Abstract
Trust management systems provide a flexible way for performing decentralized security management. However, most trust management systems only support monotonic policies. Compared with nonmonotonic policies, monotonic ones are less flexible and cannot express policies such as “Chinese wall policies” and “separation of duties”. To support non-monotonic policies, trust management systems must be able to correctly identify the credentials which a subject has that are required by the policies. Previous efforts address the problem by letting the system query the issuers directly to verify the possession status of the credentials. But this approach can violate the subject’s privacy. The main contribution of this paper is a cryptographic credential verification scheme for non-monotonic, trust management systems that can correctly identify the credentials that a subject has while also protecting the subject’s privacy. We also analyze the security of the scheme and prove that with correct construction and certain cryptographic assumptions, the scheme is secure.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Blaze, M., Feigenbaum, J., Lacy, J.: Decentralized trust management. In: SP’ 96: Proceedings of the 1996 IEEE Symposium on Security and Privacy, Washington, DC, USA, pp. 164–173. IEEE Computer Society Press, Los Alamitos (1996)
Blaze, M., Feigenbaum, J., Ioannidis, J., Keromytis, A.: Rfc2704: The keynote trust-management system version 2 (1999)
Jim, T.: Sd3: A trust management system with certified evaluation. In: P’ 01: Proceedings of the 2001 IEEE Symposium on Security and Privacy, Washington, DC, USA, pp. 106–115. IEEE Computer Society, Press, Los Alamitos (2001)
Li, N., Mitchell, J.C., Winsborough, W.H.: Design of a role-based trustmanagement framework. In: SP’ 02: Proceedings of the 2002 IEEE Symposium on Security and Privacy, Washington, DC, USA, pp. 114–130. IEEE Computer Society Press, Los Alamitos (2002)
Hess, A., Seamons, K.E.: An access control model for dynamic client-side content. In: SACMAT’ 03: Proceedings of the eight ACM symposium on Access control models and technologies, pp. 207–216. ACM Press, New York (2003)
Carbone, M., Nielsen, M., Sassone, V.: A formal model for trust in dynamic networks. In: SEFM, pp. 54–61. IEEE Computer Society Press, Los Alamitos (2003)
Blaze, M., Feigenbaum, J., Strauss, M.: Compliance checking in the policymaker trust management system. In: Proceedings of the Second International Conference on Financial Cryptography, London, UK, pp. 254–274. Springer, Heidelberg (1998)
Seamons, K., Winslett, M., Yu, T., Smith, B., Child, E., Jacobson, J., Mills, H., Yu, L.: Requirements for policy languages for trust negotiation. In: POLICY’ 02: Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY’02), Washignton, DC, USA, pp. 68–79. IEEE Computer Society Press, Los Alamitos (2002)
Lupu, E.C., Sloman, M.: Conflicts in policy-based distributed systems management. IEEE Trans. Softw. Eng. 25(6), 852–869 (1999)
Jajodia, S., Samarati, P., Subrahmanian, V.S., Bertino, E.: A unified framework for enforcing multiple access control policies. In: SIGMOD’ 97: Proceedings of the 1997 ACM SIGMOD international conference on Management of data, pp. 474–485. ACM Press, New York (1997)
Clark, D.D., Wilson, D.R.: A comparison of commercial and military computer security policies. In: IEEE Symposium on Security and Privacy, pp. 184–195. IEEE Computer Society Press, Los Alamitos (1987)
Brewer, D.F.C., Nash, M.J.: The chinese wall security policy. In: IEEE Symposium on Security and Privacy, pp. 206–214. IEEE Computer Society Press, Los Alamitos (1989)
Chu, Y.H., Feigenbaum, J., LaMacchia, B., Resnick, P., Strauss, M.: Referee: trust management for web applications. Comput. Netw. ISDN Syst., 29(8–13), 953–964 (1997) 283252
Li, N., Feigenbaum, J., Grosof, B.N.: A logic-based knowledge representation for authorization with delegation (extended abstract). In: Proceedings of the 1999 IEEE Computer Security Foundations Workshop, pp. 162–174. IEEE Computer Society Press, Los Alamitos (1999)
Herzberg, A., Mass, Y. Mihaeli, J., Naor, D., Ravid, Y.: Access control meets public key infrastructure, or: assigning roles to strangers. In: the 2000 IEEE Symposium on Security and Privacy, Berkeley, CA, pp. 2–14. IEEE Computer Society Press, Los Alamitos (2000)
Czenko, M., Tran, H., Doumen, J., Etalle, S., Hartel, P., den Hartog, J.: Nonmonotonic trust management for p2p applications. Electronic Notes in Theoretical Computer Science 157(3), 113–130 (2006)
Goldreich, O.: Foundations of Cryptography. vol. I. Basic Tools, Cambridge University Press, Cambridge (2001)
Goldwasser, S., Bellare, M.: Lecture notes on cryptography http://www-cse.ucsd. edu/users/mihir/papers/gb.pdf
Goldreich, O.: Foundations of Cryptography. vol. II. Basic Applications Cambridge University Press, Cambridge (2004)
Camenisch, J., Stadler, M.: Efficient group signature schemes for large groups (extended abstract). In: Jr., B.S.K. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 410–424. Springer, Heidelberg (1997)
Boudot, F., Schoenmakers, B., Traoré, J.: A fair and efficient solution to the socialist millionaries’ problem. Discrete Applied Mathematics 111(1–2), 23–36 (2001)
Schnorr, C.P.: Efficient signature generation by smart cards. J. Cryptology 4(3), 161–174 (1991)
Okamoto, T.: Provably secure and practical identification schemes and corresponding signature schemes. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 31–53. Springer, Heidelberg (1993)
Resnick, P., Miller, J.: Pics: Internet access controls without censorship. Commun. ACM 39(10), 87–93 (1996)
Dung, P.M., Thang, P.M.: Trust negotiation with nonmonotonic access policies. In: Aagesen, F.A., Anutariya, C., Wuwongse, V. (eds.) INTELLCOMM 2004. LNCS, vol. 3283, pp. 70–84. Springer, Heidelberg (2004)
Winsborough, W.H., Seamons, K.E., Jones, V.E.: Automated trust negotiation. In: DARPA Information Survivability Conference and Exposition, 2000, pp. 88–102. IEEE Computer Society Press, Los Alamitos (2000)
Frikken, K.B., Li, J., Atallah, M.J.: Trust negotiation with hidden credentials, hidden policies, and policy cycles. In: NDSS, The Internet Society (2006)
Pedersen, T.P.: Non-interactive and information-theoretic secure verifiable secret sharing. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 129–140. Springer, Heidelberg (1992)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Dong, C., Russello, G., Dulay, N. (2007). Privacy-Preserving Credential Verification for Non-monotonic Trust Management Systems. In: Gorodetsky, V., Kotenko, I., Skormin, V.A. (eds) Computer Network Security. MMM-ACNS 2007. Communications in Computer and Information Science, vol 1. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-73986-9_15
Download citation
DOI: https://doi.org/10.1007/978-3-540-73986-9_15
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-73985-2
Online ISBN: 978-3-540-73986-9
eBook Packages: Computer ScienceComputer Science (R0)