Receipt-mode trust negotiation: efficient authorization through outsourced interactions

Authors:
Andrew K. Adams;Adam J. Lee;Daniel Mossé
Affiliations:
Pittsburgh Supercomputing Center and University of Pittsburgh;University of Pittsburgh;University of Pittsburgh
Venue:
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
Year:
2011

Citing 11
Cited 0

Regulating service access and information release on the Web

Proceedings of the 7th ACM conference on Computer and communications security
Supporting structured credentials and sensitive policies through interoperable strategies for automated trust negotiation

ACM Transactions on Information and System Security (TISSEC)
Negotiating Trust on the Web

IEEE Internet Computing
DOS-Resistant Authentication with Client Puzzles

Revised Papers from the 8th International Workshop on Security Protocols
X -TNL: An XML-based Language for Trust Negotiations

POLICY '03 Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks
Trust-X: A Peer-to-Peer Framework for Trust Establishment

IEEE Transactions on Knowledge and Data Engineering
Cassandra: Distributed Access Control Policies with Tunable Expressiveness

POLICY '04 Proceedings of the Fifth IEEE International Workshop on Policies for Distributed Systems and Networks
New client puzzle outsourcing techniques for DoS resistance

Proceedings of the 11th ACM conference on Computer and communications security
Adaptive trust negotiation and access control

Proceedings of the tenth ACM symposium on Access control models and technologies
PeerAccess: a logic for distributed authorization

Proceedings of the 12th ACM conference on Computer and communications security
Towards an efficient and language-agnostic compliance checker for trust negotiation systems

Proceedings of the 2008 ACM symposium on Information, computer and communications security

Quantified Score

Hi-index	0.00

Visualization

Abstract

In trust negotiation approaches to authorization, previously unacquainted entities establish trust in one another gradually via the bilateral and iterative exchange of policies and digital credentials. Although this affords resource providers with an expressive means of access control for open systems, the trust negotiation process incurs non-trivial computational and communications costs. In this paper, we propose Receipt-Mode Trust Negotiation (RMTN) as a means of mitigating the performance penalties on servers that use trust negotiation. RMTN provides a means of off-loading the majority of the trust negotiation process to delegated receipt-generating helper servers. RMTN ensures that helpers produce correct trust negotiation protocol receipts, and that the helpers are incapable of impersonating the resource server outside of the RMTN protocol. We describe an initial implementation of our RMTN protocol on a Linux testbed, discuss the security of this protocol, and present experimental results indicating that the receipt-mode protocol does indeed enhance the performance of resource servers that rely on trust negotiation approaches to authorization.