1 / 22

Exploiting Preferences for Minimal Credential Disclosure in Policy-Driven Trust Negotiations

Exploiting Preferences for Minimal Credential Disclosure in Policy-Driven Trust Negotiations. Philipp Kärger , Daniel Olmedilla, Wolf-Tilo Balke L3S Research Center, Leibniz University Hannover, Germany 5 th Secure Data Management Workshop, Auckland, New Zealand, August 24, 2008. Outline.

eternity-lambert
Download Presentation

Exploiting Preferences for Minimal Credential Disclosure in Policy-Driven Trust Negotiations

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Exploiting Preferences forMinimal Credential Disclosure in Policy-Driven Trust Negotiations Philipp Kärger, Daniel Olmedilla, Wolf-Tilo Balke L3S Research Center, Leibniz University Hannover, Germany 5th Secure Data Management Workshop, Auckland, New Zealand, August 24, 2008

  2. Outline 1. Policy-driven Trust Negotiations what are they? what do they serve for? what may happen that we need Preferences? 2. Preferences in Trust Negotiations Modeling Disclosure Sets Modeling Preferences A Preference Model for comparing Disclosure Sets 3. Implementation and Experiments An Implementation guiding a Trust Negotiation Simulating Trust Negotiations

  3. 1. Trust Negotiation

  4. Trust Negotiation: how to trust a stranger? request for a book “for the book I need a CreditCard” “for the CreditCard I need a BBB cert.” Alice on-line book shop policy: policy: Disclose Book IFRequestor discloses valid CredidCard Disclose BBB certificate to any requestor Disclose CreditCard IF Requestor has BBB certificate

  5. The Need for Preferences What if a policy evaluation has more than one result? request for a book Alice on-line book shop Disclose CreditCard IF Requestor has BBB certificate Disclose bank account information IF Requestor has BBB certificate “for the book I need a CreditCard or your bank account information” Which Credential? CreditCard or bank account information?  exploit user preferences in the negotiation process to decide

  6. It may become even more complex … request for a book Alice on-line book shop

  7. How to decide between the options? if the system is not aware of any user preferences it has to ask the user to decide. But the user may easily be overwhelmed by somany options. may take a bad decision because oflost overview. has to decide it again for all future negotiations. may not at all be available. ?

  8. 2. Preferences in Trust Negotiation

  9. Preference handling a preference is an order of values having a decreasing preference “I prefer English but German is also fine.” “I prefer to disclose my pay pal account information instead of my credit card number. My bank account information is the last option.” preferences are known from: databases: preference queries [Werner Kießling: Preference SQL: design, implementation, experiences. 2002] [Jan Chomicki: Preference formulas in relational queries. 2003] logic programming: preferring answer set [Gerhard Brewka, Thomas Eiter: Preferred Answer Sets for Extended Logic Programs. 1999]

  10. Preferences in Trust Negotiation Typically, users have general preferences which credential to disclose. For example “I prefer to disclose my e-mail address instead of my postal address.” “My postal code together with my date of birth is very sensitive. I prefer to disclose my e-mail address instead of these two.” an example preference graph: Quasi identifier

  11. Preferences of Different Kinds total vs. partial order quantitative vs. qualitative default preference: not disclosing a credential is preferred to disclose it contextual preferences

  12. Modeling Disclosure Sets Disclosure Sets are represented asBinary Vectors e.g., S6 = (0,0,0,0,0,1,0,0,0,1,1) represents the set {ID, CreditCard, PIN}.

  13. Modeling Preferences Preferences are defined over a subset of dimensions in the disclosure set vectors, e.g., Not disclosing the telephone number is preferred to disclosing the telephone number. ceteris paribus (x, x, 0, x, x, x, x, x , x ,x , x) = = = = = = = = = = (x, x, 1, x, x, x, x, x , x ,x , x) If I have to disclose my date of birth, I prefer to disclose my e-mail address instead of my postal code. (x, 1, x, 1, 0, x, x, x , x ,x , x) (x, 1, x, 0, 1, x, x, x , x ,x , x) Quasi identifier

  14. Filtering out Non-Preferred Disclosure Sets • Finding the optimal disclosure set by ruling out non-optimal sets according to Alice’s preferences: • default preference: not disclosing a credential is preferred to disclose it: • which credential is preferred to disclose:

  15. Filtering out Non-Preferred Disclosure Sets 00000100011 S6 ? S10 00010100011

  16. Filtering out Non-Preferred Disclosure Sets 11010001100 S1 ? S4 11001001100 11001000110 11001000011

  17. Filtering out Non-Preferred Disclosure Sets For our example: Applying this technique iteratively rules out 10 of the 12 alternatives.  user’s decision between S1and S5 may be stored for later negotiations

  18. 3. Implementation and Experiments

  19. Implementation policy prefer-ences preference engine Prolog

  20. Experiments For simulated negotiations with varying preferences varying policies the mean amount of disclosuresets ruled out was 82 %.

  21. Summary Preferences help to automatically decide between alternatives in a Trust Negotiation. Our approach allows qualitative, partially ordered, contextual preferences always selects the optimal next steps in a negotiation includes an iterative process to elicit new user preferences

  22. Thank you for your attention. Please ask if there are any questions. Or get in touch later: Philipp Kärger kaerger@L3S.de http://www.L3S.de/~kaerger

More Related