Xinxin Liu,Shaohua Tang,Qiong Huang,Zhiwen Yu

DOI: https://doi.org/10.1016/j.csi.2013.03.003

IF: 3.721

2013-01-01

Computer Standards & Interfaces

Abstract:We propose an ontology-based approach to automated trust negotiation (ATN) to establish a common vocabulary for ATN across heterogeneous domains and show how ontologies can be used to specify and implement ATN systems. The components of the ATN framework are expressed in terms of a shared ontology and ontology inference techniques are used to perform ATN policy compliance checking. On this basis, a semantically relevant negotiation strategy (SRNS) is proposed that ensures the success of a negotiation whenever it is semantically possible. We analyze the properties of SRNS and evaluate the performance of the ontology-based ATN.

Xinxin Liu,Shaohua Tang,Kai Wei

DOI: https://doi.org/10.1109/ICMLC.2010.5580592

2010-01-01

Abstract:Automated trust negotiation (ATN) is an approach to establishing mutual trust between strangers wishing to share resources or conduct business by gradually requesting and disclosing digitally signed credentials. We present the formalization of automated trust negotiation system in the applied pi calculus and analyze its security property automatically with the assistant of an automatic protocol analyzer, ProVerif.

Yan He,Miaoliang Zhu

DOI: https://doi.org/10.4108/infoscale.2007.888

2007-01-01

Abstract:Traditional security model, where the identity of all possible requesting subjects must be pre-registered in advance, is not suitable for the distributed applications with strong real-time requirements, especially recently popular P2P networks and Grid computing. A promising approach is represented by automated trust negotiation, which establishes trust between strangers through the exchange of digital credentials and the use of access control policies. An automated trust negotiation strategy needs to be adopted to establish trust between two parties based on their disclosure policies. Previously proposed negotiation strategies may fail when in fact success is possible, disclose irrelevant credentials, or have high communication or computational complexity. In this paper, we model the policies participating trust negotiation as Negotiation Petri Net and propose a trust negotiation Strategy based on Negotiation Petri Net (SNPN) by combining the characteristics of Negotiation Petri Net architecture with the behaviors of auto trust negotiation. We prove that SNPN is efficient with O(n) communication complexity and O(nm) computational complexity including Negotiation Petri Net building process and the negotiation process in the worst case, where n is the number of credentials and m is the size of the credential disclosure policies. Meanwhile SNPN is complete and makes sure that no irrelevant credentials will be disclosed during negotiations.

Yan He,Miaoliang Zhu,Chunying Zheng

DOI: https://doi.org/10.1109/CSSE.2008.867

2008-01-01

Abstract:Traditional security model, where the identity of all possible requesting subjects must be pre-registered in advance, is not suitable for the distributed applications with strong real-time requirements. A promising approach is represented by automated trust negotiation, which establishes trust between strangers through the exchange of digital credentials and the use of access control policies. As the credentials contain sensitive information, entities disclose credentials circumspectly. Given multiple credential exchange sequences achieving the same result, it is desirable to pick the sequence that discloses a set of minimum sensitive credentials. In this paper, we model the policies participating trust negotiation as a Negotiation Petri Net and propose a trust negotiation MSC strategy, which works by the characteristics of Negotiation Petri Net architecture, the behaviors of auto trust negotiation and the greedy algorithm. We prove that the MSC strategy is complete, efficient and mini-sensitivity cost. It also makes sure that no irrelevant credentials will be disclosed during negotiations.

GUAN Shang-yuan,WU Wei-guo,DONG Xiao-she,QIAN De-pei

DOI: https://doi.org/10.3969/j.issn.1000-436x.2011.02.013

2011-01-01

Abstract:First,a unified ATN formal framework was presented,into which typical negotiation strategies could be reduced.Second,the formal verification of ATN was defined based on the formal framework.The objectives and procedures of the formal verification of ATN were described.Third,several typical negotiation strategies were discussed,and the computational complexity of the corresponding verification problems was shown,several conclusions had been obtained.Last,the formal verification of ATN was implemented by using logic programming and model checking methods.The experimental results show that the number of rules is a crucial factor in determining the runtime.Both logic programming and model checking are efficient when the number of transition rules is small,and logic programming does not scale as well as model checking.

Xin-xin Liu,Shao-hua Tang

DOI: https://doi.org/10.3969/j.issn.1000-565X.2013.01.012

2013-01-01

Abstract:In order to implement the formal analysis and verification of the security for automated trust negotiation (ATN), this paper takes the formal analysis methods of security protocols as references and proposes a novel approach to ATN modeling and security verification with the help of the process algebra applied π calculus. In this approach, ATN is formalized as the parallel composition of two processes corresponding to two negotiators, and the process of a negotiator is the static modeling of its certificates and authorization policies. The ATN security is defined as the observational equivalence of the applied π calculus so as to verify not only the security of the authorization policy enforcement but also the privacy of negotiators. With the help of the automatic protocol analyzer ProVerif, the security of ATN is automatically analyzed. Experimental results show that the proposed approach helps to implement automatic security verification with high feasibility and efficiency.

GUAN Shangyuan,WU Weiguo,DONG Xiaoshe,MEI Yiduo

DOI: https://doi.org/10.3321/j.issn:0253-987X.2009.08.001

2009-01-01

Abstract:The existing automated trust negotiation systems suffer from the following drawbacks: the policy languages are coarse-grained,the negotiation strategy cannot generate all trust sequences,and the mechanism to evaluate and select trust sequences is absent.To address the above problems,an attribute-constraint-oriented automated trust negotiation(ACATN) model is proposed.The policy language is refined by using attribute constraint,which can not only effectively protect sensitive services and certificates,but also enhance its flexibility.The global access control policy is used to terminate impossible negotiation in advance so that the negotiation efficiency can be improved.The process of generating trust sequence is described by trust sequence searches tree.Based on the tree,the breadth-first and depth-first searches generate not only a trust sequence quickly,but also all trust sequences.Trust sequences are evaluated via disclosure cost and communication overhead so that the optimal one can be selected.ACATN is illustrated using a typical example.

Xiyuan Chen,Miaoliang Zhu

DOI: https://doi.org/10.4028/www.scientific.net/kem.439-440.178

2010-01-01

Abstract:Semantic; Trust Management; RBAC; User-role Assignment Abstract. The application of RBAC in access management of the enterprise services and resources is very widely. With phenomenal growth of information interaction and cooperation between distributed systems, the number of users can be in the hundreds of thousands or millions. This renders manual user-to-role assignment a formidable task. In this paper, we propose a semantic and trust based framework to automatically assign users to roles based on a finite set of assignment rules defined by authorized people in the enterprise. These rules take into consideration the attributes users own and any constraints set forth by the enterprise including the assignment history and the credit of the requester. We choose OWL to specify the user attributes.

Qi Jing,Li Cheng,Shubin Liao,Suke Li

2012-01-01

Abstract:Ad Hoc network is a multi-hop wireless network, consist of the self-organizing wireless mobile nodes and without fixed infrastructure, but its openness brings "stranger access" problem. Trust management strategy based on trust evaluation can solve such problems. By entrusting trust certificate with trust value, access control policy can be passed to "strangers", and make them able to access the nodes in Ad Hoc network. In order to achieve the trust management based on trust evaluation, this paper proposes policy language for trust management in Ad hoc network. ATPL is defined based on constraint Datalog, realizes the three trust delegation chain of TEAMA by entrusting authorization rules, and completes the calculation of certificate execution and delegation trust value at the same time. This paper defines the syntax of ATPL, discusses the safety of ATPL rules, and proposes the basic safety convention of ATPL and safety statute. By the discussion of ATPL explanatory semantics, this paper solves the legacy security issue, and proves that ATPL rule is safe under various security constraints defined herein. © 2005 - 2012 JATIT & LLS. All rights reserved.

Shangyuan Guan,Xiaoshe Dong,Yiduo Mei,Weiguo Wu,Zhengdong Zhu

DOI: https://doi.org/10.1109/ICEBE.2008.50

2008-01-01

Abstract:Exchange of attribute certificates is a means to establish mutual trust between strangers wishing to share resources or conduct business transactions. Automated trust negotiation (ATN) is a promising approach to regulating the exchange of sensitive information during this process. It has been a fundamental but challenging problem to preserve the privacy of the two negotiation parties during the period of ATN. We present the enhanced hidden credentials and improved concurrent zero-knowledge proof protocol. Based on the above technologies, we propose an ATN for e-business applications, named CASTLE. CASTLE can not only enable the oblivious and selective usage of an attribute or a certificate, but also be resistible for many attacks, especially conspiracy attack. We illustrate the usage of CASTLE through a typical example.

Vamsi Thummala,Jeff Chase

DOI: https://doi.org/10.48550/arXiv.1510.04629

2015-10-16

Abstract:We present SAFE, an integrated system for managing trust using a logic-based declarative language. Logical trust systems authorize each request by constructing a proof from a context---a set of authenticated logic statements representing credentials and policies issued by various principals in a networked system. A key barrier to practical use of logical trust systems is the problem of managing proof contexts: identifying, validating, and assembling the credentials and policies that are relevant to each trust decision. This paper describes a new approach to managing proof contexts using context linking and caching. Credentials and policies are stored as certified logic sets named by secure identifiers in a shared key-value store. SAFE offers language constructs to build and modify logic sets, link sets to form unions, pass them by reference, and add them to proof contexts. SAFE fetches and validates credential sets on demand and caches them in the authorizer. We evaluate and discuss our experience using SAFE to build secure services based on case studies drawn from practice: a secure name service resolver, a secure proxy shim for a key value store, and an authorization module for a networked infrastructure-as-a-service system with a federated trust structure.

Cryptography and Security,Logic in Computer Science

Wei Lin,Heng Chuan Tan,Binbin Chen,Fan Zhang

DOI: https://doi.org/10.1109/dsn58367.2023.00044

2023-01-01

Abstract:Programmable logic controllers (PLCs) are vulnerable to malware, which is a key security risk for Industrial Control Systems (ICSs). Existing attestation solutions are invasive because they require hardware security modules and software upgrades in legacy devices. We propose DNAttest, a Digital-twin-based Noninvasive Attestation solution to attest PLC behaviors in near-real time. DNAttest requires minimal ICS infrastructure changes and does not interfere with normal ICS operations. DNAttest detects PLC deviations by replicating all input messages for a PLC to its digital twin and comparing their output messages. Due to transient uncertainty in the PLC's internal processing state, DNAttest may output an incorrect comparison. To generate all plausible output values for comparison, we instantiate multiple emulated PLCs by replicating input messages with different timing profiles. We demonstrate on a close-to-real-world power grid testbed that DNAttest can provide a timely detection of a wide range of attacks non-invasively and accurately. DNAttest solution is lightweight and scalable. A typical desktop PC can attest more than 20 actual PLCs even if we use 10 emulators to monitor every actual PLC.

Xusheng Xiao,Amit M. Paradkar,Suresh Thummalapenta,Tao Xie

DOI: https://doi.org/10.1145/2393596.2393608

2012-01-01

Abstract:ABSTRACTAccess Control Policies (ACP) specify which principals such as users have access to which resources. Ensuring the correctness and consistency of ACPs is crucial to prevent security vulnerabilities. However, in practice, ACPs are commonly written in Natural Language (NL) and buried in large documents such as requirements documents, not amenable for automated techniques to check for correctness and consistency. It is tedious to manually extract ACPs from these NL documents and validate NL functional requirements such as use cases against ACPs for detecting inconsistencies. To address these issues, we propose an approach, called Text2Policy, to automatically extract ACPs from NL software documents and resource-access information from NL scenario-based functional requirements. We conducted three evaluations on the collected ACP sentences from publicly available sources along with use cases from both open source and proprietary projects. The results show that Text2Policy effectively identifies ACP sentences with the precision of 88.7% and the recall of 89.4%, extracts ACP rules with the accuracy of 86.3%, and extracts action steps with the accuracy of 81.9%.

Peng Liu,Jian-bin Hu,Zhong Chen

DOI: https://doi.org/10.1109/WI.2005.2

2005-01-01

Abstract:Although several access control policies have been proposed for securing access to resources, they focused on security of distributed environments that were rather static. Nowadays distributed environment becomes open and dynamic. In this paper, we propose a formal language for access control policies in open and dynamic environment. The language is based on description logic program and generalized courteous logic program supporting classical negation, prioritized conflict handling and mutual exclusion constraints. The language allows the specification of positive and negative authorization, privilege delegation and revocation, prioritized conflict resolution and mutual authorization exclusions.

Peng Jin,Yang Wang,Min Zhang

DOI: https://doi.org/10.18293/seke2022-029

2022-01-01

Abstract:Deep Reinforcement Learning (DRL) is a promising technology for solving intractable control tasks.Its applications in safety-critical fields require high-reliability guarantees.However, formal verification of DRL systems is challenging because deep neural networks (DNNs) embedded in the applications are uninterpretable.In this paper, we propose a novel approach to linear temporal logic (LTL) model checking of DRL systems by extracting interpretable policies from DNNs.The extracted policy can retain comparable performance to the original DNN.More importantly, its decision domain is finite and thus directly verifiable against LTL properties using existing model checking techniques.Experimental results on four classic control systems demonstrate the effectiveness of our approach.

Shangyuan Guan,Xiaoshe Dong,Weiguo Wu,Yiduo Mei,Guofu Feng

DOI: https://doi.org/10.1109/aina.2008.25

2008-01-01

Abstract:Trust has been recognized as an important factor for information security in open and dynamic environments, such as Internet applications, p2p systems etc. On the basis of analyzing existing trust management systems, this paper proposes a Distributed Trust Management based on Authorizing Negotiation (DTMAN). DTMAN presents a number of innovative features. First, it can authorize strangers by using authorizing negotiation, so it is very suitable for open and dynamic environments. Second, a high efficient algorithm for compliance checking is developed to support DTMAN, whose time complexity and space complexity are both O(n) (where n is the cardinality of the set of authorization credentials). The experimental result shows that the algorithm of DTMAN is more efficient than others.

Xinxin Liu,Shaohua Tang,Kai Wei

DOI: https://doi.org/10.4028/www.scientific.net/amm.58-60.2085

2011-01-01

Applied Mechanics and Materials

Abstract:This paper presents OntoRT, an ontology model for Role-base Trust-management(RT) framework, which covers a large fragment of RT including RT0, RT1, RT2 and application domain specification documents (ADSDs). RT addresses distributed authorization problems in decentralized collaborative systems. OntoRT establishes a common vocabulary for RT roles and policies across domains. We describe OntoRT formally in Description Logic(DL) SHOIN(D) and DL-safe SWRL rules. Basing on our logical formalization it is feasible to authorize and analyze RT policies automatically via the state of arts DL reasoners. Finally, we show how OntoRT can be integrated with OWL-DL ontologies which are W3C standard for representing information on the Web. By referring to OWL-DL ontologies that provide rich domain knowledge, specification and management of RT policies are simplified.

JIN Lun,PENG Zhao-yang,XIE Jun-yuan

DOI: https://doi.org/10.3969/j.issn.1001-3695.2007.06.044

2007-01-01

Abstract:The general flow of trust negotiation was introduced,the concept of gradual trust negotiation and policy graph was given,a new secure trust negotiation strategy algorithm was put and the security of it was analyzed.

CUI Wei,LI Yi-fa,SI Xue-ming

DOI: https://doi.org/10.3969/j.issn.1671-0673.2012.02.006

2012-01-01

Abstract:This paper studies computational semantics for trust predicate and some axioms which describe basic properties of trust predicate in logic system.It first argues that the way Datta et al.discussed trust relationships in their Computational Protocol Composition Logic may give rise to drawbacks in protocol proof and internal trust relationships digging.In order to describe security protocols,this paper enlarges Predicate Calculus to get Basic Protocol Logic and gives computational semantics to the logic system.Finally,starting from nature implications of trust,it defines computational semantics for trust predicate in the logic system and describes some basic properties of trust predicate through some axioms.

Qiang Zhang,Xiaowei Wang,Zhenghu Gong

DOI: https://doi.org/10.1109/CSSE.2008.1363

2008-01-01

Abstract:We find that traditional authentication ways donpsilat act well in MANETs for the features of dynamic topology and non-existence of central facilities in mobile ad hoc networks. This paper presents a distributed trust proving language, which is based on role trust. The solution of constructing credential authentication infrastructure and the problem how to perform automated trust negotiation are also discussed. Our design defines roles and policies to make distributed trust negotiation and it can avoid unrelated credential fetching. Simulations show that Our design outperforms traditional trust negotiation ways and is more efficient as a security authentication mechanism in the MANET environments.