Files in this item



application/pdfA Generalized H ... Harvesting Credentials.pdf (345kB)
(no description provided)PDF


Title:A Generalized Honest-But-Curious Trust Negotiation Strategy for Harvesting Credentials
Author(s):Olson, Lars E.; Rosulek, Michael J.; Winslett, Marianne
Subject(s):computer security
Abstract:Need-to-know is a fundamental security concept: a party should not learn information that is irrelevant to its mission. In this paper we show that during a trust negotiation in which parties show their credentials to one another, an adversary Alice can systematically harvest information about all of a victim Bob.s credentials that Alice is entitled to see, regardless of their relevance to a negotiation. We prove that it is not possible to enforce need-to-know conditions with the trust negotiation model and protocol developed by Yu, Winslett, and Seamons. We also present examples of similar need-to-know attacks with the trust negotiation approaches proposed by Bonatti and Samarati, and by Winsborough and Li. Finally, we propose possible countermeasures against need-to-know attacks, and discuss their advantages and disadvantages.
Issue Date:2007-08
Genre:Technical Report
Other Identifier(s):UIUCDCS-R-2007-2892
Rights Information:You are granted permission for the non-commercial reproduction, distribution, display, and performance of this technical report in any format, BUT this permission is only for a period of 45 (forty-five) days from the most recent time that you verified that this technical report is still available from the University of Illinois at Urbana-Champaign Computer Science Department under terms that include this permission. All other rights are reserved by the author(s).
Date Available in IDEALS:2009-04-22

This item appears in the following Collection(s)

Item Statistics