View
28
Download
2
Category
Tags:
Preview:
DESCRIPTION
Exploiting Preferences for Minimal Credential Disclosure in Policy-Driven Trust Negotiations. Philipp Kärger , Daniel Olmedilla, Wolf-Tilo Balke L3S Research Center, Leibniz University Hannover, Germany 5 th Secure Data Management Workshop, Auckland, New Zealand, August 24, 2008. Outline. - PowerPoint PPT Presentation
Citation preview
Exploiting Preferences for
Minimal Credential Disclosure
in
Policy-Driven Trust
NegotiationsPhilipp Kärger, Daniel Olmedilla, Wolf-Tilo Balke
L3S Research Center, Leibniz University Hannover, Germany
5th Secure Data Management Workshop, Auckland, New Zealand, August 24, 2008
Philipp Kärger, L3S Research Center Auckland, New Zealand, August 24, 2008 2
Exploiting Preferences for Minimal Credential Disclosure in Policy-Driven Trust Negotiations
Outline
1. Policy-driven Trust Negotiations what are they? what do they serve for? what may happen that we need Preferences?
2. Preferences in Trust Negotiations Modeling Disclosure Sets Modeling Preferences A Preference Model for comparing Disclosure Sets
3. Implementation and Experiments An Implementation guiding a Trust Negotiation Simulating Trust Negotiations
Philipp Kärger, L3S Research Center Auckland, New Zealand, August 24, 2008 3
Exploiting Preferences for Minimal Credential Disclosure in Policy-Driven Trust Negotiations
1. Trust Negotiation
Philipp Kärger, L3S Research Center Auckland, New Zealand, August 24, 2008 4
Exploiting Preferences for Minimal Credential Disclosure in Policy-Driven Trust Negotiations
Trust Negotiation: how to trust a stranger?
Alice on-line book shop
Disclose CreditCard IF Requestor has BBB certificate
Disclose Book IFRequestor discloses valid CredidCard
Disclose BBB certificate to any requestor
request for a book
“for the book I need a CreditCard”
“for the CreditCard I need a BBB cert.”
policy: policy:
Philipp Kärger, L3S Research Center Auckland, New Zealand, August 24, 2008 7
Exploiting Preferences for Minimal Credential Disclosure in Policy-Driven Trust Negotiations
The Need for Preferences
• What if a policy evaluation has more than one result?
Alice on-line book shopDisclose
CreditCard IF Requestor has BBB certificate
Disclose bank account information IF Requestor has BBB certificate
request for a book
“for the book I need a CreditCard or your bank account information”
Which Credential? CreditCard or bank account information?
exploit user preferences in the negotiation process to decide
Philipp Kärger, L3S Research Center Auckland, New Zealand, August 24, 2008 8
Exploiting Preferences for Minimal Credential Disclosure in Policy-Driven Trust Negotiations
It may become even more complex …
Alice on-line book shoprequest for a book
Philipp Kärger, L3S Research Center Auckland, New Zealand, August 24, 2008 9
Exploiting Preferences for Minimal Credential Disclosure in Policy-Driven Trust Negotiations
How to decide between the options?
• if the system is not aware of any user preferences it has to ask the user to decide.
• But the user may easily be overwhelmed by so
many options. may take a bad decision because of
lost overview. has to decide it again for all future negotiations. may not at all be available.
?
Philipp Kärger, L3S Research Center Auckland, New Zealand, August 24, 2008 10
Exploiting Preferences for Minimal Credential Disclosure in Policy-Driven Trust Negotiations
2. Preferences in Trust Negotiation
Philipp Kärger, L3S Research Center Auckland, New Zealand, August 24, 2008 11
Exploiting Preferences for Minimal Credential Disclosure in Policy-Driven Trust Negotiations
Preference handling
• a preference is an order of values having a decreasing preference “I prefer English but German is also fine.” “I prefer to disclose my pay pal account information instead of
my credit card number. My bank account information is the last option.”
preferences are known from:
databases: preference queries [Werner Kießling: Preference SQL: design, implementation, experiences. 2002] [Jan Chomicki: Preference formulas in relational queries. 2003]
logic programming: preferring answer set [Gerhard Brewka, Thomas Eiter: Preferred Answer Sets for Extended Logic
Programs. 1999]
Philipp Kärger, L3S Research Center Auckland, New Zealand, August 24, 2008 12
Exploiting Preferences for Minimal Credential Disclosure in Policy-Driven Trust Negotiations
Preferences in Trust Negotiation
• Typically, users have general preferences which credential to disclose.
• For example “I prefer to disclose my e-mail address
instead of my postal address.” “My postal code together with my date of birth is very
sensitive. I prefer to disclose my e-mail address instead of these two.”
an example preference graph:
Quasi identifier
Philipp Kärger, L3S Research Center Auckland, New Zealand, August 24, 2008 13
Exploiting Preferences for Minimal Credential Disclosure in Policy-Driven Trust Negotiations
Preferences of Different Kinds
• total vs. partial order
• quantitative vs. qualitative
• default preference: not disclosing a credential is preferred to disclose it
• contextual preferences
Philipp Kärger, L3S Research Center Auckland, New Zealand, August 24, 2008 14
Exploiting Preferences for Minimal Credential Disclosure in Policy-Driven Trust Negotiations
Modeling Disclosure Sets
Disclosure Sets are represented asBinary Vectors
e.g., S6 = (0,0,0,0,0,1,0,0,0,1,1)
represents the set
{ID, CreditCard, PIN}.
Philipp Kärger, L3S Research Center Auckland, New Zealand, August 24, 2008 15
Exploiting Preferences for Minimal Credential Disclosure in Policy-Driven Trust Negotiations
Modeling Preferences
• Preferences are defined over a subset of dimensions in the disclosure set vectors, e.g.,
Not disclosing the telephone number is preferred to disclosing the telephone number.
(x, x, 0, x, x, x, x, x , x ,x , x)
(x, x, 1, x, x, x, x, x , x ,x , x)
If I have to disclose my date of birth, I prefer to disclose my e-mail address instead of my postal code.
(x, 1, x, 1, 0, x, x, x , x ,x , x)
(x, 1, x, 0, 1, x, x, x , x ,x , x)
Quasi identifier
= = = === = = = =
ceteris paribus
Philipp Kärger, L3S Research Center Auckland, New Zealand, August 24, 2008 16
Exploiting Preferences for Minimal Credential Disclosure in Policy-Driven Trust Negotiations
Filtering out Non-Preferred Disclosure Sets
Finding the optimal disclosure set by ruling out non-optimal sets according to Alice’s preferences:
default preference: not disclosing a credential is preferred to disclose it:
which credential is preferred to disclose:
Philipp Kärger, L3S Research Center Auckland, New Zealand, August 24, 2008 17
Exploiting Preferences for Minimal Credential Disclosure in Policy-Driven Trust Negotiations
Filtering out Non-Preferred Disclosure Sets
00000100011
00010100011
S6
?
S10
Philipp Kärger, L3S Research Center Auckland, New Zealand, August 24, 2008 18
Exploiting Preferences for Minimal Credential Disclosure in Policy-Driven Trust Negotiations
Filtering out Non-Preferred Disclosure Sets
11010001100
11001001100
11001000110
11001000011
S1
?
S4
Philipp Kärger, L3S Research Center Auckland, New Zealand, August 24, 2008 19
Exploiting Preferences for Minimal Credential Disclosure in Policy-Driven Trust Negotiations
Filtering out Non-Preferred Disclosure Sets
For our example:
Applying this technique iteratively rules out 10 of the 12 alternatives.
user’s decision between S1 and S5 may be stored for later negotiations
Philipp Kärger, L3S Research Center Auckland, New Zealand, August 24, 2008 20
Exploiting Preferences for Minimal Credential Disclosure in Policy-Driven Trust Negotiations
3. Implementation and Experiments
Philipp Kärger, L3S Research Center Auckland, New Zealand, August 24, 2008 21
Exploiting Preferences for Minimal Credential Disclosure in Policy-Driven Trust Negotiations
prefer-ences
Prolog
policy
Implementation
preference engine
Philipp Kärger, L3S Research Center Auckland, New Zealand, August 24, 2008 22
Exploiting Preferences for Minimal Credential Disclosure in Policy-Driven Trust Negotiations
Experiments
- For simulated negotiations with- varying preferences- varying policies
- the mean amount of disclosuresets ruled out was 82 %.
Philipp Kärger, L3S Research Center Auckland, New Zealand, August 24, 2008 26
Exploiting Preferences for Minimal Credential Disclosure in Policy-Driven Trust Negotiations
Summary
Preferences help to automaticallydecide between alternatives in a Trust Negotiation.
Our approach• allows qualitative, partially ordered, contextual
preferences• always selects the optimal next steps in a negotiation• includes an iterative process to elicit new user
preferences
Philipp Kärger, L3S Research Center Auckland, New Zealand, August 24, 2008 27
Exploiting Preferences for Minimal Credential Disclosure in Policy-Driven Trust Negotiations
Thank you for your attention.
Please ask if there are any questions.
Or get in touch later:
Philipp Kärgerkaerger@L3S.de
http://www.L3S.de/~kaerger
Recommended