Global competitive pressures and the possibility of severe security breaches are forcing organizations and individuals to develop the ability to rapidly form relationships and cooperate to solve urgent problems. Such cooperation often involves unanticipated resource sharing across organizational boundaries. As disparate groups attempt to collaborate to conduct sensitive processes and respond to problems, their efforts to provide efficient response are hindered by traditional approaches to access control. Organizations and individuals require nimble security facilities that will enable them to rapidly and efficiently access each other's resources, while offering specific privacy guarantees.; Automated trust negotiation (ATN) is a new approach to access control in open, flexible systems. ATN enables open computing by assigning an access control policy to each resource that is to be made accessible to “outsiders”. An access control policy describes the properties of the parties allowed to access that resource, in contrast to the traditional approach of listing their identities. Party's properties are demonstrated through the use of digital credentials, which often contain sensitive information about their owners. Thus their disclosure is also protected by access control policies. Since each negotiating party may have policies that the other needs to satisfy, trust is established gradually through bilateral disclosures of credentials.; The successful deployment of ATN requires resolution of many challenging issues. This thesis focuses on two key problems of ATN: negotiation strategies and sensitive information protection. Different parties might have different requirements for how much computation they are willing to do, how freely they disclose resources, and other strategic decisions. For such decisions, each party relies on its negotiation strategies. We identify necessary and sufficient conditions to guarantee interoperability between different strategies, and present a large set of mutually interoperable strategies, which provides users with maximal flexibility in choosing strategies, while still guaranteeing that a negotiation will succeed if at all possible.; Without proper protection, an access control policy itself might reveal sensitive information unintentionally. To remedy this problem, we propose a unified scheme for resource protection in ATN. This scheme treats policies as first-class resources, which can themselves be protected by policies. This provides great flexibility in expressing fine-grained access control requirements for trust negotiation.
展开▼
