• Refine Query
  • Source
  • Publication year
  • to
  • Language
  • No language data
  • Tagged with
  • 2
  • 2
  • 2
  • 2
  • 2
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • About
  • The Global ETD Search service is a free service for researchers to find electronic theses and dissertations. This service is provided by the Networked Digital Library of Theses and Dissertations.
    Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.
1

Responding to Policies at Runtime in TrustBuilder

Smith, Bryan J. 20 April 2004 (has links) (PDF)
Automated trust negotiation is the process of establishing trust between entities with no prior relationship through the iterative disclosure of digital credentials. One approach to negotiating trust is for the participants to exchange access control policies to inform each other of the requirements for establishing trust. When a policy is received at runtime, a compliance checker determines which credentials satisfy the policy so they can be disclosed. In situations where several sets of credentials satisfy a policy and some of the credentials are sensitive, a compliance checker that generates all the sets is necessary to insure that the negotiation succeeds whenever possible. Compliance checkers designed for trust management do not usually generate all the satisfying sets. In this thesis, we present two practical algorithms for generating all satisfying sets given a compliance checker that generates only one set. The ability to generate all of the combinations provides greater flexibility in how the system or user establishes trust. For example, the least sensitive credential combination could be disclosed first. These ideas have been implemented in TrustBuilder, our prototype system for trust negotiation.
2

Protecting Sensitive Credential Content during Trust Negotiation

Jarvis, Ryan D. 21 April 2003 (has links)
Keeping sensitive information private in a public world is a common concern to users of digital credentials. A digital credential may contain sensitive attributes certifying characteristics about its owner. X.509v3, the most widely used certificate standard, includes support for certificate extensions that make it possible to bind multiple attributes to a public key contained in the certificate. This feature, although convenient, potentially exploits the certificate holder's private information contained in the certificate. There are currently no privacy considerations in place to protect the disclosure of attributes in a certificate. This thesis focuses on protecting sensitive credential content during trust negotiation and demonstrates, through design and implementation, the privacy benefits achieved through selective disclosure. Selective disclosure of credential content can be achieved using private attributes, a well-known technique that incorporates bit commitment within digital credentials. This technique has not been thoroughly explored or implemented in any prior work. In this thesis, a protocol for issuing and showing credentials containing private attributes is discussed and suggested as a method for concealing and selectively revealing sensitive attributes bound to credentials during trust negotiation. To demonstrate greater privacy control within a credential-based system, private attributes are incorporated into TrustBuilder, an implementation of trust negotiation. With access control at the attribute level, TrustBuilder gives users greater control over their private information and can improve the success rate of negotiations. TrustBuilder also demonstrates how credentials with private attributes can eliminate risks normally associated with exchanging credentials, such as excessive gathering of information that is not germane to the transaction and inadvertently disclosing the value of a sensitive credential attribute.

Page generated in 0.0455 seconds