Details

Challenging Policies That Do Not Play Fair: A Credential Relevancy Framework Using Trust Negotiation Ontologies Challenging Policies That Do Not Play Fair: A Credential Relevancy Framework Using Trust Negotiation Ontologies

by Leithead, Travis S

Abstract (Summary)
This thesis challenges the assumption that policies will “play fair” within trust negotiation. Policies that do not “play fair” contain requirements for authentication that are misleading, irrelevant, and/or incorrect, based on the current transaction context. To detect these unfair policies, trust negotiation ontologies provide the context to determine the relevancy of a given credential set for a particular negotiation.

We propose a credential relevancy framework for use in trust negotiation that utilizes ontologies to process the set of all available credentials C and produce a subset of credentials C0 relevant to the context of a given negotiation. This credential relevancy framework reveals the credentials inconsistent with the current negotiation and detects potentially malicious policies that request these credentials. It provides a general solution for detecting policies that do not “play fair,” such as those used in credential phishing attacks, malformed policies, and malicious strategies.

This thesis motivates the need for a credential relevancy framework, outlines considerations for designing and implementing it (including topics that require further research), and analyzes a prototype implementation. The credential relevancy framework prototype, analyzed in this thesis, has the following two properties: first, it incurs less than 10% extra execution time compared to a baseline trust negotiation prototype (e.g., TrustBuilder); second, credential relevance determination does not compromise the desired goals of trust negotiation—transparent and automated authentication in open systems. Current trust negotiation systems integrated with a credential relevancy framework will be enabled to better defend against users that do not always “play fair” by incorporating a credential relevancy framework.

Bibliographical Information:

Advisor:

School:Brigham Young University

School Location:USA - Utah

Source Type:Master's Thesis

Keywords:trust negotiation policies malicious attacks framework privacy security

ISBN:

Date of Publication:08/22/2005

© 2009 OpenThesis.org. All Rights Reserved.