Files in this item

FilesDescriptionFormat

application/pdf

application/pdfA Generalized H ... Harvesting Credentials.pdf (345Kb)
(no description provided)PDF

Description

Title:A Generalized Honest-But-Curious Trust Negotiation Strategy for Harvesting Credentials
Author(s):Olson, Lars E.; Rosulek, Michael J.; Winslett, Marianne
Subject(s):computer security
Abstract:Need-to-know is a fundamental security concept: a party should not learn information that is irrelevant to its mission. In this paper we show that during a trust negotiation in which parties show their credentials to one another, an adversary Alice can systematically harvest information about all of a victim Bob.s credentials that Alice is entitled to see, regardless of their relevance to a negotiation. We prove that it is not possible to enforce need-to-know conditions with the trust negotiation model and protocol developed by Yu, Winslett, and Seamons. We also present examples of similar need-to-know attacks with the trust negotiation approaches proposed by Bonatti and Samarati, and by Winsborough and Li. Finally, we propose possible countermeasures against need-to-know attacks, and discuss their advantages and disadvantages.
Issue Date:2007-08
Genre:Technical Report
Type:Text
URI:http://hdl.handle.net/2142/11381
Other Identifier(s):UIUCDCS-R-2007-2892
Rights Information:You are granted permission for the non-commercial reproduction, distribution, display, and performance of this technical report in any format, BUT this permission is only for a period of 45 (forty-five) days from the most recent time that you verified that this technical report is still available from the University of Illinois at Urbana-Champaign Computer Science Department under terms that include this permission. All other rights are reserved by the author(s).
Date Available in IDEALS:2009-04-22


This item appears in the following Collection(s)

Item Statistics

  • Total Downloads: 231
  • Downloads this Month: 6
  • Downloads Today: 0