Zhengping Wu

Application of Fuzzy Logic in Federated Trust Management for Pervasive Computing

In federated and pervasive networks, trust management has become a cornerstone for information security and privacy. Although people have recognized the importance of privacy and security for their personal information, they remain uncertain when they have to define and enforce their own access control rules or have to handle indirect information. Indirect information and subjective judgment are the major sources of uncertainty in federated trust management. This paper introduces fuzzy logic into the definition and evaluation of trust, and then provides a formal representation of fuzzy rules. It also offers a set of derivation rules for analyzing and reasoning among fuzzy rules in order to enforce these rules with a certain level of uncertainty. Application of this model to a healthcare environment with pervasive computing devices across trust domains provides a new method to handle uncertainty in trust management for federated and pervasive networks

Using Web Services to Exchange Security Tokens for Federated Trust Management

In federated networks, trust management is critical to information sharing and online collaboration. Security tokens provide a way to convey and exchange trust-related information for security and privacy purposes. Common users encounter difficulties when they have to handle security tokens across heterogeneous domains. Semantic gaps and incompatibilities are major barriers for trust-related information exchange in federated trust management. This paper uses intermediary-based, query-based and hybrid approaches to resolve these issues for different types of information in security tokens, and proposes three exchange models accordingly. This paper also provides a comprehensive framework using Web services to exchange security tokens across security domains with suitable approaches and exchange models.

Bridging Trust Relationships with Web Service Enhancements

With the development of Web technology and distributed systems, online collaborations are becoming more common and more demanding. Web services now provide standard mechanisms to enable online interactions. Yet security, privacy and trust-related protection mechanisms for Web services need additional development. In an interconnected network environment, physical connections with proper security protections are required for bridging two autonomous networks. Likewise, collaborating organizations need mechanisms for bridging extant relationships among cooperating parties that provide proper protection for privacy and trust. A trust establishment mechanism for Web services must therefore ensure privacy and owner control at all times due to the subjectivity of trust relationships. This paper describes an indirect trust establishment mechanism to bridge and build new trust relationships from extant trust relationships providing privacy protection and owner control simultaneously

Dynamic trust establishment with privacy protection for Web services

The lack of effective trust establishment mechanisms for Web services impedes the deployment of trust models for online services. One important issue is the lack of privacy protection in trust establishment. Current Web service technology encourages a client to reveal all its attributes in a standard credential to the service provider for trust establishment. We propose a mechanism whereby the client formulates a single trust primitive by associating a subset of required attributes in a standard credential to negotiate a trust relationship. Client privacy is preserved because only those required attributes are revealed. After negotiation, a trust group element with dynamic validation is used to represent this trust relationship.

Using web service enhancements to bridge business trust relationships

1. With the development of web technology and distributed systems, online collaborations are becoming more common and more demanding. These collaborations require online business trust relationships among collaborating organizations. Online business trust relationships can protect the trust, integrity, and privacy of shared resources, which are the foundation for online business. Web services provide standard mechanisms to enable online interactions and further online collaborations. Yet security, privacy and trust-related protection mechanisms for web services need additional development. In an interconnected network environment, bridging extant business relationships to extend the business circle is a convenient and tempting way. Physical connections with proper privacy and security protections are required for bridging two autonomous organizations. Likewise, collaborating organizations need proper protection mechanisms for bridging extant business trust relationships among cooperating parties. These protection mechanisms must therefore ensure privacy and owner control in the entire process of bridging business trust relationships due to the subjectivity of the relationships. This paper describes an indirect trust establishment mechanism using web service enhancements to bridge and build new online business trust relationships from extant business trust relationships providing privacy protection and owner control simultaneously.

Requirements of federated trust management for service-oriented architectures

With the emergence of an effective infrastructure supporting Grid Computing and Web Services, service-oriented computing has been growing over the last few years, and service-oriented architectures are becoming an important computing paradigm. When different trust domains control different component services, trust management plays a critical role to smooth the collaboration among component services. The federation of these component services makes new demands for managing trust-related behavior. Although many extant trust management systems deal with intradomain trust behaviors, there is a growing need for effective strategies for managing inter-domain behaviors. In this paper we explore requirements for a federated trust management system. The purpose of this paper is not to suggest a single type of system covering all necessary features; instead, its purpose is to initiate a discussion of the requirements arising from inter-domain federation, to offer a context in which to evaluate current and future solutions, and to encourage the development of proper models and systems for federated trust management. Our discussion addresses issues arising from trust representation, trust exchange, trust establishment, trust enforcement, and trust storage.

Using Web Service Enhancements to Establish Trust Relationships with Privacy Protection (Extended and Invited from ICWS 2006 with id 47)

The lack of effective trust establishment mechanisms impedes the deployment of diverse trust models for web services. One issue is that collaborating organizations need mechanisms to bridge extant relationships among cooperating parties. We describe an indirect trust establishment mechanism to bridge and build new trust relationships from extant trust relationships with privacy protection. Another issue is that a trust establishment mechanism for web services must ensure privacy and owner control. Current web service technologies encourage a service requester to reveal all its private attributes in a pre-packaged credential to the service provider to fulfill the requirements for direct trust establishment. This may lead to privacy leakage. We propose a mechanism whereby the service requester discovers the service provider’s requirements from a policy document, then formulates a trust primitive by selectively disclosing attributes in a pre-packaged credential to negotiate a trust relationship. Thus the service requester’s privacy is preserved.

Hybrid Trust Information Exchange for Federated Systems

In federated systems, trust management is critical for information sharing and online collaboration. Security tokens provide a way to convey and exchange trust information for security and privacy protection. Although several communication protocols have mechanisms to exchange security tokens, users may still encounter difficulties when they have to handle security tokens across heterogeneous platforms and security domains. Semantic gaps and incompatibilities are major barriers for trust information exchange in federated trust management. This paper introduces a hybrid approach with intermediary- and query-based mechanisms to resolve semantic gaps and incompatibilities for different types of trust information exchanged by security tokens, and then proposes different exchange models for different types of information. This paper also provides a comprehensive framework to exchange security tokens across security domains with suitable approaches and exchange models. The application of this framework in a healthcare environment provides a new method to interoperate trust information for security- and privacy-critical applications.

Token-based dynamic trust establishment for web services

Despite recent advances in trust relationship control mechanisms, issues remain that impede the development of effective trust models. One of these is the lack of dynamic mechanisms that can simultaneously achieve both privacy and efficiency when establishing a new trust relationship. Current techniques encourage the client to reveal more attributes than may be required by the web service (resulting in a lack of privacy) or else engage in negotiation with the web service to discover and then serially provide the claims required (resulting in a lack of efficiency). We propose a method whereby the client discovers the web services requirements from the services policy document, then formulates a single trust primitive by associating a set of client attributes with an identifier, all signed with the token holders digital signature. This technique allows the client to form trust relationships dynamically and efficiently. Client privacy is preserved because only those attributes required to access the web service are revealed.

Alignment of Authentication Information for Trust Federation

Accelerated by the rapid deployment of distributed systems and the Internet, online collaboration and information sharing are pervasive in enterprise computing environment. With regard to the requirements of online collaboration and information sharing, authentication information needs flexible manipulation to facilitate federation across trust domains. To achieve identity federation for federated trust across organizational boundaries or trust domains, authentication information must sometimes be adjusted, transformed, augmented, or substituted in accordance with trust level changes during the authorization or verification operations. In this paper, we propose a plug-in style alignment using a wavelet transformation to manipulate authentication templates for verification (and other purposes) in the process of federation. We also illustrate how this mechanism can be used in metadata exchange with security tokens for web services. In our implementation, we incorporate BioAPI to support the capability to adapt to different authentication workflow models and different authentication technologies. Our experimental results show that the overhead of this plug-in alignment in practical applications is negligible.