乐胖代购免代理版

{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2023,8,25]],"date-time":"2023-08-25T21:37:54Z","timestamp":1692999474761},"reference-count":28,"publisher":"Association for Computing Machinery (ACM)","issue":"3","content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Inf. Syst. Secur."],"published-print":{"date-parts":[[2006,8]]},"abstract":"Exchange of attribute credentials is a means to establish mutual trust between strangers wishing to share resources or conduct business transactions. Automated Trust Negotiation (ATN) is an approach to regulate the exchange of sensitive information during this process. It treats credentials as potentially sensitive resources, access to which is under policy control. Negotiations that correctly enforce policies have been called \u201csafe\u201d in the literature. Prior work on ATN lacks an adequate definition of this safety notion. In large part, this is because fundamental questions such as \u201cwhat needs to be protected in ATN?\u201d and \u201cwhat are the security requirements?\u201d are not adequately answered. As a result, many prior methods of ATN have serious security holes. We introduce a formal framework for ATN in which we give precise, usable, and intuitive definitions of correct enforcement of policies in ATN. We argue that our chief safety notion captures intuitive security goals. We give precise comparisons of this notion with two alternative safety notions that may seem intuitive, but that are seen to be inadequate under closer inspection. We prove that an approach to ATN from the literature meets the requirements set forth in the preferred safety definition, thus validating the safety of that approach, as well as the usability of the definition.<\/jats:p>","DOI":"10.1145\/1178618.1178623","type":"journal-article","created":{"date-parts":[[2007,1,16]],"date-time":"2007-01-16T19:38:29Z","timestamp":1168976309000},"page":"352-390","update-policy":"http:\/\/dx.doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":25,"title":["Safety in automated trust negotiation"],"prefix":"10.1145","volume":"9","author":[{"given":"William H.","family":"Winsborough","sequence":"first","affiliation":[{"name":"University of Texas at San Antonio, San Antonio, TX"}]},{"given":"Ninghui","family":"Li","sequence":"additional","affiliation":[{"name":"Purdue University, West Lafayette, IN"}]}],"member":"320","published-online":{"date-parts":[[2006,8]]},"reference":[{"key":"e_1_2_1_1_1","volume-title":"Proceedings of the 1996 IEEE Symposium on Security and Privacy. IEEE Computer Society Press","author":"Blaze M.","unstructured":"Blaze , M. , Feigenbaum , J. , and Lacy , J . 1996. Decentralized trust management . In Proceedings of the 1996 IEEE Symposium on Security and Privacy. IEEE Computer Society Press , Piscataway, New Jersey. 164--173. Blaze, M., Feigenbaum, J., and Lacy, J. 1996. Decentralized trust management. In Proceedings of the 1996 IEEE Symposium on Security and Privacy. IEEE Computer Society Press, Piscataway, New Jersey. 164--173."},{"key":"e_1_2_1_2_1","volume-title":"Proceedings of the 7th ACM Conference on Computer and Communications Security (CCS-7). ACM Press","author":"Bonatti P.","unstructured":"Bonatti , P. and Samarati , P . 2000. Regulating service access and information release on the web . In Proceedings of the 7th ACM Conference on Computer and Communications Security (CCS-7). ACM Press , New York. 134--143. 10.1145\/352600.352620 Bonatti, P. and Samarati, P. 2000. Regulating service access and information release on the web. In Proceedings of the 7th ACM Conference on Computer and Communications Security (CCS-7). ACM Press, New York. 134--143. 10.1145\/352600.352620"},{"key":"e_1_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1109\/69.390247"},{"key":"e_1_2_1_4_1","series-title":"Lecture Notes in Computer Science","volume-title":"From Theory to Practice","author":"Domingo-Ferrer J.","unstructured":"Domingo-Ferrer , J. , Ed. 2002. Inference Control in Statistical Databases , From Theory to Practice . Lecture Notes in Computer Science , vol. 2316 . Springer-Verlag , New York . Domingo-Ferrer, J., Ed. 2002. Inference Control in Statistical Databases, From Theory to Practice. Lecture Notes in Computer Science, vol. 2316. Springer-Verlag, New York."},{"key":"e_1_2_1_5_1","volume-title":"Proceedings of the 1982 IEEE Symposium on Security and Privacy. IEEE Computer Society Press","author":"Goguen J.","unstructured":"Goguen , J. and Meseguer , J . 1982. Security policies and security models . In Proceedings of the 1982 IEEE Symposium on Security and Privacy. IEEE Computer Society Press , Piscataway, New Jersey. 11--20. Goguen, J. and Meseguer, J. 1982. Security policies and security models. In Proceedings of the 1982 IEEE Symposium on Security and Privacy. IEEE Computer Society Press, Piscataway, New Jersey. 11--20."},{"key":"e_1_2_1_6_1","volume-title":"The foundations of cryptography---Vol. 1: Basic tools","author":"Goldreich O.","unstructured":"Goldreich , O. 2001. The foundations of cryptography---Vol. 1: Basic tools . Cambridge University Press , Cambridge . Goldreich, O. 2001. The foundations of cryptography---Vol. 1: Basic tools. Cambridge University Press, Cambridge."},{"key":"e_1_2_1_7_1","volume-title":"Y., Mihaeli, J., Naor, D.","author":"Herzberg A.","year":"2000","unstructured":"Herzberg , A. , Mass , Y., Mihaeli, J., Naor, D. , and Ravid, Y. 2000 . Access control meets public key infrastructure, or: Assigning roles to strangers. In Proceedings of the 2000 IEEE Symposium on Security and Privacy. IEEE Computer Society Press , Piscataway, New Jersey. 2--14. Herzberg, A., Mass, Y., Mihaeli, J., Naor, D., and Ravid, Y. 2000. Access control meets public key infrastructure, or: Assigning roles to strangers. In Proceedings of the 2000 IEEE Symposium on Security and Privacy. IEEE Computer Society Press, Piscataway, New Jersey. 2--14."},{"key":"e_1_2_1_8_1","volume-title":"Network and Distributed System Security Symposium. 203--214","author":"Hess A.","unstructured":"Hess , A. , Jacobson , J. , Mills , H. , Wamsley , R. , Seamons , K. E. , and Smith , B . 2002. Advanced client\/server authentication in TLS . In Network and Distributed System Security Symposium. 203--214 . Hess, A., Jacobson, J., Mills, H., Wamsley, R., Seamons, K. E., and Smith, B. 2002. Advanced client\/server authentication in TLS. In Network and Distributed System Security Symposium. 203--214."},{"key":"e_1_2_1_9_1","volume-title":"Proceedings of the 2nd ACM Workshop on Privacy in the Electronic Society. 10","author":"Holt J. E.","unstructured":"Holt , J. E. , Bradshaw , R. W. , Seamons , K. E. , and Orman , H . 2003. Hidden credentials . In Proceedings of the 2nd ACM Workshop on Privacy in the Electronic Society. 10 .1145\/1005140.1005142 Holt, J. E., Bradshaw, R. W., Seamons, K. E., and Orman, H. 2003. Hidden credentials. In Proceedings of the 2nd ACM Workshop on Privacy in the Electronic Society. 10.1145\/1005140.1005142"},{"key":"e_1_2_1_10_1","volume-title":"CCS '05: Proceedings of the 12th ACM conference on Computer and communications security. ACM Press","author":"Li J.","unstructured":"Li , J. , Li , N. , and Winsborough , W. H . 2005. Automated trust negotiation using cryptographic credentials . In CCS '05: Proceedings of the 12th ACM conference on Computer and communications security. ACM Press , New York. 46--57. 10.1145\/1102120.1102129 Li, J., Li, N., and Winsborough, W. H. 2005. Automated trust negotiation using cryptographic credentials. In CCS '05: Proceedings of the 12th ACM conference on Computer and communications security. ACM Press, New York. 46--57. 10.1145\/1102120.1102129"},{"key":"e_1_2_1_11_1","volume-title":"Proceedings of the 2002 IEEE Symposium on Security and Privacy. IEEE Computer Society Press","author":"Li N.","unstructured":"Li , N. , Mitchell , J. C. , and Winsborough , W. H . 2002. Design of a role-based trust management framework . In Proceedings of the 2002 IEEE Symposium on Security and Privacy. IEEE Computer Society Press , Piscataway, New Jersey. 114--130. Li, N., Mitchell, J. C., and Winsborough, W. H. 2002. Design of a role-based trust management framework. In Proceedings of the 2002 IEEE Symposium on Security and Privacy. IEEE Computer Society Press, Piscataway, New Jersey. 114--130."},{"key":"e_1_2_1_12_1","volume-title":"Proceedings of the 22nd ACM Symposium on Principles of Distributed Computing (PODC 2003","author":"Li N.","year":"2035","unstructured":"Li , N. , Du , W. , and Boneh , D . 2003a. Oblivious signature-based envelope . In Proceedings of the 22nd ACM Symposium on Principles of Distributed Computing (PODC 2003 ). ACM Press, New York. 10.1145\/87 2035 .872061 Li, N., Du, W., and Boneh, D. 2003a. Oblivious signature-based envelope. In Proceedings of the 22nd ACM Symposium on Principles of Distributed Computing (PODC 2003). ACM Press, New York. 10.1145\/872035.872061"},{"key":"e_1_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/605434.605438"},{"key":"e_1_2_1_14_1","first-page":"1","article-title":"Distributed credential chain discovery in trust management","volume":"11","author":"Li N.","year":"2003","unstructured":"Li , N. , Winsborough , W. H. , and Mitchell , J. C. 2003 c. Distributed credential chain discovery in trust management . Journal of Computer Security 11 , 1 (Feb.), 35--86. Li, N., Winsborough, W. H., and Mitchell, J. C. 2003c. Distributed credential chain discovery in trust management. Journal of Computer Security 11, 1 (Feb.), 35--86.","journal-title":"Journal of Computer Security"},{"key":"e_1_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/359340.359342"},{"key":"e_1_2_1_16_1","volume-title":"Proceedings of the Symposium on Network and Distributed System Security (NDSS'01)","author":"Seamons K. E.","unstructured":"Seamons , K. E. , Winslett , M. , and Yu , T . 2001. Limiting the disclosure of access control policies during automated trust negotiation . In Proceedings of the Symposium on Network and Distributed System Security (NDSS'01) . Seamons, K. E., Winslett, M., and Yu, T. 2001. Limiting the disclosure of access control policies during automated trust negotiation. In Proceedings of the Symposium on Network and Distributed System Security (NDSS'01)."},{"key":"e_1_2_1_17_1","volume-title":"2nd Workshop on Privacy Enhancing Technologies. Springer-Verlag","author":"Seamons K. E.","unstructured":"Seamons , K. E. , Winslett , M. , Yu , T. , Yu , L. , and Jarvis , R . 2002. Protecting privacy during on-line trust negotiation . In 2nd Workshop on Privacy Enhancing Technologies. Springer-Verlag , New York. Seamons, K. E., Winslett, M., Yu, T., Yu, L., and Jarvis, R. 2002. Protecting privacy during on-line trust negotiation. In 2nd Workshop on Privacy Enhancing Technologies. Springer-Verlag, New York."},{"key":"e_1_2_1_18_1","volume-title":"Proceedings of the 8th ACM SIGMOD Workshop on Research issues in data mining and knowledge discovery. ACM Press","author":"Staddon J.","year":"2003","unstructured":"Staddon , J. 2003 . Dynamic inference control . In Proceedings of the 8th ACM SIGMOD Workshop on Research issues in data mining and knowledge discovery. ACM Press , New York. 94--100. 10.1145\/88 2082.882103 Staddon, J. 2003. Dynamic inference control. In Proceedings of the 8th ACM SIGMOD Workshop on Research issues in data mining and knowledge discovery. ACM Press, New York. 94--100. 10.1145\/882082.882103"},{"key":"e_1_2_1_19_1","volume-title":"Proceedings of the 9th National Computer Security Conference. 175--183","author":"Sutherland D.","year":"1986","unstructured":"Sutherland , D. 1986 . A model of information . In Proceedings of the 9th National Computer Security Conference. 175--183 . Sutherland, D. 1986. A model of information. In Proceedings of the 9th National Computer Security Conference. 175--183."},{"key":"e_1_2_1_20_1","first-page":"5","article-title":"Cardinality-based inference control in data cubes","volume":"12","author":"Wang L.","year":"2003","unstructured":"Wang , L. , Wijesekera , D. , and Jajodia , S. 2003 . Cardinality-based inference control in data cubes . Journal of Computer Security 12 , 5 (Sept. 2004), 655--692. Wang, L., Wijesekera, D., and Jajodia, S. 2003. Cardinality-based inference control in data cubes. Journal of Computer Security 12, 5 (Sept. 2004), 655--692.","journal-title":"Journal of Computer Security"},{"key":"e_1_2_1_21_1","volume-title":"Proceedings of the ACM Workshop on Privacy in the Electronic Society. ACM Press","author":"Winsborough W. H.","unstructured":"Winsborough , W. H. and Li , N . 2002a. Protecting sensitive attributes in automated trust negotiation . In Proceedings of the ACM Workshop on Privacy in the Electronic Society. ACM Press , New York, 41--51. 10.1145\/644527.644532 Winsborough, W. H. and Li, N. 2002a. Protecting sensitive attributes in automated trust negotiation. In Proceedings of the ACM Workshop on Privacy in the Electronic Society. ACM Press, New York, 41--51. 10.1145\/644527.644532"},{"key":"e_1_2_1_22_1","volume-title":"Proceedings of the Third International Workshop on Policies for Distributed Systems and Networks (Policy","author":"Winsborough W. H.","year":"2002","unstructured":"Winsborough , W. H. and Li , N . 2002b. Towards practical automated trust negotiation . In Proceedings of the Third International Workshop on Policies for Distributed Systems and Networks (Policy 2002 ). IEEE Computer Society Press, Piscataway, New Jersey. 92--103. Winsborough, W. H. and Li, N. 2002b. Towards practical automated trust negotiation. In Proceedings of the Third International Workshop on Policies for Distributed Systems and Networks (Policy 2002). IEEE Computer Society Press, Piscataway, New Jersey. 92--103."},{"key":"e_1_2_1_23_1","volume-title":"DARPA Information Survivability Conference and Exposition.","author":"Winsborough W. H.","unstructured":"Winsborough , W. H. , Seamons , K. E. , and Jones , V. E . 2000. Automated trust negotiation . In DARPA Information Survivability Conference and Exposition. Vol. I . IEEE Press, Piscataway, New Jersey. 88--102. Winsborough, W. H., Seamons, K. E., and Jones, V. E. 2000. Automated trust negotiation. In DARPA Information Survivability Conference and Exposition. Vol. I. IEEE Press, Piscataway, New Jersey. 88--102."},{"key":"e_1_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1109\/MIC.2002.1067734"},{"key":"e_1_2_1_25_1","volume-title":"Proceedings of the ACM Workshop on Privacy in the Electronic Society. ACM Press","author":"Yu T.","unstructured":"Yu , T. and Winslett , M . 2003a. Policy migration for sensitive credentials in trust negotiation . In Proceedings of the ACM Workshop on Privacy in the Electronic Society. ACM Press , New York. 9--20. 10.1145\/1005140.1005143 Yu, T. and Winslett, M. 2003a. Policy migration for sensitive credentials in trust negotiation. In Proceedings of the ACM Workshop on Privacy in the Electronic Society. ACM Press, New York. 9--20. 10.1145\/1005140.1005143"},{"key":"e_1_2_1_26_1","volume-title":"Proceedings of IEEE Symposium on Security and Privacy. IEEE Computer Society Press","author":"Yu T.","unstructured":"Yu , T. and Winslett , M . 2003b. Unified scheme for resource protection in automated trust negotiation . In Proceedings of IEEE Symposium on Security and Privacy. IEEE Computer Society Press , Piscataway, New Jersey. 110--122. Yu, T. and Winslett, M. 2003b. Unified scheme for resource protection in automated trust negotiation. In Proceedings of IEEE Symposium on Security and Privacy. IEEE Computer Society Press, Piscataway, New Jersey. 110--122."},{"key":"e_1_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/352600.352633"},{"key":"e_1_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/605434.605435"}],"container-title":["ACM Transactions on Information and System Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/1178618.1178623","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,12,28]],"date-time":"2022-12-28T17:59:00Z","timestamp":1672250340000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1178618.1178623"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2006,8]]},"references-count":28,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2006,8]]}},"alternative-id":["10.1145\/1178618.1178623"],"URL":"https:\/\/doi.org\/10.1145\/1178618.1178623","relation":{},"ISSN":["1094-9224","1557-7406"],"issn-type":[{"value":"1094-9224","type":"print"},{"value":"1557-7406","type":"electronic"}],"subject":[],"published":{"date-parts":[[2006,8]]},"assertion":[{"value":"2006-08-01","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}