Automatic Trust Negotiation
description
Transcript of Automatic Trust Negotiation
![Page 1: Automatic Trust Negotiation](https://reader036.fdocuments.in/reader036/viewer/2022062815/5681692b550346895de06ce0/html5/thumbnails/1.jpg)
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
Automatic Trust Negotiation
Rajesh Gangamhttp://people.cs.vt.edu/~gangamra/index.html
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
![Page 2: Automatic Trust Negotiation](https://reader036.fdocuments.in/reader036/viewer/2022062815/5681692b550346895de06ce0/html5/thumbnails/2.jpg)
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
Quick Facts of Logic /Deductive Language. Predicates: p and q
True, False Is p OR q ⇔ NOT( (NOT p) AND (NOT q)) ?
Yes! With “logical NOT” and “logical AND” You can
make any logic statement. Positive Rules or Horn clause.
No NOT Statement Only “Logical AND”
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
![Page 3: Automatic Trust Negotiation](https://reader036.fdocuments.in/reader036/viewer/2022062815/5681692b550346895de06ce0/html5/thumbnails/3.jpg)
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
Demo of PROTUNE http://policy.l3s.uni-hannover.de:9080/
policyFramework/protune/demo.html
![Page 4: Automatic Trust Negotiation](https://reader036.fdocuments.in/reader036/viewer/2022062815/5681692b550346895de06ce0/html5/thumbnails/4.jpg)
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
No Registration Needed: How to use Declarative Policies an Negotiation to access Sensitive Resources on the Semantic Web.
Rita Gavriloaie,Wolfgang Nejdl,Daniel Olmedilla,Kent E. SeamonsMarianne Winslett
![Page 5: Automatic Trust Negotiation](https://reader036.fdocuments.in/reader036/viewer/2022062815/5681692b550346895de06ce0/html5/thumbnails/5.jpg)
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
Overview Problem Solution Trust Negotiation Guarded Distributed Logic Programs “PeerTrust” execution environment. Application Scenario.
![Page 6: Automatic Trust Negotiation](https://reader036.fdocuments.in/reader036/viewer/2022062815/5681692b550346895de06ce0/html5/thumbnails/6.jpg)
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
Problems In Web Resource Access
Registration, Login/Password No Automation
Trust based on Shared Information of Service One Way of Trust.
Two Way Trust / Conditional Disclosure. Multiple Levels of Trust. Validity of Information, No Standards.
![Page 7: Automatic Trust Negotiation](https://reader036.fdocuments.in/reader036/viewer/2022062815/5681692b550346895de06ce0/html5/thumbnails/7.jpg)
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
Proposal/Solution: Policy based access control. Automated Trust negotiation.
Semantic Web
User
Trust
User
Trust
![Page 8: Automatic Trust Negotiation](https://reader036.fdocuments.in/reader036/viewer/2022062815/5681692b550346895de06ce0/html5/thumbnails/8.jpg)
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
Trust Negotiation Digital Credentials.
Credential Issuer X.509 certificates Anonymous credentials/ Zero Knowledge
Simplest Form. Signed XML statements.
![Page 9: Automatic Trust Negotiation](https://reader036.fdocuments.in/reader036/viewer/2022062815/5681692b550346895de06ce0/html5/thumbnails/9.jpg)
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
Trust Negotiation Vs Traditional Trust Mutual Trust with Digital credentials. Resources protected by ACL
Includes Services, Roles, Credentials. Policies, Capabilities.
Equivalent Peer to Peer Trust.
![Page 10: Automatic Trust Negotiation](https://reader036.fdocuments.in/reader036/viewer/2022062815/5681692b550346895de06ce0/html5/thumbnails/10.jpg)
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
Goal Resource “R” and Credentials “C”. R C1 AND C2…. AND Ck
![Page 11: Automatic Trust Negotiation](https://reader036.fdocuments.in/reader036/viewer/2022062815/5681692b550346895de06ce0/html5/thumbnails/11.jpg)
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
PeerTrust Guarded Distributed Logic Program PeerTrust Logic Program Distributed Logic Program Guarded Logic Program
![Page 12: Automatic Trust Negotiation](https://reader036.fdocuments.in/reader036/viewer/2022062815/5681692b550346895de06ce0/html5/thumbnails/12.jpg)
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
PeerTrust Logic Program Its Horn’s Clause. No Negative Rules.
![Page 13: Automatic Trust Negotiation](https://reader036.fdocuments.in/reader036/viewer/2022062815/5681692b550346895de06ce0/html5/thumbnails/13.jpg)
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
Distributed Logic Program References to Other Peers.
Issuer argument Delegation of the Rule Evaluation to the Peer/Third
Party. ( Like RPC – Remote Procedure Call) Nested References ( Like Nested RPC). Attached to Evaluation part of String.
Requester argument Nested References. Attached to Result Part of String.
![Page 14: Automatic Trust Negotiation](https://reader036.fdocuments.in/reader036/viewer/2022062815/5681692b550346895de06ce0/html5/thumbnails/14.jpg)
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
Distributed Logic Program Local Rules
ACL rules Party specific rules Cached rules (Needs Signed Rules)
Signed Rules Rules can be signed. Reference Rules Should/Must be signed.
![Page 15: Automatic Trust Negotiation](https://reader036.fdocuments.in/reader036/viewer/2022062815/5681692b550346895de06ce0/html5/thumbnails/15.jpg)
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
Guarded Logic Guards
Precedence Order of Rules In Parallel Logic Programming Systems.
Public and Private Predicates Object Oriented Rules.
![Page 16: Automatic Trust Negotiation](https://reader036.fdocuments.in/reader036/viewer/2022062815/5681692b550346895de06ce0/html5/thumbnails/16.jpg)
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
![Page 17: Automatic Trust Negotiation](https://reader036.fdocuments.in/reader036/viewer/2022062815/5681692b550346895de06ce0/html5/thumbnails/17.jpg)
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
Execution Environment Dynamic Policy for each resource.
Act on Meta-Data Security Infrastructure.
![Page 18: Automatic Trust Negotiation](https://reader036.fdocuments.in/reader036/viewer/2022062815/5681692b550346895de06ce0/html5/thumbnails/18.jpg)
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
Conclusion The problem of explicit registration is solved. Guarded Distributed Logic Programs is
Developed.
![Page 19: Automatic Trust Negotiation](https://reader036.fdocuments.in/reader036/viewer/2022062815/5681692b550346895de06ce0/html5/thumbnails/19.jpg)
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
A Flexible Policy-Driven Trust Negotiation Model
.De Coi, J. L. and Olmedilla, D.
![Page 20: Automatic Trust Negotiation](https://reader036.fdocuments.in/reader036/viewer/2022062815/5681692b550346895de06ce0/html5/thumbnails/20.jpg)
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
Overview Problem Negotiation Requirements Negotiation Model Conclusion
![Page 21: Automatic Trust Negotiation](https://reader036.fdocuments.in/reader036/viewer/2022062815/5681692b550346895de06ce0/html5/thumbnails/21.jpg)
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
Problem Numerous Trust Negotiation Software
Dissimilar Features Dissimilar scenarios
Need for a Generic Model.
![Page 22: Automatic Trust Negotiation](https://reader036.fdocuments.in/reader036/viewer/2022062815/5681692b550346895de06ce0/html5/thumbnails/22.jpg)
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
Negotiation RequirementsNegotiation
Actors +
External Actions +
Notifications + Local Actions +
Action Selection Function +Policy
Policy Filtering -
Termination Algorithm -
Explanation -
![Page 23: Automatic Trust Negotiation](https://reader036.fdocuments.in/reader036/viewer/2022062815/5681692b550346895de06ce0/html5/thumbnails/23.jpg)
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
Negotiation Model Policy
Set of Rules No Negation applied to any predicate
Negotiation Message Policy Notifications
Negotiation History To provide an explanation.
![Page 24: Automatic Trust Negotiation](https://reader036.fdocuments.in/reader036/viewer/2022062815/5681692b550346895de06ce0/html5/thumbnails/24.jpg)
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
Negotiation Model Negotiation State Machine
To identify the next steps. Bilateral Negotiation
No Empty Negotiations. Empty = No New Info. Monotonic : Any Other Rules added will not
change from False to True..
![Page 25: Automatic Trust Negotiation](https://reader036.fdocuments.in/reader036/viewer/2022062815/5681692b550346895de06ce0/html5/thumbnails/25.jpg)
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
Conclusion Summarized the Main features any Trust
Negotiation Software Should follow.
![Page 26: Automatic Trust Negotiation](https://reader036.fdocuments.in/reader036/viewer/2022062815/5681692b550346895de06ce0/html5/thumbnails/26.jpg)
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
Discussion Semi Automatic Negotiations?
Users Will Have Better Control But It will be visible to user and How easy would be the
Usability? No Usability Tests done?
What could be the possible Usability tests?
![Page 27: Automatic Trust Negotiation](https://reader036.fdocuments.in/reader036/viewer/2022062815/5681692b550346895de06ce0/html5/thumbnails/27.jpg)
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
THANK YOU