Exploiting Preferences for Minimal Credential Disclosure in Policy-Driven Trust Negotiations Philipp Kärger, Daniel Olmedilla, Wolf-Tilo Balke L3S Research.

Slides:



Advertisements
Similar presentations
Lukas Blunschi Claudio Jossen Donald Kossmann Magdalini Mori Kurt Stockinger.
Advertisements

1 gStore: Answering SPARQL Queries Via Subgraph Matching Presented by Guan Wang Kent State University October 24, 2011.
Binder: A logic-based security language John DeTreville, Microsoft What has this to do with building secure software? I think we need many collaborating.
Trust, Security and Privacy in Learning Networks Daniel Olmedilla L3S Research Center / Hannover University Learning Networks in Practice 10 th May, 2007.
Biller Direct Getting Started
Responding to Policies at Runtime in TrustBuilder Bryan Smith, Kent E. Seamons, and Michael D. Jones Computer Science Department Brigham Young University.
CSE 425: Logic Programming I Logic and Programs Most programs use Boolean expressions over data Logic statements can express program semantics –I.e., axiomatic.
Active Learning and Collaborative Filtering
Page 1 of 29 Net-Scale Technologies, Inc. Network Based Personal Information and Messaging Services Urs Muller Beat Flepp
1Philipp Kärger, ICALT 2007 Services for Knowledge Resource Sharing and Management in an Open Source Infrastructure Elena Demidova, Philipp Kärger, Daniel.
Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
25/10/2009Philipp Kärger1 Reactivity and Social Data: Keys to Drive Privacy Decisions in Social Network Applications* * This work was partially supported.
Using Social Semantic Web Data for Privacy Policies Presentation of the Bachelor Thesis Emily Kigel.
July 11 th, 2005 Software Engineering with Reusable Components RiSE’s Seminars Sametinger’s book :: Chapters 16, 17 and 18 Fred Durão.
ALMA MATER STUDIORUM UNIVERSITY OF BOLOGNA UNIVERSITY OF FERRARA Policy-based reasoning for smart web service interaction Federico Chesani, Paola Mello,
Using Digital Credentials On The World-Wide Web M. Winslett.
Exploiting Preference Queries for Searching Learning Resources Fabian Abel, Eelco Herder, Philipp Kärger, Daniel Olmedilla, Wolf Siberski L3S Research.
Advanced Semantic Web Policies ____ Preferences and Reactivity Philipp Kärger L3S Research Center, Leibniz University Hannover Research Seminar, DERI Galway,
Lesson 18: Configuring Application Restriction Policies
Opening a bank account.
LÊ QU Ố C HUY ID: QLU OUTLINE  What is data mining ?  Major issues in data mining 2.
MS Access Advanced Instructor: Vicki Weidler Assistant:
WP6: Grid Authorization Service Review meeting in Berlin, March 8 th 2004 Marcin Adamski Michał Chmielewski Sergiusz Fonrobert Jarek Nabrzyski Tomasz Nowocień.
Introduction: This VCSS training session has been developed to provide : I.A quick overview of VCSS II.A walk through of the main VCSS features III.Solutions.
LAYING OUT THE FOUNDATIONS. OUTLINE Analyze the project from a technical point of view Analyze and choose the architecture for your application Decide.
S New Security Developments in DICOM Lawrence Tarbox, Ph.D Chair, DICOM WG 14 (Security) Siemens Corporate Research.
“MyDAP 101” A Brief Introduction January
Chapter 6: Integrity and Security Thomas Nikl 19 October, 2004 CS157B.
Using Runtime Information for Adapting Enterprise Java Beans Application Servers Mircea Trofin *, John Murphy ** Performance Engineering Laboratory * DCU,
9/10/20151 Hyperion Enterprise 6.5 New Features & Functionality Robert Cybulski, CPA Finit Solutions.
Web Policy Zeitgeist Panel SWPW 2005 – Galway, Ireland Piero Bonatti, November 7th, 2005.
Python File Handling. In all the programs you have made so far when program is closed all the data is lost, but what if you want to keep the data to use.
Linking the World Through Learning 1 GEM – GDLN Event Management system GDLN Asia Pacific General Meeting, June 2007.
ASG - Towards the Adaptive Semantic Services Enterprise Harald Meyer WWW Service Composition with Semantic Web Services
Extending Forefront beyond the limit TMG UAG ISA IAG Security Suite
-1- Philipp Heim, Thomas Ertl, Jürgen Ziegler Facet Graphs: Complex Semantic Querying Made Easy Philipp Heim 1, Thomas Ertl 1 and Jürgen Ziegler 2 1 Visualization.
Secure Credential Manager Claes Nilsson - Sony Ericsson
Universit at Dortmund, LS VIII
Database Design and Management CPTG /23/2015Chapter 12 of 38 Functions of a Database Store data Store data School: student records, class schedules,
SPARQL Query Graph Model (How to improve query evaluation?) Ralf Heese and Olaf Hartig Humboldt-Universität zu Berlin.
POLICY ENGINE Research: Design & Language IRT Lab, Columbia University.
Simulation is the process of studying the behavior of a real system by using a model that replicates the behavior of the system under different scenarios.
ADV. NETWORK SECURITY CODY WATSON What’s in Your Dongle and Bank Account? Mandatory and Discretionary Protections of External Resources.
Dr. Bhavani Thuraisingham August 2006 Building Trustworthy Semantic Webs Unit #1: Introduction to The Semantic Web.
07/09/04 Johan Muskens ( TU/e Computer Science, System Architecture and Networking.
I.H. TorosluESSW Workshop Budapest May 20, A Semantic based Privacy Framework for Web Services Arif Tumer, Asuman Dogac, Hakki Toroslu Middle East.
22/01/2004Daniel Olmedilla1 INTEGRATING PROLOG IN TRUST NEGOTIATION Software Project / Summer Semester /04/2004 Daniel Olmedilla L3S / University.
Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #22 Secure Web Information.
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Automatic Trust Negotiation Rajesh Gangam
Databases 101 © Dolinski What you will learn How relational databases work What are the components that make up a database How to create each component.
CSC 2720 Building Web Applications Basic Frameworks for Building Dynamic Web Sites / Web Applications.
Policy-Based Dynamic Negotiation for Grid Services Authorization Ionut Constandache, Daniel Olmedilla, Wolfgang Nejdl Semantic Web Policy Workshop, ISWC’05.
Software. Because databases can get very big, it is important to decide exactly what is going to be stored in each field. Fields can be text, number,
1 Token–based Dynamic Trust Establishment for Web Services Zhengping Wu and Alfred C. Weaver Department of Computer Science University of Virginia March.
DISCLOSURES Presenter Name and Credentials Has no financial or other interest to disclose FIRM and ACRM staff have no financial or other interest to disclose.
Contract System Online Employee Signatures Human Resources my.brocku.ca.
Over 18 yrs experience with SQL Server
Enterprise Library 3.0 Memi Lavi Solution Architect Microsoft Consulting Services Guy Burstein Senior Consultant Advantech – Microsoft Division.
Review of UCR Adrian Giurca. General commenst Not too many differences between this draft and the previous one I believe that the UCR document needs to.
Policy Adaptation and Exchange in Trust Negotiation
Update on EDG Security (VOMS)
Database Driven Websites
Information Security Session October 24, 2005
THREE TIER MOBILE COMPUTING ARCHITECTURE
Reactive Policies for the Semantic Web*
Protecting Privacy During On-line Trust Negotiation
Guarding a Walled Garden - Semantic Privacy Preferences for the Social Web Philipp Kärger and Wolf Siberski L3S Research Center, Hannover, Germany.
Semantic and Declarative Technologies AIT Budapest
Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Presentation transcript:

Exploiting Preferences for Minimal Credential Disclosure in Policy-Driven Trust Negotiations Philipp Kärger, Daniel Olmedilla, Wolf-Tilo Balke L3S Research Center, Leibniz University Hannover, Germany 5 th Secure Data Management Workshop, Auckland, New Zealand, August 24, 2008

Philipp Kärger, L3S Research Center Auckland, New Zealand, August 24, Exploiting Preferences for Minimal Credential Disclosure in Policy-Driven Trust Negotiations Outline 1. Policy-driven Trust Negotiations  what are they?  what do they serve for?  what may happen that we need Preferences? 2. Preferences in Trust Negotiations  Modeling Disclosure Sets  Modeling Preferences  A Preference Model for comparing Disclosure Sets 3. Implementation and Experiments  An Implementation guiding a Trust Negotiation  Simulating Trust Negotiations

Philipp Kärger, L3S Research Center Auckland, New Zealand, August 24, Exploiting Preferences for Minimal Credential Disclosure in Policy-Driven Trust Negotiations 1. Trust Negotiation

Philipp Kärger, L3S Research Center Auckland, New Zealand, August 24, Exploiting Preferences for Minimal Credential Disclosure in Policy-Driven Trust Negotiations Trust Negotiation: how to trust a stranger? Aliceon-line book shop Disclose CreditCard IF Requestor has BBB certificate Disclose Book IF Requestor discloses valid CredidCard Disclose BBB certificate to any requestor request for a book “for the book I need a CreditCard” “for the CreditCard I need a BBB cert.” policy:

Philipp Kärger, L3S Research Center Auckland, New Zealand, August 24, Exploiting Preferences for Minimal Credential Disclosure in Policy-Driven Trust Negotiations Trust Negotiation: used for … Trust Negotiation is used for  Access control  Dynamic contracts  E.g., in web service composition  Autonomic computing  Pervasive environments  E.g., sensor networks  Service-level agreements  e.g., more service for certain requestors  Etc.

Philipp Kärger, L3S Research Center Auckland, New Zealand, August 24, Exploiting Preferences for Minimal Credential Disclosure in Policy-Driven Trust Negotiations Protune – Rule-based Policies on the Semantic Web  a policy framework developed at L3S Research Center and Naples University  provides a logic-based, declarative policy language  features include  trust negotiation  external actions  access to relational databases,  RDF stores,  file system requests,  time and location-aware packages  policy explanations  “You cannot access because …” (in contrast to just “Access denied.”) Demo at:

Philipp Kärger, L3S Research Center Auckland, New Zealand, August 24, Exploiting Preferences for Minimal Credential Disclosure in Policy-Driven Trust Negotiations The Need for Preferences What if a policy evaluation has more than one result? Aliceon-line book shop Disclose CreditCard IF Requestor has BBB certificate Disclose bank account information IF Requestor has BBB certificate request for a book “for the book I need a CreditCard or your bank account information” Which Credential? CreditCard or bank account information?  exploit user preferences in the negotiation process to decide

Philipp Kärger, L3S Research Center Auckland, New Zealand, August 24, Exploiting Preferences for Minimal Credential Disclosure in Policy-Driven Trust Negotiations It may become even more complex … Aliceon-line book shop request for a book

Philipp Kärger, L3S Research Center Auckland, New Zealand, August 24, Exploiting Preferences for Minimal Credential Disclosure in Policy-Driven Trust Negotiations How to decide between the options? if the system is not aware of any user preferences it has to ask the user to decide. But the user  may easily be overwhelmed by so many options.  may take a bad decision because of lost overview.  has to decide it again for all future negotiations.  may not at all be available. ?

Philipp Kärger, L3S Research Center Auckland, New Zealand, August 24, Exploiting Preferences for Minimal Credential Disclosure in Policy-Driven Trust Negotiations 2. Preferences in Trust Negotiation

Philipp Kärger, L3S Research Center Auckland, New Zealand, August 24, Exploiting Preferences for Minimal Credential Disclosure in Policy-Driven Trust Negotiations Preference handling a preference is an order of values having a decreasing preference  “I prefer English but German is also fine.”  “I prefer to disclose my pay pal account information instead of my credit card number. My bank account information is the last option.” preferences are known from:  databases: preference queries  [Werner Kießling: Preference SQL: design, implementation, experiences. 2002]  [Jan Chomicki: Preference formulas in relational queries. 2003]  logic programming: preferring answer set  [Gerhard Brewka, Thomas Eiter: Preferred Answer Sets for Extended Logic Programs. 1999]

Philipp Kärger, L3S Research Center Auckland, New Zealand, August 24, Exploiting Preferences for Minimal Credential Disclosure in Policy-Driven Trust Negotiations Preferences in Trust Negotiation Typically, users have general preferences which credential to disclose. For example  “I prefer to disclose my address instead of my postal address.”  “My postal code together with my date of birth is very sensitive. I prefer to disclose my address instead of these two.”  an example preference graph: Quasi identifier

Philipp Kärger, L3S Research Center Auckland, New Zealand, August 24, Exploiting Preferences for Minimal Credential Disclosure in Policy-Driven Trust Negotiations Preferences of Different Kinds total vs. partial order quantitative vs. qualitative default preference: not disclosing a credential is preferred to disclose it contextual preferences

Philipp Kärger, L3S Research Center Auckland, New Zealand, August 24, Exploiting Preferences for Minimal Credential Disclosure in Policy-Driven Trust Negotiations Modeling Disclosure Sets Disclosure Sets are represented as Binary Vectors e.g., S 6 = (0,0,0,0,0,1,0,0,0,1,1) represents the set {ID, CreditCard, PIN}.

Philipp Kärger, L3S Research Center Auckland, New Zealand, August 24, Exploiting Preferences for Minimal Credential Disclosure in Policy-Driven Trust Negotiations Modeling Preferences Preferences are defined over a subset of dimensions in the disclosure set vectors, e.g., Not disclosing the telephone number is preferred to disclosing the telephone number. (x, x, 0, x, x, x, x, x, x,x, x) (x, x, 1, x, x, x, x, x, x,x, x) If I have to disclose my date of birth, I prefer to disclose my address instead of my postal code. (x, 1, x, 1, 0, x, x, x, x,x, x) (x, 1, x, 0, 1, x, x, x, x,x, x) Quasi identifier = = ===== = == ceteris paribus

Philipp Kärger, L3S Research Center Auckland, New Zealand, August 24, Exploiting Preferences for Minimal Credential Disclosure in Policy-Driven Trust Negotiations Filtering out Non-Preferred Disclosure Sets Finding the optimal disclosure set by ruling out non-optimal sets according to Alice’s preferences: default preference: not disclosing a credential is preferred to disclose it: which credential is preferred to disclose:

Philipp Kärger, L3S Research Center Auckland, New Zealand, August 24, Exploiting Preferences for Minimal Credential Disclosure in Policy-Driven Trust Negotiations Filtering out Non-Preferred Disclosure Sets S 6 ? S 10

Philipp Kärger, L3S Research Center Auckland, New Zealand, August 24, Exploiting Preferences for Minimal Credential Disclosure in Policy-Driven Trust Negotiations Filtering out Non-Preferred Disclosure Sets S1? S4S1? S4

Philipp Kärger, L3S Research Center Auckland, New Zealand, August 24, Exploiting Preferences for Minimal Credential Disclosure in Policy-Driven Trust Negotiations Filtering out Non-Preferred Disclosure Sets For our example: Applying this technique iteratively rules out 10 of the 12 alternatives.  user’s decision between S 1 and S 5 may be stored for later negotiations

Philipp Kärger, L3S Research Center Auckland, New Zealand, August 24, Exploiting Preferences for Minimal Credential Disclosure in Policy-Driven Trust Negotiations 3. Implementation and Experiments

Philipp Kärger, L3S Research Center Auckland, New Zealand, August 24, Exploiting Preferences for Minimal Credential Disclosure in Policy-Driven Trust Negotiations prefer- ences Prolog policy Implementation preference engine

Philipp Kärger, L3S Research Center Auckland, New Zealand, August 24, Exploiting Preferences for Minimal Credential Disclosure in Policy-Driven Trust Negotiations Experiments -For simulated negotiations with -varying preferences -varying policies -the mean amount of disclosure sets ruled out was 82 %.

Philipp Kärger, L3S Research Center Auckland, New Zealand, August 24, Exploiting Preferences for Minimal Credential Disclosure in Policy-Driven Trust Negotiations Preferences in Policies - the database approach Idea: exploit user preferences over the credentials: generate all possible next steps in the negotiation and select the optimal step according to these preferences  like selecting the optimal entry in a database with a preference query for example { , date of birth, passport, credit card } is preferred to { name, ID, bank account } according to the above preferences.

Philipp Kärger, L3S Research Center Auckland, New Zealand, August 24, Exploiting Preferences for Minimal Credential Disclosure in Policy-Driven Trust Negotiations Preferences in Policies - the database approach (2) drawbacks of this approach:  non-preferred disclosure sets are first created although they will be thrown away later  conditional preferences can not depend on arbitrary conditions  e.g., “A is preferred to B only if it is sunny in Galway.”  preferences are defined on grounded literals (representing credentials)  i.e., preference statements with variables are impossible  e.g., “ X is preferred to Y only if age( X ) > age( Y ).” Solution: defining the preferences as parts of the policies.

Philipp Kärger, L3S Research Center Auckland, New Zealand, August 24, Exploiting Preferences for Minimal Credential Disclosure in Policy-Driven Trust Negotiations Preference and Policies – a log. progr. approach A policy with preferences: If possible: Disclose bank account Otherwise: Disclose credit card IF Requestor has BBB certificate inspired by Answer Set Programming with Ordered Disjunctions: advantage:  variables in preferences  arbitrary conditions for preferences  non-preferred solutions (here answer sets) are not created so far no partial order preferences possible  requires extensions

Philipp Kärger, L3S Research Center Auckland, New Zealand, August 24, Exploiting Preferences for Minimal Credential Disclosure in Policy-Driven Trust Negotiations Summary Preferences help to automatically decide between alternatives in a Trust Negotiation. Our approach allows qualitative, partially ordered, contextual preferences always selects the optimal next steps in a negotiation includes an iterative process to elicit new user preferences

Philipp Kärger, L3S Research Center Auckland, New Zealand, August 24, Exploiting Preferences for Minimal Credential Disclosure in Policy-Driven Trust Negotiations Thank you for your attention. Please ask if there are any questions. Or get in touch later: Philipp Kärger

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.