Minimizing Disclosure of Private Information in Credential-based Interactions: A Graph-based Approach

We address the problem of enabling clients to regulate disclosure of their credentials and properties when interacting with servers in open scenarios. We provide a means for clients to specify the sensitivity of information in their portfolio at a fine-grain level and to determine the credentials and properties to disclose to satisfy a server request while minimizing the sensitivity of the information disclosed. Exploiting a graph modeling of the problem, we develop a heuristic approach for determining a disclosure minimizing released information, that offers execution times compatible with the requirements of interactive access to Web resources.

[1]  Mikhail J. Atallah,et al.  Private Information: To Reveal or not to Reveal , 2008, TSEC.

[2]  Sabrina De Capitani di Vimercati,et al.  Expressive and Deployable Access Control in Open Web Service Applications , 2011, IEEE Transactions on Services Computing.

[3]  Marianne Winslett,et al.  The Traust Authorization Service , 2008, TSEC.

[4]  Pierangela Samarati,et al.  Protecting Respondents' Identities in Microdata Release , 2001, IEEE Trans. Knowl. Data Eng..

[5]  Ting Yu,et al.  Preventing attribute information leakage in automated trust negotiation , 2005, CCS '05.

[6]  Li Zhou,et al.  Adaptive trust negotiation and access control , 2005, SACMAT '05.

[7]  Marianne Winslett,et al.  Supporting structured credentials and sensitive policies through interoperable strategies for automated trust negotiation , 2003, TSEC.

[8]  Sushil Jajodia,et al.  Combining fragmentation and encryption to protect privacy in data storage , 2010, TSEC.

[9]  Stefan A. Brands,et al.  Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy , 2000 .

[10]  Donald F. Towsley,et al.  Optimizing cost-sensitive trust-negotiation protocols , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..

[11]  SamaratiPierangela,et al.  A uniform framework for regulating service access and information release on the web , 2002 .

[12]  Wolf-Tilo Balke,et al.  Exploiting Preferences for Minimal Credential Disclosure in Policy-Driven Trust Negotiations , 2008, Secure Data Management.

[13]  Jan Camenisch,et al.  An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation , 2001, IACR Cryptol. ePrint Arch..

[14]  Pierangela Samarati,et al.  A Uniform Framework for Regulating Service Access and Information Release on the Web , 2002, J. Comput. Secur..