P 1 (c), P 2 (c) Policy expressed as Resource which the policy refers to Requested certificates Disclosure policies are expressed in terms of logical expressions which can specify either simple or composite conditions against certificates. Slide from:

Example Consider a Rental Car service. The service is free for the employees of Corrier company. Moreover, the Company already knows Corrier employees and has a digital copy of their driving licenses. Thus, it only asks the employees for the company badge and a valid copy of the ID card, to double check the ownership of the badge. By contrast, rental service is available on payment for unknown requesters, who have to submit first a digital copy of their driving licence and then a valid credit card. These requirements can be formalized as follows:

Example (2)

Trust-X negotiation

Negotiation Tree Used in the policy evaluation phase Maintains the progress of a negotiation Used to identify at least a possible trust sequence that can lead to success in a negotiation (a view)

Negotiation Tree (2)

Comparison of Trust Negotiation Systems

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.