Presentation is loading. Please wait.

Presentation is loading. Please wait.

Exploiting Preferences for Minimal Credential Disclosure in Policy-Driven Trust Negotiations Philipp Kärger, Daniel Olmedilla, Wolf-Tilo Balke L3S Research.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Exploiting Preferences for Minimal Credential Disclosure in Policy-Driven Trust Negotiations Philipp Kärger, Daniel Olmedilla, Wolf-Tilo Balke L3S Research."— Presentation transcript:

1 Exploiting Preferences for Minimal Credential Disclosure in Policy-Driven Trust Negotiations Philipp Kärger, Daniel Olmedilla, Wolf-Tilo Balke L3S Research Center, Leibniz University Hannover, Germany 5 th Secure Data Management Workshop, Auckland, New Zealand, August 24, 2008

2 Philipp Kärger, L3S Research Center Auckland, New Zealand, August 24, 2008 2 Exploiting Preferences for Minimal Credential Disclosure in Policy-Driven Trust Negotiations Outline 1. Policy-driven Trust Negotiations  what are they?  what do they serve for?  what may happen that we need Preferences? 2. Preferences in Trust Negotiations  Modeling Disclosure Sets  Modeling Preferences  A Preference Model for comparing Disclosure Sets 3. Implementation and Experiments  An Implementation guiding a Trust Negotiation  Simulating Trust Negotiations

3 Philipp Kärger, L3S Research Center Auckland, New Zealand, August 24, 2008 3 Exploiting Preferences for Minimal Credential Disclosure in Policy-Driven Trust Negotiations 1. Trust Negotiation

4 Philipp Kärger, L3S Research Center Auckland, New Zealand, August 24, 2008 4 Exploiting Preferences for Minimal Credential Disclosure in Policy-Driven Trust Negotiations Trust Negotiation: how to trust a stranger? Aliceon-line book shop Disclose CreditCard IF Requestor has BBB certificate Disclose Book IF Requestor discloses valid CredidCard Disclose BBB certificate to any requestor request for a book “for the book I need a CreditCard” “for the CreditCard I need a BBB cert.” policy:

5 Philipp Kärger, L3S Research Center Auckland, New Zealand, August 24, 2008 5 Exploiting Preferences for Minimal Credential Disclosure in Policy-Driven Trust Negotiations Trust Negotiation: used for … Trust Negotiation is used for  Access control  Dynamic contracts  E.g., in web service composition  Autonomic computing  Pervasive environments  E.g., sensor networks  Service-level agreements  e.g., more service for certain requestors  Etc.

6 Philipp Kärger, L3S Research Center Auckland, New Zealand, August 24, 2008 6 Exploiting Preferences for Minimal Credential Disclosure in Policy-Driven Trust Negotiations Protune – Rule-based Policies on the Semantic Web  a policy framework developed at L3S Research Center and Naples University  provides a logic-based, declarative policy language  features include  trust negotiation  external actions  access to relational databases,  RDF stores,  file system requests,  time and location-aware packages  policy explanations  “You cannot access because …” (in contrast to just “Access denied.”) Demo at: http://policy.L3S.uni-hannover.de/http://policy.L3S.uni-hannover.de/

7 Philipp Kärger, L3S Research Center Auckland, New Zealand, August 24, 2008 7 Exploiting Preferences for Minimal Credential Disclosure in Policy-Driven Trust Negotiations The Need for Preferences What if a policy evaluation has more than one result? Aliceon-line book shop Disclose CreditCard IF Requestor has BBB certificate Disclose bank account information IF Requestor has BBB certificate request for a book “for the book I need a CreditCard or your bank account information” Which Credential? CreditCard or bank account information?  exploit user preferences in the negotiation process to decide

8 Philipp Kärger, L3S Research Center Auckland, New Zealand, August 24, 2008 8 Exploiting Preferences for Minimal Credential Disclosure in Policy-Driven Trust Negotiations It may become even more complex … Aliceon-line book shop request for a book

9 Philipp Kärger, L3S Research Center Auckland, New Zealand, August 24, 2008 9 Exploiting Preferences for Minimal Credential Disclosure in Policy-Driven Trust Negotiations How to decide between the options? if the system is not aware of any user preferences it has to ask the user to decide. But the user  may easily be overwhelmed by so many options.  may take a bad decision because of lost overview.  has to decide it again for all future negotiations.  may not at all be available. ?

10 Philipp Kärger, L3S Research Center Auckland, New Zealand, August 24, 2008 10 Exploiting Preferences for Minimal Credential Disclosure in Policy-Driven Trust Negotiations 2. Preferences in Trust Negotiation

11 Philipp Kärger, L3S Research Center Auckland, New Zealand, August 24, 2008 11 Exploiting Preferences for Minimal Credential Disclosure in Policy-Driven Trust Negotiations Preference handling a preference is an order of values having a decreasing preference  “I prefer English but German is also fine.”  “I prefer to disclose my pay pal account information instead of my credit card number. My bank account information is the last option.” preferences are known from:  databases: preference queries  [Werner Kießling: Preference SQL: design, implementation, experiences. 2002]  [Jan Chomicki: Preference formulas in relational queries. 2003]  logic programming: preferring answer set  [Gerhard Brewka, Thomas Eiter: Preferred Answer Sets for Extended Logic Programs. 1999]

12 Philipp Kärger, L3S Research Center Auckland, New Zealand, August 24, 2008 12 Exploiting Preferences for Minimal Credential Disclosure in Policy-Driven Trust Negotiations Preferences in Trust Negotiation Typically, users have general preferences which credential to disclose. For example  “I prefer to disclose my e-mail address instead of my postal address.”  “My postal code together with my date of birth is very sensitive. I prefer to disclose my e-mail address instead of these two.”  an example preference graph: Quasi identifier

13 Philipp Kärger, L3S Research Center Auckland, New Zealand, August 24, 2008 13 Exploiting Preferences for Minimal Credential Disclosure in Policy-Driven Trust Negotiations Preferences of Different Kinds total vs. partial order quantitative vs. qualitative default preference: not disclosing a credential is preferred to disclose it contextual preferences

14 Philipp Kärger, L3S Research Center Auckland, New Zealand, August 24, 2008 14 Exploiting Preferences for Minimal Credential Disclosure in Policy-Driven Trust Negotiations Modeling Disclosure Sets Disclosure Sets are represented as Binary Vectors e.g., S 6 = (0,0,0,0,0,1,0,0,0,1,1) represents the set {ID, CreditCard, PIN}.

15 Philipp Kärger, L3S Research Center Auckland, New Zealand, August 24, 2008 15 Exploiting Preferences for Minimal Credential Disclosure in Policy-Driven Trust Negotiations Modeling Preferences Preferences are defined over a subset of dimensions in the disclosure set vectors, e.g., Not disclosing the telephone number is preferred to disclosing the telephone number. (x, x, 0, x, x, x, x, x, x,x, x) (x, x, 1, x, x, x, x, x, x,x, x) If I have to disclose my date of birth, I prefer to disclose my e-mail address instead of my postal code. (x, 1, x, 1, 0, x, x, x, x,x, x) (x, 1, x, 0, 1, x, x, x, x,x, x) Quasi identifier = = ===== = == ceteris paribus

16 Philipp Kärger, L3S Research Center Auckland, New Zealand, August 24, 2008 16 Exploiting Preferences for Minimal Credential Disclosure in Policy-Driven Trust Negotiations Filtering out Non-Preferred Disclosure Sets Finding the optimal disclosure set by ruling out non-optimal sets according to Alice’s preferences: default preference: not disclosing a credential is preferred to disclose it: which credential is preferred to disclose:

17 Philipp Kärger, L3S Research Center Auckland, New Zealand, August 24, 2008 17 Exploiting Preferences for Minimal Credential Disclosure in Policy-Driven Trust Negotiations Filtering out Non-Preferred Disclosure Sets 0000010001 1 00010100011 S 6 ? S 10

18 Philipp Kärger, L3S Research Center Auckland, New Zealand, August 24, 2008 18 Exploiting Preferences for Minimal Credential Disclosure in Policy-Driven Trust Negotiations Filtering out Non-Preferred Disclosure Sets 11010001100 11001001100 11001000110 11001000011 S1? S4S1? S4

19 Philipp Kärger, L3S Research Center Auckland, New Zealand, August 24, 2008 19 Exploiting Preferences for Minimal Credential Disclosure in Policy-Driven Trust Negotiations Filtering out Non-Preferred Disclosure Sets For our example: Applying this technique iteratively rules out 10 of the 12 alternatives.  user’s decision between S 1 and S 5 may be stored for later negotiations

20 Philipp Kärger, L3S Research Center Auckland, New Zealand, August 24, 2008 20 Exploiting Preferences for Minimal Credential Disclosure in Policy-Driven Trust Negotiations 3. Implementation and Experiments

21 Philipp Kärger, L3S Research Center Auckland, New Zealand, August 24, 2008 21 Exploiting Preferences for Minimal Credential Disclosure in Policy-Driven Trust Negotiations prefer- ences Prolog policy Implementation preference engine

22 Philipp Kärger, L3S Research Center Auckland, New Zealand, August 24, 2008 22 Exploiting Preferences for Minimal Credential Disclosure in Policy-Driven Trust Negotiations Experiments -For simulated negotiations with -varying preferences -varying policies -the mean amount of disclosure sets ruled out was 82 %.

23 Philipp Kärger, L3S Research Center Auckland, New Zealand, August 24, 2008 23 Exploiting Preferences for Minimal Credential Disclosure in Policy-Driven Trust Negotiations Preferences in Policies - the database approach Idea: exploit user preferences over the credentials: generate all possible next steps in the negotiation and select the optimal step according to these preferences  like selecting the optimal entry in a database with a preference query for example { e-mail, date of birth, passport, credit card } is preferred to { name, ID, bank account } according to the above preferences.

24 Philipp Kärger, L3S Research Center Auckland, New Zealand, August 24, 2008 24 Exploiting Preferences for Minimal Credential Disclosure in Policy-Driven Trust Negotiations Preferences in Policies - the database approach (2) drawbacks of this approach:  non-preferred disclosure sets are first created although they will be thrown away later  conditional preferences can not depend on arbitrary conditions  e.g., “A is preferred to B only if it is sunny in Galway.”  preferences are defined on grounded literals (representing credentials)  i.e., preference statements with variables are impossible  e.g., “ X is preferred to Y only if age( X ) > age( Y ).” Solution: defining the preferences as parts of the policies.

25 Philipp Kärger, L3S Research Center Auckland, New Zealand, August 24, 2008 25 Exploiting Preferences for Minimal Credential Disclosure in Policy-Driven Trust Negotiations Preference and Policies – a log. progr. approach A policy with preferences: If possible: Disclose bank account Otherwise: Disclose credit card IF Requestor has BBB certificate inspired by Answer Set Programming with Ordered Disjunctions: advantage:  variables in preferences  arbitrary conditions for preferences  non-preferred solutions (here answer sets) are not created so far no partial order preferences possible  requires extensions

26 Philipp Kärger, L3S Research Center Auckland, New Zealand, August 24, 2008 26 Exploiting Preferences for Minimal Credential Disclosure in Policy-Driven Trust Negotiations Summary Preferences help to automatically decide between alternatives in a Trust Negotiation. Our approach allows qualitative, partially ordered, contextual preferences always selects the optimal next steps in a negotiation includes an iterative process to elicit new user preferences

27 Philipp Kärger, L3S Research Center Auckland, New Zealand, August 24, 2008 27 Exploiting Preferences for Minimal Credential Disclosure in Policy-Driven Trust Negotiations Thank you for your attention. Please ask if there are any questions. Or get in touch later: Philipp Kärger kaerger@L3S.de http://www.L3S.de/~kaerger

Download ppt "Exploiting Preferences for Minimal Credential Disclosure in Policy-Driven Trust Negotiations Philipp Kärger, Daniel Olmedilla, Wolf-Tilo Balke L3S Research."

Similar presentations

Lukas Blunschi Claudio Jossen Donald Kossmann Magdalini Mori Kurt Stockinger.

Lukas Blunschi Claudio Jossen Donald Kossmann Magdalini Mori Kurt Stockinger.
1 gStore: Answering SPARQL Queries Via Subgraph Matching Presented by Guan Wang Kent State University October 24, 2011.

1 gStore: Answering SPARQL Queries Via Subgraph Matching Presented by Guan Wang Kent State University October 24, 2011.
Binder: A logic-based security language John DeTreville, Microsoft What has this to do with building secure software? I think we need many collaborating.

Binder: A logic-based security language John DeTreville, Microsoft What has this to do with building secure software? I think we need many collaborating.
Trust, Security and Privacy in Learning Networks Daniel Olmedilla L3S Research Center / Hannover University Learning Networks in Practice 10 th May, 2007.

Trust, Security and Privacy in Learning Networks Daniel Olmedilla L3S Research Center / Hannover University Learning Networks in Practice 10 th May, 2007.
Biller Direct Getting Started

Biller Direct Getting Started
Responding to Policies at Runtime in TrustBuilder Bryan Smith, Kent E. Seamons, and Michael D. Jones Computer Science Department Brigham Young University.

Responding to Policies at Runtime in TrustBuilder Bryan Smith, Kent E. Seamons, and Michael D. Jones Computer Science Department Brigham Young University.
CSE 425: Logic Programming I Logic and Programs Most programs use Boolean expressions over data Logic statements can express program semantics –I.e., axiomatic.

CSE 425: Logic Programming I Logic and Programs Most programs use Boolean expressions over data Logic statements can express program semantics –I.e., axiomatic.
Active Learning and Collaborative Filtering

Active Learning and Collaborative Filtering
Page 1 of 29 Net-Scale Technologies, Inc. Network Based Personal Information and Messaging Services Urs Muller Beat Flepp

Page 1 of 29 Net-Scale Technologies, Inc. Network Based Personal Information and Messaging Services Urs Muller Beat Flepp
1Philipp Kärger, ICALT 2007 Services for Knowledge Resource Sharing and Management in an Open Source Infrastructure Elena Demidova, Philipp Kärger, Daniel.

1Philipp Kärger, ICALT 2007 Services for Knowledge Resource Sharing and Management in an Open Source Infrastructure Elena Demidova, Philipp Kärger, Daniel.
Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.

Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
25/10/2009Philipp Kärger1 Reactivity and Social Data: Keys to Drive Privacy Decisions in Social Network Applications* * This work was partially supported.

25/10/2009Philipp Kärger1 Reactivity and Social Data: Keys to Drive Privacy Decisions in Social Network Applications* * This work was partially supported.
Using Social Semantic Web Data for Privacy Policies Presentation of the Bachelor Thesis Emily Kigel.

Using Social Semantic Web Data for Privacy Policies Presentation of the Bachelor Thesis Emily Kigel.
July 11 th, 2005 Software Engineering with Reusable Components RiSE’s Seminars Sametinger’s book :: Chapters 16, 17 and 18 Fred Durão.

July 11 th, 2005 Software Engineering with Reusable Components RiSE’s Seminars Sametinger’s book :: Chapters 16, 17 and 18 Fred Durão.
ALMA MATER STUDIORUM UNIVERSITY OF BOLOGNA UNIVERSITY OF FERRARA Policy-based reasoning for smart web service interaction Federico Chesani, Paola Mello,

ALMA MATER STUDIORUM UNIVERSITY OF BOLOGNA UNIVERSITY OF FERRARA Policy-based reasoning for smart web service interaction Federico Chesani, Paola Mello,
Using Digital Credentials On The World-Wide Web M. Winslett.

Using Digital Credentials On The World-Wide Web M. Winslett.
Exploiting Preference Queries for Searching Learning Resources Fabian Abel, Eelco Herder, Philipp Kärger, Daniel Olmedilla, Wolf Siberski L3S Research.

Exploiting Preference Queries for Searching Learning Resources Fabian Abel, Eelco Herder, Philipp Kärger, Daniel Olmedilla, Wolf Siberski L3S Research.
Advanced Semantic Web Policies ____ Preferences and Reactivity Philipp Kärger L3S Research Center, Leibniz University Hannover Research Seminar, DERI Galway,

Advanced Semantic Web Policies ____ Preferences and Reactivity Philipp Kärger L3S Research Center, Leibniz University Hannover Research Seminar, DERI Galway,
Lesson 18: Configuring Application Restriction Policies

Lesson 18: Configuring Application Restriction Policies
Opening a bank account.

Opening a bank account.

Similar presentations

Ads by Google