IDEALS Home University of Illinois at Urbana-Champaign logo The Alma Mater The Main Quad

A Generalized Honest-But-Curious Trust Negotiation Strategy for Harvesting Credentials

Show full item record

Bookmark or cite this item: http://hdl.handle.net/2142/11381

Files in this item

File Description Format
PDF A Generalized H ... Harvesting Credentials.pdf (345KB) (no description provided) PDF
Title: A Generalized Honest-But-Curious Trust Negotiation Strategy for Harvesting Credentials
Author(s): Olson, Lars E.; Rosulek, Michael J.; Winslett, Marianne
Subject(s): computer security
Abstract: Need-to-know is a fundamental security concept: a party should not learn information that is irrelevant to its mission. In this paper we show that during a trust negotiation in which parties show their credentials to one another, an adversary Alice can systematically harvest information about all of a victim Bob.s credentials that Alice is entitled to see, regardless of their relevance to a negotiation. We prove that it is not possible to enforce need-to-know conditions with the trust negotiation model and protocol developed by Yu, Winslett, and Seamons. We also present examples of similar need-to-know attacks with the trust negotiation approaches proposed by Bonatti and Samarati, and by Winsborough and Li. Finally, we propose possible countermeasures against need-to-know attacks, and discuss their advantages and disadvantages.
Issue Date: 2007-08
Genre: Technical Report
Type: Text
URI: http://hdl.handle.net/2142/11381
Other Identifier(s): UIUCDCS-R-2007-2892
Rights Information: You are granted permission for the non-commercial reproduction, distribution, display, and performance of this technical report in any format, BUT this permission is only for a period of 45 (forty-five) days from the most recent time that you verified that this technical report is still available from the University of Illinois at Urbana-Champaign Computer Science Department under terms that include this permission. All other rights are reserved by the author(s).
Date Available in IDEALS: 2009-04-22
 

This item appears in the following Collection(s)

Show full item record

Item Statistics

  • Total Downloads: 180
  • Downloads this Month: 6
  • Downloads Today: 0

Browse

My Account

Information

Access Key