Adaptive trust negotiation and access control

Authors:
Tatyana Ryutov;Li Zhou;Clifford Neuman;Travis Leithead;Kent E. Seamons
Affiliations:
University of Southern California, Marina del Rey, CA;University of Southern California, Marina del Rey, CA;University of Southern California, Marina del Rey, CA;Brigham Young University, Provo, UT;Brigham Young University, Provo, UT
Venue:
Proceedings of the tenth ACM symposium on Access control models and technologies
Year:
2005

Citing 10
Cited 23

A uniform framework for regulating service access and information release on the web

Journal of Computer Security
Negotiating Trust on the Web

IEEE Internet Computing
Towards Practical Automated Trust Negotiation

POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
The Specification and Enforcement of Advanced Security Policies

POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
Access Control Meets Public Key Infrastructure, Or: Assigning Roles to Strangers

SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
SD3: A Trust Management System with Certified Evaluation

SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Trust-X: A Peer-to-Peer Framework for Trust Establishment

IEEE Transactions on Knowledge and Data Engineering
Cassandra: Distributed Access Control Policies with Tunable Expressiveness

POLICY '04 Proceedings of the Fifth IEEE International Workshop on Policies for Distributed Systems and Networks
Model-Driven Trust Negotiation for Web Services

IEEE Internet Computing
Integrated access control and intrusion detection for Web servers

IEEE Transactions on Parallel and Distributed Systems

A note on the anatomy of federation

BT Technology Journal
Traust: a trust negotiation-based authorization service for open systems

Proceedings of the eleventh ACM symposium on Access control models and technologies
Managing Impacts of Security Protocol Changes in Service-Oriented Applications

ICSE '07 Proceedings of the 29th international conference on Software Engineering
Adaptive Trust Negotiation and Access Control for Grids

GRID '05 Proceedings of the 6th IEEE/ACM International Workshop on Grid Computing
A Survey of Approaches to Adaptive Application Security

SEAMS '07 Proceedings of the 2007 International Workshop on Software Engineering for Adaptive and Self-Managing Systems
Collaborative Detection of DDoS Attacks over Multiple Network Domains

IEEE Transactions on Parallel and Distributed Systems
Harvesting credentials in trust negotiation as an honest-but-curious adversary

Proceedings of the 2007 ACM workshop on Privacy in electronic society
The Traust Authorization Service

ACM Transactions on Information and System Security (TISSEC)
A privacy-aware access control system

Journal of Computer Security - 20th Annual IFIP WG 11.3 Working Conference on Data and Applications Security (DBSec'06)
Federation proxy for cross domain identity federation

Proceedings of the 5th ACM workshop on Digital identity management
A Genetic Algorithms-Based Approach for Optimized Self-protection in a Pervasive Service Middleware

ICSOC-ServiceWave '09 Proceedings of the 7th International Joint Conference on Service-Oriented Computing
Exploiting cryptography for privacy-enhanced access control: A result of the PRIME Project

Journal of Computer Security - EU-Funded ICT Research on Trust and Security
Context sensitive adaptive authentication

EuroSSC'07 Proceedings of the 2nd European conference on Smart sensing and context
Obligations for privacy and confidentiality in distributed transactions

EUC'07 Proceedings of the 2007 conference on Emerging direction in embedded and ubiquitous computing
Initial trust formation in Virtual Organisations

International Journal of Internet Technology and Secured Transactions
Supporting privacy preferences in credential-based interactions

Proceedings of the 9th annual ACM workshop on Privacy in the electronic society
Receipt-mode trust negotiation: efficient authorization through outsourced interactions

Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
Modeling and negotiating service quality

Service research challenges and solutions for the future internet
Requirements for identity management from the perspective of multilateral interactions

Digital privacy
A framework for flexible access control in digital library systems

DBSEC'06 Proceedings of the 20th IFIP WG 11.3 working conference on Data and Applications Security
A requirements-driven trust framework for secure interoperation in open environments

iTrust'06 Proceedings of the 4th international conference on Trust Management
Privacy in the electronic society

ICISS'06 Proceedings of the Second international conference on Information Systems Security
Integrating trust management and access control in data-intensive Web applications

ACM Transactions on the Web (TWEB)

Quantified Score

Hi-index	0.00

Visualization

Abstract

Electronic transactions regularly occur between business partners in separate security domains. Trust negotiation is an approach that provides an open authentication and access-control environment for such transactions, but it is vulnerable to malicious attacks leading to denial of service or leakage of sensitive information. This paper introduces an Adaptive Trust Negotiation and Access Control (ATNAC) framework to solve these problems. The framework combines two existing systems, TrustBuilder and GAA-API, to create a system with more flexibility and responsiveness to attack than either system currently provides.