Model checking of qualitative sensitivity preferences to minimize credential disclosure

Zachary J. Oster, Ganesh Ram Santhanam, Samik Basu, Vasant Honavar

Research output: Chapter in Book/Report/Conference proceedingConference contribution

7 Scopus citations


In most client-server interactions over the Web, the server requires the client to disclose certain credentials before providing the client with the requested service (server policy). The client, on the other hand, wants to minimize the sensitivity of the set of credentials disclosed (client preference). We present a qualitative preference formalism based on conditional importance networks (CI-nets) for representing and reasoning with client preferences over the relative sensitivity of sets of credentials. The semantics of CI-net preferences is described using a preference graph over the set of credentials for which the preferences are expressed. We develop a model checking-based approach for analyzing the preference graph, efficiently verifying whether one set of credentials is more sensitive than another (dominance testing). Further, we identify the least (minimum) sensitive set of information that may be disclosed by the client to get access to the desired service. We present a technique based on iterative verification and refinement of the preference graph for computing a sequence of credential sets, ensuring that a credential set with higher sensitivity is never returned before one with lower sensitivity. We present a prototype implementation and preliminary simulation results.

Original languageEnglish (US)
Title of host publicationFormal Aspects of Component Software - 9th International Symposium, FACS 2012, Revised Selected Papers
Number of pages19
StatePublished - 2013
Event9th International Symposium on Formal Aspects of Component Software, FACS 2012 - Mountain View, CA, United States
Duration: Sep 12 2012Sep 14 2012

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume7684 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Other9th International Symposium on Formal Aspects of Component Software, FACS 2012
Country/TerritoryUnited States
CityMountain View, CA

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • General Computer Science


Dive into the research topics of 'Model checking of qualitative sensitivity preferences to minimize credential disclosure'. Together they form a unique fingerprint.

Cite this