Global ETD Search

1	Preserving Trust Across Multiple Sessions in Open Systems Chan, Fuk-Wing Thomas 13 July 2004 (has links) (PDF) Trust negotiation, a new authentication paradigm, enables strangers on the Internet to establish trust through the gradual disclosure of digital credentials and access control policies. Previous research in trust negotiation does not address issues in preserving trust across multiple sessions. This thesis discusses issues in preserving trust between parties who were previously considered strangers. It also describes the design and implementation of trust preservation in TrustBuilder, a prototype trust negotiation system. Preserving trust information can reduce the frequency and cost of renegotiation. A scenario is presented that demonstrates that a server supporting trust preservation can recoup the cost of the trust preservation facility when approximately 25% of its requests are from repeat customers. The throughput and response time improve up to approximately 33% as the percentage of repeat customers grows to 100%. Trust negotiation single-sign-on authentication authorization security Computer Sciences
2	Phishing Warden: Enhancing Content-Triggered Trust Negotiation to Prevent Phishing Attacks Henshaw, James Presley 01 June 2005 (has links) (PDF) Phishing attacks are spam e-mails that attempt to fool recipients into divulging their identifying information by posing as a message from a well known company and using that company's branding and logos. It is estimated that phishing attacks have cost bank and credit card customers $1.2 billion in the U.S. in 2003. Previous work, content-triggered trust negotiation (CTTN), filters Internet traffic for sensitive data, and prevents a user from disclosing sensitive information to an un-trusted server. However, existing CTTN implementations are vulnerable to client-side scripts that obfuscate any data the client's browser sends to the web server in order to bypass CTTN's filter. To increase the security of CTTN, this thesis introduces Phishing Warden, a browser-plug-in that filters content before client-side scripts can execute, thereby preventing the scripts from obfuscating data in order to bypass the filter. Phishing Warden negotiates the release of sensitive data through web forms via the AutoFill button. After Phishing Warden determines the web server is trustworthy of the requested information, the sensitive data is automatically inserted into the form, indirectly informing the user that Phishing Warden trusts the server with this information. Besides potentially obfuscating data, scripts in Internet browsers can exploit security vulnerabilities which allow malicious scripts to potentially take over the computer, or deceive the user with a fake toolbar [31]. In addition to preventing data obfuscation by client-side scripts, Phishing Warden also allows a user to customize script control with the push of a button, letting the user decide which websites to trust enough to run scripts. Phishing Warden extends CTTN to remember past sites deemed trustworthy by the user. phishing internet security trust negotiation Phishing Warden Computer Sciences
3	Trust Broker: A Defense Against Identity Theft From Online Transactions Edvalson, Michael George 09 December 2005 (has links) (PDF) The proliferation of online services over the years has encouraged more and more people to participate in Internet activities. Many web sites request personal and sensitive information needed to deliver the desired service. Unfortunately, it is difficult to distinguish the sites that can be trusted to protect such information from those that cannot. Many attempts to make the Internet easier to use introduce new security and privacy problems. On the other hand, most attempts at creating a safe online environment produce systems that are cryptic and hard to use. The TrustBroker system is based on a specialized online repository that safely stores user information and helps the user determine which sites can be trusted with their sensitive information. Also, the repository facilitates the transfer of the user's in- formation. The overall effect of the system is to inspire greater confidence in online participation among users who desire to protect their personal information. identity theft trust repository trust negotiation Computer Sciences
4	Trust Negotiation for Open Database Access Control Porter, Paul A. 09 May 2006 (has links) (PDF) Hippocratic databases are designed to protect the privacy of the individuals whose personal information they contain. This thesis presents a model for providing and enforcing access control in an open Hippocratic database system. Previously unknown individuals can gain access to information in the database by authenticating to roles through trust negotiation. Allowing qualified strangers to access the database increases the usefulness of the system without compromising privacy. This thesis presents the design and implementation of two methods for filtering information from database queries. First, we extend a query modification method for use in an open database system. Second, we introduce a novel filtering method that overcomes some limitations of the query modification method. We also provide results showing that the two methods have comparable performance that is suitable for interactive response time with our sample data set. trust negotiation database access control Hippocratic database privacy Computer Sciences
5	Challenging Policies That Do Not Play Fair: A Credential Relevancy Framework Using Trust Negotiation Ontologies Leithead, Travis S. 29 August 2005 (has links) (PDF) This thesis challenges the assumption that policies will "play fair" within trust negotiation. Policies that do not "play fair" contain requirements for authentication that are misleading, irrelevant, and/or incorrect, based on the current transaction context. To detect these unfair policies, trust negotiation ontologies provide the context to determine the relevancy of a given credential set for a particular negotiation. We propose a credential relevancy framework for use in trust negotiation that utilizes ontologies to process the set of all available credentials C and produce a subset of credentials C' relevant to the context of a given negotiation. This credential relevancy framework reveals the credentials inconsistent with the current negotiation and detects potentially malicious policies that request these credentials. It provides a general solution for detecting policies that do not "play fair," such as those used in credential phishing attacks, malformed policies, and malicious strategies. This thesis motivates the need for a credential relevancy framework, outlines considerations for designing and implementing it (including topics that require further research), and analyzes a prototype implementation. The credential relevancy framework prototype, analyzed in this thesis, has the following two properties: first, it incurs less than 10% extra execution time compared to a baseline trust negotiation prototype (e.g., TrustBuilder); second, credential relevance determination does not compromise the desired goals of trust negotiation—transparent and automated authentication in open systems. Current trust negotiation systems integrated with a credential relevancy framework will be enabled to better defend against users that do not always "play fair" by incorporating a credential relevancy framework. trust negotiation policies malicious attacks framework privacy security Computer Sciences
6	Extensible Pre-Authentication in Kerberos Hellewell, Phillip L. 03 July 2007 (has links) (PDF) Organizations need to provide services to a wide range of people, including strangers outside their local security domain. As the number of users grows larger, it becomes increasingly tedious to maintain and provision user accounts. It remains an open problem to create a system for provisioning outsiders that is secure, flexible, efficient, scalable, and easy to manage. Kerberos is a secure, industry-standard protocol. Currently, Kerberos operates as a closed system; all users must be specified upfront and managed on an individual basis. This paper presents EPAK (Extensible Pre-Authentication in Kerberos), a framework that enables Kerberos to operate as an open system. Implemented as a Kerberos extension, EPAK enables many authentication schemes to be loosely coupled with Kerberos, without further modification to Kerberos. EPAK provides the mutual benefits of enhancing the flexibility of Kerberos and increasing the viability of alternate authentication systems as they move to the enterprise. Kerberos security authentication SAW trust negotiation Computer Sciences
7	Trust negotiation policy management for service-oriented applications Skogsrud, Halvard, Computer Science & Engineering, Faculty of Engineering, UNSW January 2006 (has links) Service-oriented architectures (SOA), and in particular Web services, have quickly become a popular technology to connect applications both within and across enterprise boundaries. However, as services are increasingly used to implement critical functionality, security has become an important concern impeding the widespread adoption of SOA. Trust negotiation is an approach to access control that may be applied in scenarios where service requesters are often unknown in advance, such as for services available via the public Internet. Rather than relying on requesters' identities, trust negotiation makes access decisions based on the level of trust established between the requester and the provider in a negotiation, during which the parties exchange credentials, which are signed assertions that describe some attributes of the owner. However, managing the evolution of trust negotiation policies is a difficult problem that has not been sufficiently addressed to date. Access control policies have a lifecycle, and they are revised based on applicable business policies. Additionally, because a trust relationship established in a trust negotiation may be long lasting, their evolution must also be managed. Simply allowing a negotiation to continue according to an old policy may be undesirable, especially if new important constraints have been added. In this thesis, we introduce a model-driven trust negotiation framework for service-oriented applications. The framework employs a model for trust negotiation, based on state machines, that allows automated generation of the control structures necessary to enforce trust negotiation policies from the visual model of the policy. Our policy model also supports lifecycle management. We provide sets of operations to modify policies and to manage ongoing negotiations, and operators for identifying and managing impacts of changes to trust negotiation policies on ongoing trust negotiations. The framework presented in the thesis has been implemented in the Trust-Serv prototype, which leverages industry specifications such as WS-Security and WS-Trust to offer a container-centric mechanism for deploying trust negotiation that is transparent to the services being protected. security web services trust negotiation trust management modeling SOA service-oriented applications
8	Responding to Policies at Runtime in TrustBuilder Smith, Bryan J. 20 April 2004 (has links) (PDF) Automated trust negotiation is the process of establishing trust between entities with no prior relationship through the iterative disclosure of digital credentials. One approach to negotiating trust is for the participants to exchange access control policies to inform each other of the requirements for establishing trust. When a policy is received at runtime, a compliance checker determines which credentials satisfy the policy so they can be disclosed. In situations where several sets of credentials satisfy a policy and some of the credentials are sensitive, a compliance checker that generates all the sets is necessary to insure that the negotiation succeeds whenever possible. Compliance checkers designed for trust management do not usually generate all the satisfying sets. In this thesis, we present two practical algorithms for generating all satisfying sets given a compliance checker that generates only one set. The ability to generate all of the combinations provides greater flexibility in how the system or user establishes trust. For example, the least sensitive credential combination could be disclosed first. These ideas have been implemented in TrustBuilder, our prototype system for trust negotiation. trust negotiation compliance checker access control policies IBM Trust Policy Language TrustBuilder satisfiability Computer Sciences
9	Browser-Based Trust Negotiation Morris, Cameron 21 March 2006 (has links) (PDF) Trust negotiation allows two parties on the Internet to establish trust in each other according to the digital credentials thateach other possesses. Traditionally, trust negotiation uses certificates as digital credentials. However, certificates make trust negotiation difficult to use since people rarely have certificates available to them, and they must physically possess and secure all needed certificates in order to negotiate. To avoid these problems, this thesis proposes that credential authorities negotiate on behalf of the user. This thesis defines BrowserBased Trust Negotiation (BBTN) as a method for negotiating with credential authorities using the Secure Assertion Markup Language (SAML). Trust Negotiation Internet Security Computer Security SAML Single Sign-on Computer Sciences
10	Protecting Sensitive Credential Content during Trust Negotiation Jarvis, Ryan D. 21 April 2003 (has links) Keeping sensitive information private in a public world is a common concern to users of digital credentials. A digital credential may contain sensitive attributes certifying characteristics about its owner. X.509v3, the most widely used certificate standard, includes support for certificate extensions that make it possible to bind multiple attributes to a public key contained in the certificate. This feature, although convenient, potentially exploits the certificate holder's private information contained in the certificate. There are currently no privacy considerations in place to protect the disclosure of attributes in a certificate. This thesis focuses on protecting sensitive credential content during trust negotiation and demonstrates, through design and implementation, the privacy benefits achieved through selective disclosure. Selective disclosure of credential content can be achieved using private attributes, a well-known technique that incorporates bit commitment within digital credentials. This technique has not been thoroughly explored or implemented in any prior work. In this thesis, a protocol for issuing and showing credentials containing private attributes is discussed and suggested as a method for concealing and selectively revealing sensitive attributes bound to credentials during trust negotiation. To demonstrate greater privacy control within a credential-based system, private attributes are incorporated into TrustBuilder, an implementation of trust negotiation. With access control at the attribute level, TrustBuilder gives users greater control over their private information and can improve the success rate of negotiations. TrustBuilder also demonstrates how credentials with private attributes can eliminate risks normally associated with exchanging credentials, such as excessive gathering of information that is not germane to the transaction and inadvertently disclosing the value of a sensitive credential attribute. trust negotiation privacy bit commitment security ISRL Internet Security Research Lab TrustBuilder selective disclosure digital credential X.509v3 Computer Sciences

Search results