Research On Automated Trust Negotiation For Open Environment

Under the large-scale open distributed systems circumstances, the fulfillment of tasks requires the coordination and cooperation of entities which belong to different security areas. How to effectively, securely and dynamically establish trust across security areas has become a hot topic in the current study of security. Automated Trust Negotiation (ATN) can establish mutual trust between service requestor and provider to achieve resources sharing and coordinative working by means of iteratively disclosing credentials and access control policies.In ATN, trust in a particular context is attained by disclosing certain numbers or types of credentials. Thus, the problem about privacy protection of entities is very important. At the present, how to restrict the loss of privacy as the credentials revealed is studied extensively. This thesis aims at the research on privacy protection in the process of trust establishment on the condition of malicious attacks or probing attacks. The main contributions in this thesis are as follows:(1) Brief introduction of the prior achievement and progress on ATN is presented, including the formalization of the involved terms, symbols and formula.(2) Both advantages and disadvantages of other model ways about the negotiation strategies are analyzed. The Petri Nets is introduced to solve the problem of generating safe credentials sequence. A new modeling method for trust negotiation based on the Petri Nets is proposed. The safe disclosed sequence algorithm is presented based on the legal firing sequence reachability with minimum initial submarking. The analysis of complexity is provided in communication and computation in the process of negotiation.(3) Sensitive information protection method is proposed in order to prevent probing attack of malicious negotiator or privacy leaking in ATN. The differences between attribute-sensitive credentials and possession-sensitive credentials are analysized in this thesis. The traditional access control polices cannot protect the possession-sensitive credentials under inference attack, especially when the malicious prober exists. A new way to protect the possession-sensitive credentials has been proposed based on the credibility value which is the worth of the privacy of the credentials; and on the threshold which is a minimum total of credibility value required before the service is granted. A minimum credentials discloses set problem presented in this thesis is proved to be a NPC problem by reducing the subset sum problem in polynomial time. The performance of subset sum algorithm is analyzed through experiments.(4) The requirements of ATN for negotiation specification language are analyzed in detail, and an XML-based specification language called TNML is proposed. Meanwhile, the syntax of the TNML, and UML class figure as the meta-model are given. The thesis illustrates credentials and access control policies, presents the XML Schema of trust tickets used for accelerating negotiation, and generates algorithm for the translating from TNML files to a Petri Nets. The comparison between TNML and current-existing other trust negotiation languages indicates that it can satisfy the requirements of language for trust negotiation, and it has much stronger practicality and scalability.