Jason E. Holt

Hidden Credentials

Hidden Credentials are useful in situations where requests for service, credentials, access policies and resources are extremely sensitive. We show how transactions which depend on fulfillment of policies described by monotonic boolean formulae can take place in a single round of messages. We further show how credentials that are never revealed can be used to retrieve sensitive resources.

Concealing complex policies with hidden credentials

Hidden credentials are useful in protecting sensitive resource requests, resources, policies, and credentials. We propose a significant performance improvement when implementing hidden credentials using Boneh/Franklin Identity Based Encryption. We also propose a substantially improved secret splitting scheme for enforcing complex policies, and show how it improves concealment of policies from nonsatisfying recipients.

Content-triggered trust negotiation

The focus of access control in client/server environments is on protecting sensitive server resources by determining whether or not a client is authorized to access those resources. The set of resources is usually static, and an access control policy associated with each resource specifies who is authorized to access the resource. In this article, we turn the traditional client/server access control model on its head and address how to protect the sensitive content that clients disclose to and receive from servers. Since client content is often dynamically generated at run-time, the usual approach of associating a policy with the resource (content) a priori does not work. We propose a general-purpose access control model designed to detect whenever sensitive information is being transmitted, and determine whether the sender or receiver is authorized. The model identifies sensitive content, maps the sensitive content to an access control policy, and establishes the trustworthiness of the sender or receiver before the sensitive content is disclosed or received. We have implemented the model within TrustBuilder, an architecture for negotiating trust between strangers based on properties other than identity. The implementation targets open systems, where clients and servers do not have preexisting trust relationships. The implementation is the first example of content-triggered trust negotiation. It currently supports access control for sensitive content disclosed by web and email clients.

TrustBuilder: negotiating trust in dynamic coalitions

Automated trust negotiation is an approach to establishing trust across security domains in a dynamic coalition in real time. This is accomplished through the use of access control policies that specify what combinations of digital credentials a stranger must disclose to gain access to a coalition resource. TrustBuilder, a system for negotiating trust in dynamic coalitions, is being designed and implemented in the Internet Security Research Laboratory at Brigham Young University. The TrustBuilder architecture incorporates trust negotiation into standard network technologies. This paper describes the technology in the current TrustBuilder prototype.

Trust Negotiation in Dynamic Coalitions

Military and business partners may need to conduct sensitive interactions on line, requiring members in a coalition to share sensitive resources with those outside their local security domain. Automated trust negotiation is an approach that accomplishes this, through the use of access control policies that specify what combinations of digital credentials a stranger must disclose to gain access to a coalition resource. The Trust Negotiation in Dynamic Coalitions project has focused on the theoretical underpinnings of trust negotiation as well as the design and implementation of TrustBuilder, an architecture that incorporates trust negotiation into standard network technologies. This paper summarizes the research contributions of this project to trust negotiation in the areas of sensitive access control policies, strategies, protocols, policy language requirements, and privacy protection. This paper also describes the basic design of TrustBuilder.

Two Security Symposia

Attendees report onthe IEEE Symposium on Security and Privacy and the Almaden Institute Symposium on Privacy. Speakers from various affiliations discussed everything from mechanical locks to privacy policies.