Abstract
To date, research in trust negotiation has focused mainly on the theoretical aspects of the trust negotiation process, and the development of proof of concept implementations. These theoretical works and proofs of concept have been quite successful from a research perspective, and thus researchers must now begin to address the systems constraints that act as barriers to the deployment of these systems. To this end, we present TrustBuilder2, a fully-configurable and extensible framework for prototyping and evaluating trust negotiation systems. TrustBuilder2 leverages a plug-in based architecture, extensible data type hierarchy, and flexible communication protocol to provide a framework within which numerous trust negotiation protocols and system configurations can be quantitatively analyzed. In this paper, we discuss the design and implementation of TrustBuilder2, study its performance, examine the costs associated with flexible authorization systems, and leverage this knowledge to identify potential topics for future research, as well as a novel method for attacking trust negotiation systems.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Becker, M.Y., Sewell, P.: Cassandra: Distributed access control policies with tunable expressiveness. In: 5th IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY 2004), pp. 159–168 (2004)
Bertino, E., Ferrari, E., Squicciarini, A.C.: X -TNL: An XML-based language for trust negotiations. In: 4th IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY 2003) (2003)
Bertino, E., Ferrari, E., Squicciarini, A.C.: Trust-X: A peer-to-peer framework for trust establishment. IEEE Transactions on Knowledge and Data Engineering 16(7), 827–842 (2004)
Bonatti, P., Samarati, P.: Regulating service access and information release on the web. In: 7th ACM Conference on Computer and Communications Security, pp. 134–143 (2000)
Bonatti, P.A., Olmedilla, D.: Driving and monitoring provisional trust negotiation with metapolicies. In: Proceedings of the Sixth IEEE Workshop on Policies for Distributed Systems and Networks (POLICY 2005), June 2005, pp. 14–23 (2005)
Cantor, S., Kemp, J., Philpott, R., Maler, E. (eds.): Assertions and protocols for the OASIS security assertion markup language (SAML V2.0). OASIS Standard (March 2005), http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
De Coi, J.L., Olmedilla, D.: A flexible policy-driven trust negotiation model. In: Proceedings of the IEEE/WIC/ACM International Conference on Intelligent Agent Technology, November 2007, pp. 450–453 (2007)
Herzberg, A., Mass, Y., Michaeli, J., Naor, D., Ravid, Y.: Access control meets public key infrastructure, or: assigning roles to strangers. In: IEEE Symposium on Security and Privacy (May 2000)
Hess, A., Jacobson, J., Mills, H., Wamsley, R., Seamons, K.E., Smith, B.: Advanced client/server authentication in TLS. In: Network and Distributed Systems Security Symposium (February 2002)
Housely, R., Ford, W., Polk, T., Solo, D.: Internet X.509 Public Key Infrastructure Certificate and CRL Profile. IETF Request for Comments RFC-2459 (January 1999)
Koshutanski, H., Massacci, F.: Interactive access control for web services. In: 19th IFIP Information Security Conference (SEC), August 2004, pp. 151–166 (2004)
Koshutanski, H., Massacci, F.: An interactive trust management and negotiation scheme. In: 2nd International Workshop on Formal Aspects in Security and Trust (FAST), August 2004, pp. 139–152 (2004)
Koshutanski, H., Massacci, F.: Interactive credential negotiation for stateful business processes. In: Herrmann, P., Issarny, V., Shiu, S.C.K. (eds.) iTrust 2005. LNCS, vol. 3477, pp. 256–272. Springer, Heidelberg (2005)
Lee, A.J.: Towards Practical and Secure Decentralized Attribute-Based Authorization Systems. PhD thesis, University of Illinois at Urbana-Champaign (July 2008)
Lee, A.J., Winslett, M.: Towards and efficient and language-agnostic compliance checker for trust negotiation systems. In: 3rd ACM Symposium on Information, Computer, and Communication Security (ASIACCS 2008) (March 2008)
Lee, A.J., Winslett, M., Basney, J., Von Welch: The Traust authorization service. ACM Transactions on Information and System Security 11(1) (February 2008)
Li, J., Li, N., Wang, X., Yu, T.: Denial of service attacks and defenses in decentralized trust management. In: 2nd International Conference on Security and Privacy in Communication Networks (SecureComm) (August 2006)
Li, N., Mitchell, J.: RT: A role-based trust-management framework. In: 3rd DARPA Information Survivability Conference and Exposition (April 2003)
Moses, T.: XACML 2.0 Core: eXtensible Access Control Markup Language (XACML) Version 2.0. OASIS Standard (February 2005), http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-core-spec-os.pdf
Nejdl, W., Olmedilla, D., Winslett, M.: Peertrust: Automated trust negotiation for peers on the semantic web. In: Jonker, W., Petković, M. (eds.) SDM 2004. LNCS, vol. 3178, pp. 118–132. Springer, Heidelberg (2004)
Novotny, J., Tuecke, S., Von Welch: An online credential repository for the grid: MyProxy. In: 10th International Symposium on High Performance Distributed Computing (HPDC-10) (August 2001)
Ryutov, T., Zhou, L., Neuman, C., Leithead, T., Seamons, K.E.: Adaptive trust negotiation and access control. In: 10th ACM Symposium on Access Control Models and Technologies (June 2005)
Smith, B., Seamons, K.E., Jones, M.D.: Responding to policies at runtime in TrustBuilder. In: 5th International Workshop on Policies for Distributed Systems and Networks (POLICY 2004) (June 2004)
van der Horst, T.W., Seamons, K.E.: Short paper: Thor — the hybrid online repository. In: 1st IEEE International Conference on Security and Privacy for Emerging Areas in Communications Networks (September 2005)
Winsborough, W.H., Seamons, K.E., Jones, V.E.: Automated trust negotiation. In: DARPA Information Survivability Conference and Exposition (January 2000)
Winslett, M., Yu, T., Seamons, K.E., Hess, A., Jacobson, J., Jarvis, R., Smith, B., Yu, L.: Negotiating trust on the web. IEEE Internet Computing 6(6), 30–37 (2002)
Winslett, M., Zhang, C., Bonatti, P.A.: PeerAccess: A logic for distributed authorization. In: 12th ACM Conference on Computer and Communications Security (CCS 2005) (November 2005)
Yu, T., Winslett, M., Seamons, K.E.: Supporting structured credentials and sensitive policies through interoperable strategies for automated trust negotiation. ACM Transactions on Information and System Security 6(1) (February 2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 IFIP International Federation for Information Processing
About this paper
Cite this paper
Lee, A.J., Winslett, M., Perano, K.J. (2009). TrustBuilder2: A Reconfigurable Framework for Trust Negotiation. In: Ferrari, E., Li, N., Bertino, E., Karabulut, Y. (eds) Trust Management III. IFIPTM 2009. IFIP Advances in Information and Communication Technology, vol 300. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-02056-8_12
Download citation
DOI: https://doi.org/10.1007/978-3-642-02056-8_12
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-02055-1
Online ISBN: 978-3-642-02056-8
eBook Packages: Computer ScienceComputer Science (R0)