Presentation is loading. Please wait.

Presentation is loading. Please wait.

Trust-X: A Peer-to-Peer Framework for Trust Establishment Elisa Bertino, et.al. Presented by: Carlos Caicedo.

Published byMarcus Greer Modified over 9 years ago

Similar presentations

Presentation on theme: "Trust-X: A Peer-to-Peer Framework for Trust Establishment Elisa Bertino, et.al. Presented by: Carlos Caicedo."— Presentation transcript:

1 Trust-X: A Peer-to-Peer Framework for Trust Establishment Elisa Bertino, et.al. Presented by: Carlos Caicedo

2 Introduction Trust establishment via trust negotiation Exchange of digital credentials Credential exchange has to be protected Policies for credential disclosure Claim: Current approaches to trust negotiation don’t provide a comprehensive solution that takes into account all phases of the negotiation process

3 Trust Negotiation model Client Policy Base Server Policy Base Resource request Policies Subject Profile Resource granted Credentials

4 Trust-X XML-based system Designed for a peer-to-peer environment Both parties are equally responsible for negotiation management. Either party can act as a requester or a controller of a resource X-TNL: XML based language for specifying certificates and policies

5 Trust-X (2) Certificates: They are of two types Credentials: States personal characteristics of its owner and is certified by a CA Declarations: collect personal information about its owner that does not need to be certified Trust tickets (X-TNL) Used to speed up negotiations for a resource when access was granted in a previous negotiation Support for policy pre-conditions Negotiation conducted in phases

6 Trust-X (3) a) Credential b) Declaration

7 The basic Trust- X system Tree TreeManager Manager X Profile Policy Database ComplianceChecker ComplianceChecker AliceBob

8 Bob Prerequisite acknowledge Match disclosure policies Alice Request RESOURCE DISCLOSURE Message exchange in a Trust- X negotiation POLICY EXCHANGE Bilateral disclosure of policies INTRODUCTORY PHASE Preliminary Information exchange CREDENTIAL DISCLOSURE Actual credential disclosure Service request Credential and/or Declaration Disclosure policies Service granted Disclosure policies Credential and/or Declaration

9 Disclosure Policies “They state the conditions under which a resource can be released during a negotiation” Prerequisites – associated to a policy, it’s a set of alternative disclosure policies that must be satisfied before the disclosure of the policy they refer to.

10 Modeling negotiation: logic formalism P() credential type C set of conditions P(C) TERM R  P 1 (c), P 2 (c) Policy expressed as Resource which the policy refers to Requested certificates Disclosure policies are expressed in terms of logical expressions which can specify either simple or composite conditions against certificates. Slide from: http://www.ccs.neu.edu/home/ahchan/wsl/symposium/bertino.ppt

11 Example Consider a Rental Car service. The service is free for the employees of Corrier company. Moreover, the Company already knows Corrier employees and has a digital copy of their driving licenses. Thus, it only asks the employees for the company badge and a valid copy of the ID card, to double check the ownership of the badge. By contrast, rental service is available on payment for unknown requesters, who have to submit first a digital copy of their driving licence and then a valid credit card. These requirements can be formalized as follows:

12 Example (2)

13 Trust-X negotiation

14 Negotiation Tree Used in the policy evaluation phase Maintains the progress of a negotiation Used to identify at least a possible trust sequence that can lead to success in a negotiation (a view)

15 Negotiation Tree (2)

16 Comparison of Trust Negotiation Systems

17

Download ppt "Trust-X: A Peer-to-Peer Framework for Trust Establishment Elisa Bertino, et.al. Presented by: Carlos Caicedo."

Similar presentations

What is. Digital Certificate It is an identity.

What is. Digital Certificate It is an identity.
Policy Based Dynamic Negotiation for Grid Services Authorization Infolunch, L3S Research Center Hannover, 29 th Jun. 2005 Ionut Constandache Daniel Olmedilla.

Policy Based Dynamic Negotiation for Grid Services Authorization Infolunch, L3S Research Center Hannover, 29 th Jun Ionut Constandache Daniel Olmedilla.
Windows 2000 Security --Kerberos COSC513 Project Sihua Xu June 13, 2014.

Windows 2000 Security --Kerberos COSC513 Project Sihua Xu June 13, 2014.
Chapter 14 – Authentication Applications

Chapter 14 – Authentication Applications
CSCE 815 Network Security Lecture 10 KerberosX.509 February 13, 2003.

CSCE 815 Network Security Lecture 10 KerberosX.509 February 13, 2003.
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
PIS: Unit III Digital Signature & Authentication Sanjay Rawat PIS Unit 3 Digital Sign Auth Sanjay Rawat1 Based on the slides of Lawrie.

PIS: Unit III Digital Signature & Authentication Sanjay Rawat PIS Unit 3 Digital Sign Auth Sanjay Rawat1 Based on the slides of Lawrie.
Automatic Trust Negotiation 1Dennis Kafura – CS5204 – Operating Systems.

Automatic Trust Negotiation 1Dennis Kafura – CS5204 – Operating Systems.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
Chapter 4 Authentication Applications. Objectives: authentication functions developed to support application-level authentication & digital signatures.

Chapter 4 Authentication Applications. Objectives: authentication functions developed to support application-level authentication & digital signatures.
1 Security Assertion Markup Language (SAML). 2 SAML Goals Create trusted security statements –Example: Bill’s address is and he was authenticated.

1 Security Assertion Markup Language (SAML). 2 SAML Goals Create trusted security statements –Example: Bill’s address is and he was authenticated.
Agenda Trust negotiation frameworks Introduction TrustBuilder Trust-X Laboratory assignment #2 IPSec review IPSec connections and configuration requirements.

Agenda Trust negotiation frameworks Introduction TrustBuilder Trust-X Laboratory assignment #2 IPSec review IPSec connections and configuration requirements.
Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (http://www.ag-nbi.de)http://www.ag-nbi.de.

Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (
1 Authentication Applications Digital Signatures Security Concerns X.509 Authentication Service Kerberos Based on slides by Dr. Lawrie Brown of the Australian.

1 Authentication Applications Digital Signatures Security Concerns X.509 Authentication Service Kerberos Based on slides by Dr. Lawrie Brown of the Australian.
1 Trust and Privacy in Authorization Bharat Bhargava Yuhui Zhong Leszek Lilien CERIAS Security Center CWSA Wireless Center Department of CS and ECE Purdue.

1 Trust and Privacy in Authorization Bharat Bhargava Yuhui Zhong Leszek Lilien CERIAS Security Center CWSA Wireless Center Department of CS and ECE Purdue.
Privacy-Preserving Trust Negotiations Mikhail Atallah Department of Computer Science Purdue University.

Privacy-Preserving Trust Negotiations Mikhail Atallah Department of Computer Science Purdue University.

Similar presentations

Ads by Google