Regulating service access and information release on the Web
Proceedings of the 7th ACM conference on Computer and communications security
A modular approach to composing access control policies
Proceedings of the 7th ACM conference on Computer and communications security
Policy algebras for access control: the propositional case
CCS '01 Proceedings of the 8th ACM conference on Computer and Communications Security
Interoperable strategies in automated trust negotiation
CCS '01 Proceedings of the 8th ACM conference on Computer and Communications Security
Distributed credential chain discovery in trust management: extended abstract
CCS '01 Proceedings of the 8th ACM conference on Computer and Communications Security
Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy
Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy
Policy algebras for access control the predicate case
Proceedings of the 9th ACM conference on Computer and communications security
IEEE Internet Computing
Protecting sensitive attributes in automated trust negotiation
Proceedings of the 2002 ACM workshop on Privacy in the Electronic Society
The Ponder Policy Specification Language
POLICY '01 Proceedings of the International Workshop on Policies for Distributed Systems and Networks
Authorization and Attribute Certificates for Widely Distributed Access Control
WETICE '98 Proceedings of the 7th Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises
KeyNote: Trust Management for Public-Key Infrastructures (Position Paper)
Proceedings of the 6th International Workshop on Security Protocols
Towards Practical Automated Trust Negotiation
POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
Access Control Meets Public Key Infrastructure, Or: Assigning Roles to Strangers
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
Proceedings of the 2003 ACM workshop on Privacy in the electronic society
Policy migration for sensitive credentials in trust negotiation
Proceedings of the 2003 ACM workshop on Privacy in the electronic society
Trust Negotiations: Concepts, Systems, and Languages
Computing in Science and Engineering
Collaborative Automated Trust Negotiation in Peer-to-Peer Systems
P2P '04 Proceedings of the Fourth International Conference on Peer-to-Peer Computing
KNOW Why your access was denied: regulating feedback for usable security
Proceedings of the 11th ACM conference on Computer and communications security
Concealing complex policies with hidden credentials
Proceedings of the 11th ACM conference on Computer and communications security
Policy-hiding access control in open environment
Proceedings of the twenty-fourth annual ACM symposium on Principles of distributed computing
Preventing attribute information leakage in automated trust negotiation
Proceedings of the 12th ACM conference on Computer and communications security
Automated trust negotiation using cryptographic credentials
Proceedings of the 12th ACM conference on Computer and communications security
Access control management in a distributed environment supporting dynamic collaboration
Proceedings of the 2005 workshop on Digital identity management
Achieving Privacy in Trust Negotiations with an Ontology-Based Approach
IEEE Transactions on Dependable and Secure Computing
Oblivious signature-based envelope
Distributed Computing
Attribute-Based Access Control with Hidden Policies and Hidden Credentials
IEEE Transactions on Computers
Safety in automated trust negotiation
ACM Transactions on Information and System Security (TISSEC)
Attribute-based encryption for fine-grained access control of encrypted data
Proceedings of the 13th ACM conference on Computer and communications security
Trust Negotiations with Customizable Anonymity
WI-IATW '06 Proceedings of the 2006 IEEE/WIC/ACM international conference on Web Intelligence and Intelligent Agent Technology
Trust management services in relational databases
ASIACCS '07 Proceedings of the 2nd ACM symposium on Information, computer and communications security
A Negotiation Scheme for Access Rights Establishment in Autonomic Communication
Journal of Network and Systems Management
ROST: Remote and hot service deployment with trustworthiness in CROWN Grid
Future Generation Computer Systems
Managing Impacts of Security Protocol Changes in Service-Oriented Applications
ICSE '07 Proceedings of the 29th international conference on Software Engineering
Trust Negotiation in Identity Management
IEEE Security and Privacy
PP-trust-X: A system for privacy preserving trust negotiations
ACM Transactions on Information and System Security (TISSEC)
Private and Secure Service Discovery via Progressive and Probabilistic Exposure
IEEE Transactions on Parallel and Distributed Systems
Interactive access control for autonomic systems: From theory to implementation
ACM Transactions on Autonomous and Adaptive Systems (TAAS)
A privacy-aware access control system
Journal of Computer Security - 20th Annual IFIP WG 11.3 Working Conference on Data and Applications Security (DBSec'06)
Private Information: To Reveal or not to Reveal
ACM Transactions on Information and System Security (TISSEC)
Minimal credential disclosure in trust negotiations
Proceedings of the 4th ACM workshop on Digital identity management
Identity-based long running negotiations
Proceedings of the 4th ACM workshop on Digital identity management
Automated trust negotiation using cryptographic credentials
ACM Transactions on Information and System Security (TISSEC)
A negotiation-based trust establishment service for CROWN grid
International Journal of Autonomous and Adaptive Communications Systems
Exploiting cryptography for privacy-enhanced access control: A result of the PRIME Project
Journal of Computer Security - EU-Funded ICT Research on Trust and Security
An introduction to trust negotiation
iTrust'03 Proceedings of the 1st international conference on Trust management
Privacy-preserving credentials upon trusted computing augmented servers
ISPEC'07 Proceedings of the 3rd international conference on Information security practice and experience
Preventing unofficial information propagation
ICICS'07 Proceedings of the 9th international conference on Information and communications security
Privacy-preserving trust verification
Proceedings of the 15th ACM symposium on Access control models and technologies
A secure collaboration service for dynamic virtual organizations
Information Sciences: an International Journal
Achieving secure, scalable, and fine-grained data access control in cloud computing
INFOCOM'10 Proceedings of the 29th conference on Information communications
Trust establishment in the formation of Virtual Organizations
Computer Standards & Interfaces
Fine-grained disclosure of access policies
ICICS'10 Proceedings of the 12th international conference on Information and communications security
Oblivious transfer with hidden access control policies
PKC'11 Proceedings of the 14th international conference on Practice and theory in public key cryptography conference on Public key cryptography
Point-based trust: define how much privacy is worth
ICICS'06 Proceedings of the 8th international conference on Information and Communications Security
Early experience of remote and hot service deployment with trustworthiness in CROWN grid
APPT'05 Proceedings of the 6th international conference on Advanced Parallel Processing Technologies
Privacy-Preserving trust negotiations
PET'04 Proceedings of the 4th international conference on Privacy Enhancing Technologies
EDBT'04 Proceedings of the 2004 international conference on Current Trends in Database Technology
A new approach to hide policy for automated trust negotiation
IWSEC'06 Proceedings of the 1st international conference on Security
Privacy in the electronic society
ICISS'06 Proceedings of the Second international conference on Information Systems Security
Anonymity preserving techniques in trust negotiations
PET'05 Proceedings of the 5th international conference on Privacy Enhancing Technologies
Integrating trust management and access control in data-intensive Web applications
ACM Transactions on the Web (TWEB)
An XML-based protocol for improving trust negotiation between Web Services
Proceedings of the 27th Annual ACM Symposium on Applied Computing
Sustainable interoperability on space mission feasibility studies
Computers in Industry
Policy-driven role-based access management for ad-hoc collaboration
Journal of Computer Security
| Hi-index | 0.00 |
Automated trust negotiation is an approach to establishingtrust between strangers through iterative disclosure ofdigital credentials. In automated trust negotiation, accesscontrol policies play a key role in protecting resources fromunauthorized access. Unlike in traditional trust managementsystems, the access control policy for a resource isusually unknown to the party requesting access to the resource,when trust negotiation starts. The negotiating partiescan rely on policy disclosures to learn each other's accesscontrol requirements. However, a policy itself may alsocontain sensitive information. Disclosing policies' contentsunconditionally may leak valuable business information orjeopardize individuals' privacy. In this paper, we proposeUniPro, a unified scheme to model protection of resources,including policies, in trust negotiation. UniPro improves onprevious work by modeling policies as first-class resources,protecting them in the same way as other resources, providingfine-grained control over policy disclosure, and clearlydistinguishing between policy disclosure and policy satisfaction,which gives users more flexibility in expressing theirauthorization requirements. We also show that UniPro canbe used with practical negotiation strategies without jeopardizingautonomy in the choice of strategy, and present criteriaunder which negotiations using UniPro are guaranteedto succeed in establishing trust.