Adaptive Trust Negotiation and Access Control.pptVIP

Agenda Trust negotiation frameworks Introduction TrustBuilder Trust-X Laboratory assignment #2 IPSec review IPSec connections and configuration requirements Assignment description Trust Negotiation Frameworks Introduction Trust Establishment Trust establishment between strangers in open system. The client and server are not in the same security domain. Access control decision is attribute based instead of identity based. Examples: citizenship, clearance, job classification, group memberships, licenses, etc. The client’s role within his home organization. Trust Management – coined by Matt Blaze Trust negotiation Trust Negotiation TN=“Approach to access control and authentication that enables resource requesters and providers in open systems to establish trust based on attributes other than identity.”* Goals Establish trust Maintain privacy of attributes Process Iteratively exchange digital credentials between two negotiating participants. Begin by exchanging less sensitive credentials Build trust gradually in order to exchange more sensitive credentials Example/Scenario Electronic business transactions Parties in transaction don’t know each other Attacks can be launched to the transaction (negotiation) infrastructure Trust is required for transaction For buyers: Trust that sellers will provide services No disclosure of private buyer info For Sellers: Trust that buyers will pay for services Meet conditions for buying certain goods (age) Example/Scenario In an electronic business transaction, participants interact beyond their local security domain. Traditionally, pre-registration required Without a pre-existing relationship trust must be established Access control policies to control: Granting of resources Revealing sensitive user information Digital Credentials Digital Credentials Are the vehicle for carrying attribute information reliably Contain attributes of the credential owner asserted by the issuer Issuer is a certification authority Must be unforgeable M