Issue No. 01 - January/February (2012 vol. 9)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/TDSC.2011.31
Anna C. Squicciarini , The Pennsylvania State Univ., University Park
Elisa Bertino , Purdue University, West Lafayette
Alberto Trombetta , Universita' dell'Insubria, Varese
Stefano Braghin , Universita' dell'Insubria, Varese
Trust Negotiation has shown to be a successful, policy-driven approach for automated trust establishment, through the release of digital credentials. Current real applications require new flexible approaches to trust negotiations, especially in light of the widespread use of mobile devices. In this paper, we present a multisession dependable approach to trust negotiations. The proposed framework supports voluntary and unpredicted interruptions, enabling the negotiating parties to complete the negotiation despite temporary unavailability of resources. Our protocols address issues related to validity, temporary loss of data, and extended unavailability of one of the two negotiators. A peer is able to suspend an ongoing negotiation and resume it with another (authenticated) peer. Negotiation portions and intermediate states can be safely and privately passed among peers, to guarantee the stability needed to continue suspended negotiations. We present a detailed analysis showing that our protocols have several key properties, including validity, correctness, and minimality. Also, we show how our negotiation protocol can withstand the most significant attacks. As by our complexity analysis, the introduction of the suspension and recovery procedures, and mobile negotiations does not significantly increase the complexity of ordinary negotiations. Our protocols require a constant number of messages whose size linearly depend on the portion of trust negotiation that has been carried before the suspensions.
Security and management, dependability, trust negotiations, access control.
S. Braghin, A. Trombetta, E. Bertino and A. C. Squicciarini, "A Flexible Approach to Multisession Trust Negotiations," in IEEE Transactions on Dependable and Secure Computing, vol. 9, no. , pp. 16-29, 2011.