data and applications security developments and directions secure knowledge management:...
TRANSCRIPT
![Page 1: Data and Applications Security Developments and Directions Secure Knowledge Management: Confidentiality, Privacy and Trust Dr. Bhavani Thuraisingham The](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c0081a28abf838cc6a2d/html5/thumbnails/1.jpg)
Data and Applications Security Developments and Directions
Secure Knowledge Management: Confidentiality, Privacy and Trust
Dr. Bhavani Thuraisingham
The University of Texas at Dallas
November 29, 2005
![Page 2: Data and Applications Security Developments and Directions Secure Knowledge Management: Confidentiality, Privacy and Trust Dr. Bhavani Thuraisingham The](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c0081a28abf838cc6a2d/html5/thumbnails/2.jpg)
Outline of the Unit
Background on Knowledge Management Secure Knowledge Management Confidentiality: Access Control Privacy Trust Management Integrated System Secure Knowledge Management Technologies Directions Appendix: TrustX Research
![Page 3: Data and Applications Security Developments and Directions Secure Knowledge Management: Confidentiality, Privacy and Trust Dr. Bhavani Thuraisingham The](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c0081a28abf838cc6a2d/html5/thumbnails/3.jpg)
References
Proceedings Secure Knowledge Management Workshop
- Secure Knowledge Management Workshop, Buffalo, NY, September 2004
- http://www.cse.buffalo.edu/caeiae/skm2004/ Secure Knowledge Management
- Authors: Thuraisingham, Bertino, Sandhu
- To be published in IEEE Transactions on Systems, Man and Cybernetics
- This lecture is based on the above paper
![Page 4: Data and Applications Security Developments and Directions Secure Knowledge Management: Confidentiality, Privacy and Trust Dr. Bhavani Thuraisingham The](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c0081a28abf838cc6a2d/html5/thumbnails/4.jpg)
What is Knowledge Management
Knowledge management, or KM, is the process through which organizations generate value from their intellectual property and knowledge-based assets
KM involves the creation, dissemination, and utilization of knowledge
Reference: http://www.commerce-database.com/knowledge-management.htm?source=google
![Page 5: Data and Applications Security Developments and Directions Secure Knowledge Management: Confidentiality, Privacy and Trust Dr. Bhavani Thuraisingham The](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c0081a28abf838cc6a2d/html5/thumbnails/5.jpg)
Knowledge Management Components
Components:StrategiesProcessesMetrics
Cycle:Knowledge, CreationSharing, Measurement And Improvement
Technologies:Expert systemsCollaborationTrainingWeb
Components ofKnowledge Management: Components,Cycle and Technologies
![Page 6: Data and Applications Security Developments and Directions Secure Knowledge Management: Confidentiality, Privacy and Trust Dr. Bhavani Thuraisingham The](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c0081a28abf838cc6a2d/html5/thumbnails/6.jpg)
Identification Creation
Diffusion - Tacit, Explicit
Integration Modification
Action
Organizational Learning Process
Metrics
Source:
Reinhardt and Pawlowsky
Incentives
![Page 7: Data and Applications Security Developments and Directions Secure Knowledge Management: Confidentiality, Privacy and Trust Dr. Bhavani Thuraisingham The](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c0081a28abf838cc6a2d/html5/thumbnails/7.jpg)
Aspects of Secure Knowledge Management (SKM)
Protecting the intellectual property of an organization Access control including role-based access control Security for process/activity management and workflow
- Users must have certain credentials to carry out an activity Composing multiple security policies across organizations Security for knowledge management strategies and processes Risk management and economic tradeoffs Digital rights management and trust negotiation
![Page 8: Data and Applications Security Developments and Directions Secure Knowledge Management: Confidentiality, Privacy and Trust Dr. Bhavani Thuraisingham The](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c0081a28abf838cc6a2d/html5/thumbnails/8.jpg)
SKM: Strategies, Processes, Metrics, Techniques
Security Strategies:
- Policies and procedures for sharing data
- Protecting intellectual property
- Should be tightly integrated with business strategy Security processes
- Secure workflow
- Processes for contracting, purchasing, order management, etc.
Metrics
- What is impact of security on number of documents published and other metrics gathered
Techniques
- Access control, Trust management
![Page 9: Data and Applications Security Developments and Directions Secure Knowledge Management: Confidentiality, Privacy and Trust Dr. Bhavani Thuraisingham The](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c0081a28abf838cc6a2d/html5/thumbnails/9.jpg)
SecurityStrategies: Policies,Plans, andProcedures
Security Processes:
Processes forWorkflow, Order Management, Contracting, - - -
Technologies:
Privacy PreservingData Mining, Secure Semantic Web
Components of
Aspects ofSecure Knowledge Management
SecurityMetrics:
Security impact onMetrics gathered for data sharing
SecurityTechniques:
Access Control,Trust Management,- - - -
SKM: Strategies, Processes, Metrics, Techniques
![Page 10: Data and Applications Security Developments and Directions Secure Knowledge Management: Confidentiality, Privacy and Trust Dr. Bhavani Thuraisingham The](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c0081a28abf838cc6a2d/html5/thumbnails/10.jpg)
Secure Knowledge Management Architecture
Knowledge Creation and Acquisition Manager
Knowledge RepresentationManager
Knowledge Manipulation And SustainmentManager
Knowledge Dissemination and TransferManager
Define Security Policies Represent Security Policies
Enforce Security Policies for access
Enforce Security Policies for dissemination
![Page 11: Data and Applications Security Developments and Directions Secure Knowledge Management: Confidentiality, Privacy and Trust Dr. Bhavani Thuraisingham The](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c0081a28abf838cc6a2d/html5/thumbnails/11.jpg)
SKM Technologies Data Mining
- Mining the information and determine resources without violating security
Secure Semantic Web
- Secure knowledge sharing Secure Annotation Management
- Managing annotations about expertise and resources Secure content management
- Markup technologies and related aspects for managing content
Secure multimedia information management
![Page 12: Data and Applications Security Developments and Directions Secure Knowledge Management: Confidentiality, Privacy and Trust Dr. Bhavani Thuraisingham The](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c0081a28abf838cc6a2d/html5/thumbnails/12.jpg)
Confidentiality, Privacy and Trust
Confidentiality: Ensuring that only authorized individuals get/acquire the information/knowledge according to the confidentiality policies
Privacy: Ensuring that my personal information is distributed according to the policies I enforce
Trust: Do we believe that the other person will not divulge confidential and/or private information even though he/she is authorized to receive the information
![Page 13: Data and Applications Security Developments and Directions Secure Knowledge Management: Confidentiality, Privacy and Trust Dr. Bhavani Thuraisingham The](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c0081a28abf838cc6a2d/html5/thumbnails/13.jpg)
Access Control Strategy XML to specify policies Subjects request access to XML documents under two modes:
Browsing and authoring
- With browsing access subject can read/navigate documents
- Authoring access is needed to modify, delete, append documents
Access control module checks the policy based and applies policy specs
Views of the document are created based on credentials and policy specs
In case of conflict, least access privilege rule is enforced Works for Push/Pull modes Presentation at MITRE on March 18, 2005
![Page 14: Data and Applications Security Developments and Directions Secure Knowledge Management: Confidentiality, Privacy and Trust Dr. Bhavani Thuraisingham The](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c0081a28abf838cc6a2d/html5/thumbnails/14.jpg)
System Architecture for Access Control
UserPull/Query Push/result
XML Documents
X-Access X-AdminAdmin Tools
Policybase
Credentialbase
![Page 15: Data and Applications Security Developments and Directions Secure Knowledge Management: Confidentiality, Privacy and Trust Dr. Bhavani Thuraisingham The](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c0081a28abf838cc6a2d/html5/thumbnails/15.jpg)
Third-Party Architecture
Credential base
policy baseXML Source
User/Subject
Owner
Publisher
Query
Reply documen
t
SE-XML
credentials
The Owner is the producer of information It specifies access control policies
The Publisher is responsible for managing (a portion of) the Owner information and answering subject queries
Goal: Untrusted Publisher with respect to Authenticity and Completeness checking
![Page 16: Data and Applications Security Developments and Directions Secure Knowledge Management: Confidentiality, Privacy and Trust Dr. Bhavani Thuraisingham The](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c0081a28abf838cc6a2d/html5/thumbnails/16.jpg)
RBAC for SKM Access to information sources including structured and
unstructured data both within the organization and external to the organization
Search Engines and tools for identifying relevant pieces of this information for a specific purpose
Knowledge extraction, fusion and discovery programs and services Controlled dissemination and sharing of newly produced knowledge
![Page 17: Data and Applications Security Developments and Directions Secure Knowledge Management: Confidentiality, Privacy and Trust Dr. Bhavani Thuraisingham The](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c0081a28abf838cc6a2d/html5/thumbnails/17.jpg)
RBAC for SKM
![Page 18: Data and Applications Security Developments and Directions Secure Knowledge Management: Confidentiality, Privacy and Trust Dr. Bhavani Thuraisingham The](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c0081a28abf838cc6a2d/html5/thumbnails/18.jpg)
UCON (Usage Control) for SKM RBAC model is incorporated into UCON and useful for SKM
- Authorization component Obligations
- Obligations are actions required to be performed before an access is permitted
- Obligations can be used to determine whether an expensive knowledge search is required
Attribute Mutability
- Used to control the scope of the knowledge search Condition
- Can be used for resource usage policies to be relaxed or tightened
![Page 19: Data and Applications Security Developments and Directions Secure Knowledge Management: Confidentiality, Privacy and Trust Dr. Bhavani Thuraisingham The](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c0081a28abf838cc6a2d/html5/thumbnails/19.jpg)
UCON for SKM
![Page 20: Data and Applications Security Developments and Directions Secure Knowledge Management: Confidentiality, Privacy and Trust Dr. Bhavani Thuraisingham The](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c0081a28abf838cc6a2d/html5/thumbnails/20.jpg)
Confidentiality Controller
Confidentiality Policies
Ontologies
Rules
Semantic Web
Engine
XML, RDF
Documents
Web Pages,
Databases
Inference Engine/
Confidentiality Controller
Interface to the Confidentiality Enhanced Semantic Web
![Page 21: Data and Applications Security Developments and Directions Secure Knowledge Management: Confidentiality, Privacy and Trust Dr. Bhavani Thuraisingham The](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c0081a28abf838cc6a2d/html5/thumbnails/21.jpg)
Some Privacy concerns
Medical and Healthcare
- Employers, marketers, or others knowing of private medical concerns of employees
Security
- Allowing access to individual’s travel and spending data
- Allowing access to web surfing behavior Marketing, Sales, and Finance
- Allowing access to individual’s purchases
![Page 22: Data and Applications Security Developments and Directions Secure Knowledge Management: Confidentiality, Privacy and Trust Dr. Bhavani Thuraisingham The](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c0081a28abf838cc6a2d/html5/thumbnails/22.jpg)
Privacy Preserving Data Mining
Association Rules
- Privacy Preserving Association Rule Mining IBM, - - - - -
Decision Trees
- Privacy Preserving Decision Trees IBM, - - - -
Clustering
- Privacy Preserving Clustering Purdue, - - - -
Link Analysis
- Privacy Preserving Link Analysis UTD, (ICDM Conference Workshop on Privacy
Preserving Data Mining, November 2005)
![Page 23: Data and Applications Security Developments and Directions Secure Knowledge Management: Confidentiality, Privacy and Trust Dr. Bhavani Thuraisingham The](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c0081a28abf838cc6a2d/html5/thumbnails/23.jpg)
Privacy Controller
Privacy Policies
Ontologies
Rules
Client Engine
Client Database
Inference Engine/ Privacy Controller
Interface to the Client
![Page 24: Data and Applications Security Developments and Directions Secure Knowledge Management: Confidentiality, Privacy and Trust Dr. Bhavani Thuraisingham The](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c0081a28abf838cc6a2d/html5/thumbnails/24.jpg)
Trust Negotiation model: Joint Research with Prof. Elisa Bertino et al at Purdue and U. Of Milan
A promising approach for open systems where most of the interactions occur between strangers
The goal: establish trust between parties in order to exchange sensitive information and services
The approach: establish trust by verifying properties of the other party
![Page 25: Data and Applications Security Developments and Directions Secure Knowledge Management: Confidentiality, Privacy and Trust Dr. Bhavani Thuraisingham The](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c0081a28abf838cc6a2d/html5/thumbnails/25.jpg)
Trust Management for SKM Trust Services
- Identify services, authorization services, reputation services
Trust negotiation (TN)
- Digital credentials, Disclosure policies TN Requirements
- Language requirements Semantics, constraints, policies
- System requirements Credential ownership, validity, alternative negotiation
strategies, privacy Example TN systems
- KeyNote and Trust-X (U of Milan), TrustBuilder (UIUC)
![Page 26: Data and Applications Security Developments and Directions Secure Knowledge Management: Confidentiality, Privacy and Trust Dr. Bhavani Thuraisingham The](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c0081a28abf838cc6a2d/html5/thumbnails/26.jpg)
Trust Management for SKM
![Page 27: Data and Applications Security Developments and Directions Secure Knowledge Management: Confidentiality, Privacy and Trust Dr. Bhavani Thuraisingham The](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c0081a28abf838cc6a2d/html5/thumbnails/27.jpg)
Integrated Approach: Confidentiality, Privacy and Trust
![Page 28: Data and Applications Security Developments and Directions Secure Knowledge Management: Confidentiality, Privacy and Trust Dr. Bhavani Thuraisingham The](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c0081a28abf838cc6a2d/html5/thumbnails/28.jpg)
SKM for Coalitions Organizations form federations and coalitions work together
to solve a problem
- Universities, Commercial corporations, Government agencies
Challenges is to share data/information and at the same time ensure security and autonomy for the individual organizations
How can knowledge be shared across coalitions? Incentive compatible knowledge sharing techniques
![Page 29: Data and Applications Security Developments and Directions Secure Knowledge Management: Confidentiality, Privacy and Trust Dr. Bhavani Thuraisingham The](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c0081a28abf838cc6a2d/html5/thumbnails/29.jpg)
SKM Coalition Architecture: Joint Research with Prof. Ravi Sandhu at GMU
ExportKnowledge
ComponentKnowledge for
Agency A
Knowledge for Coalition
ExportKnowledge
ComponentKnowledge for
Agency C
ComponentKnowledge for
Agency B
ExportKnowledge
![Page 30: Data and Applications Security Developments and Directions Secure Knowledge Management: Confidentiality, Privacy and Trust Dr. Bhavani Thuraisingham The](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c0081a28abf838cc6a2d/html5/thumbnails/30.jpg)
Directions
We have identified high level aspects of SKM
- Strategies, Processes. Metrics, techniques, Technologies, Architecture
Need to investigate security issues
- RBAC, UCON, Trust, Privacy etc. CS departments should collaborate with business schools on
KM and SKM
![Page 31: Data and Applications Security Developments and Directions Secure Knowledge Management: Confidentiality, Privacy and Trust Dr. Bhavani Thuraisingham The](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c0081a28abf838cc6a2d/html5/thumbnails/31.jpg)
Data and Applications Security Developments and Directions
Dr. Bhavani Thuraisingham
The University of Texas at Dallas
Secure Knowledge Management:
Confidentiality, Privacy and Trust
Appendix: TrustX System and Current Research
Joint work with Purdue University and
University of Milan
November 29, 2005
![Page 32: Data and Applications Security Developments and Directions Secure Knowledge Management: Confidentiality, Privacy and Trust Dr. Bhavani Thuraisingham The](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c0081a28abf838cc6a2d/html5/thumbnails/32.jpg)
The problem: Establishing trust in open
systems
Mutual authentication
- Assumption on the counterpart honesty no longer holds- Both participants need to authenticate each other
Interactions between strangers
- In conventional systems user identity is known in advance and can be used for performing access control- In open systems partecipants may have no pre-existing relationship and may not share a common security domain
![Page 33: Data and Applications Security Developments and Directions Secure Knowledge Management: Confidentiality, Privacy and Trust Dr. Bhavani Thuraisingham The](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c0081a28abf838cc6a2d/html5/thumbnails/33.jpg)
Trust Negotiation modelA promising approach for open systems
where most of the interactions occur between strangers
The goal: establish trust between parties in order to exchange sensitive information and services
The approach: establish trust by verifying properties of the other party
![Page 34: Data and Applications Security Developments and Directions Secure Knowledge Management: Confidentiality, Privacy and Trust Dr. Bhavani Thuraisingham The](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c0081a28abf838cc6a2d/html5/thumbnails/34.jpg)
Trust negotiation: the approach
Interactions between strangers in open systems are different from traditional access control models
Policies and mechanisms developed in conventional systems need to be revised
USER ID’s
VS.
SUBJECT PROPERTIES
ACCESS CONTROL POLICIES
VS.
DISCLOSURE POLICIES
![Page 35: Data and Applications Security Developments and Directions Secure Knowledge Management: Confidentiality, Privacy and Trust Dr. Bhavani Thuraisingham The](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c0081a28abf838cc6a2d/html5/thumbnails/35.jpg)
Subject properties: digital credentials
Assertion about the credential owner issued and certified by a Certification Authority.
CA
CA
CA
CA
Each entity has an associated set of credentials, describing properties and attributes of the owner.
![Page 36: Data and Applications Security Developments and Directions Secure Knowledge Management: Confidentiality, Privacy and Trust Dr. Bhavani Thuraisingham The](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c0081a28abf838cc6a2d/html5/thumbnails/36.jpg)
Use of Credentials
Credential
Issuer
Digital Credentials
-Julie
-3 kids
-Married
-American
Company A
Company B
Want to know citizenship
Want to know marital status
-Julie
- American
-Julie
- Married
Alice
Check Check
Referenced from http://www.credentica.com/technology/overview.pdf
![Page 37: Data and Applications Security Developments and Directions Secure Knowledge Management: Confidentiality, Privacy and Trust Dr. Bhavani Thuraisingham The](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c0081a28abf838cc6a2d/html5/thumbnails/37.jpg)
Credentials
Credentials can be expressed through the Security Assertion Mark-up Language (SAML)
SAML allows a party to express security statements about a given subject
- Authentication statements
- Attribute statements
- Authorization decision statements
![Page 38: Data and Applications Security Developments and Directions Secure Knowledge Management: Confidentiality, Privacy and Trust Dr. Bhavani Thuraisingham The](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c0081a28abf838cc6a2d/html5/thumbnails/38.jpg)
Disclosure policies Disclosure policies govern:
Access to protected resources
Access to sensitive information
Disclosure of sensitive credentials
Disclosure policies express trust requirements by means of credential combinations that must be disclosed to obtain authorization
Disclosure policies
![Page 39: Data and Applications Security Developments and Directions Secure Knowledge Management: Confidentiality, Privacy and Trust Dr. Bhavani Thuraisingham The](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c0081a28abf838cc6a2d/html5/thumbnails/39.jpg)
Disclosure policies - Example
Suppose NBG Bank offers loans to students To check the eligibility of the requester, the Bank asks the
student to present the following credentials
- The student card
- The ID card
- Social Security Card
- Financial information – either a copy of the Federal Income Tax Return or a bank statement
![Page 40: Data and Applications Security Developments and Directions Secure Knowledge Management: Confidentiality, Privacy and Trust Dr. Bhavani Thuraisingham The](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c0081a28abf838cc6a2d/html5/thumbnails/40.jpg)
Disclosure policies - Example
p1= ({}, Student_Loan Student_Card());
p2= ({p1}), Student_Loan Social_Security_Card());
p3= ({p2}, Student_Loan Federal_Income_Tax_Return());
p4= ({p2}, Student_Loan Bank_Statement());
P5=({p3,p4}, Student_Loan DELIV);
These policies result in two distinct “policy chains” that lead to disclosure
[p1, p2, p3, p5] [p1, p2, p4, p5]
![Page 41: Data and Applications Security Developments and Directions Secure Knowledge Management: Confidentiality, Privacy and Trust Dr. Bhavani Thuraisingham The](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c0081a28abf838cc6a2d/html5/thumbnails/41.jpg)
Trust Negotiation - definition
The gradual disclosure of credentials and requests for credentials between two strangers, with the goal of establishing sufficient trust so that the parties can exchange sensitive information and/or resources
![Page 42: Data and Applications Security Developments and Directions Secure Knowledge Management: Confidentiality, Privacy and Trust Dr. Bhavani Thuraisingham The](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c0081a28abf838cc6a2d/html5/thumbnails/42.jpg)
Trust-X system: Joint Research with University of Milan and Purdue University
A comprehensive XML based framework for trust negotiations:
Trust negotiation language (X-TNL)System architecture Algorithms and strategies to carry out the
negotiation process
![Page 43: Data and Applications Security Developments and Directions Secure Knowledge Management: Confidentiality, Privacy and Trust Dr. Bhavani Thuraisingham The](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c0081a28abf838cc6a2d/html5/thumbnails/43.jpg)
Trust-X language: X-TNL
Able to handle mutliple and heterogeneus certificate specifications:
Credentials Declarations
Able to help the user in customizing the management of his/her own certificates
X-Profile Data Set
Able to define a wide range of protection requirements by means of disclosure policies
![Page 44: Data and Applications Security Developments and Directions Secure Knowledge Management: Confidentiality, Privacy and Trust Dr. Bhavani Thuraisingham The](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c0081a28abf838cc6a2d/html5/thumbnails/44.jpg)
X-TNL: Credential type system
X-TNL simplifies the task of credential specification by using a set of templates called credential types
Uniqueness is ensured by use of XML Namespaces
Credential types are defined by using Document Type Definition
<!DOCTYPE library_badge[ <!ELEMENT library_badge (name, address, phone_number*, email?, release_date, profession,Issuer)><!ELEMENT name (fname, lname)><!ELEMENT address (#PCDATA)><!ELEMENT phone_number (#PCDATA)><!ELEMENT email (#PCDATA)><!ELEMENT release_date (#PCDATA)><!ELEMENT profession (#PCDATA)><!ELEMENT fname (#PCDATA)><!ELEMENT lname (#PCDATA)><!ELEMENT Issuer ANY><!ATTLIST Issuer XML:LINK CDATA #FIXED “SIMPLE” HREF CDATA #REQUIRED TITLE CDATA #IMPLIED><!ATTLIST library_badge CredID ID #REQUIRED><!ATTLIST library_badge SENS CDATA #REQUIRED>]>
![Page 45: Data and Applications Security Developments and Directions Secure Knowledge Management: Confidentiality, Privacy and Trust Dr. Bhavani Thuraisingham The](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c0081a28abf838cc6a2d/html5/thumbnails/45.jpg)
Trust-X negotiation phases- basic model
1. Introduction
Send a request for a resource/service Introductory policy exchanges
2. Policy evaluation phase
Disclosure policy exchange Evaluation of the exchanged policies in order to determine
secure solutions for both the parties.
3. Certificate exchange phase
Exchange of the sequence of certificates determined at step n. 2.
![Page 46: Data and Applications Security Developments and Directions Secure Knowledge Management: Confidentiality, Privacy and Trust Dr. Bhavani Thuraisingham The](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c0081a28abf838cc6a2d/html5/thumbnails/46.jpg)
Trust-X Architecture
C O N T R O L L E RR E Q U E S T E R
X -P R O FILE
C O M P L I AN C E C HE C KE R
PO L I C YB A SE
X -P R O FILE
C O M P L I AN C E C HE C KE R
T R E EM A N A G E R
T R E EM A N A G E R
P O L I C Y E X C H A N G E
PO L I C YB A SE
Trust-X has been specifically designed for a peer-to-peer environment in that each party is equipped with the same functional modules and thus it can alternatively act as a requester or resource controller during different negotiations.
![Page 47: Data and Applications Security Developments and Directions Secure Knowledge Management: Confidentiality, Privacy and Trust Dr. Bhavani Thuraisingham The](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c0081a28abf838cc6a2d/html5/thumbnails/47.jpg)
Upon receiving a disclosure policy the compliance checker determines if it can be satisfied by any certificate of the local X-profile.
How a policy is processed
COMPLIANCE CHECKER
TREEMANAGER
Policy Base Policy ReplyX-Profile
Disclosure Policies
Then, the module checks in the policy base the protection needs associated with the certificates, if any. The state of the negotiation is anyway updated by the tree manager, which records whether new policies and credentials have been involved or not.
![Page 48: Data and Applications Security Developments and Directions Secure Knowledge Management: Confidentiality, Privacy and Trust Dr. Bhavani Thuraisingham The](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c0081a28abf838cc6a2d/html5/thumbnails/48.jpg)
Current Research
How can we ensure privacy in Trust Negotiation Systems Joint work with U. of Milan and Purdue Squichinari, Bertino, Ferrari and Thuraisingham et al To appear in ACM Transactions on Information and Systems
Security