TY - GEN
T1 - Model checking of qualitative sensitivity preferences to minimize credential disclosure
AU - Oster, Zachary J.
AU - Santhanam, Ganesh Ram
AU - Basu, Samik
AU - Honavar, Vasant
PY - 2013
Y1 - 2013
N2 - In most client-server interactions over the Web, the server requires the client to disclose certain credentials before providing the client with the requested service (server policy). The client, on the other hand, wants to minimize the sensitivity of the set of credentials disclosed (client preference). We present a qualitative preference formalism based on conditional importance networks (CI-nets) for representing and reasoning with client preferences over the relative sensitivity of sets of credentials. The semantics of CI-net preferences is described using a preference graph over the set of credentials for which the preferences are expressed. We develop a model checking-based approach for analyzing the preference graph, efficiently verifying whether one set of credentials is more sensitive than another (dominance testing). Further, we identify the least (minimum) sensitive set of information that may be disclosed by the client to get access to the desired service. We present a technique based on iterative verification and refinement of the preference graph for computing a sequence of credential sets, ensuring that a credential set with higher sensitivity is never returned before one with lower sensitivity. We present a prototype implementation and preliminary simulation results.
AB - In most client-server interactions over the Web, the server requires the client to disclose certain credentials before providing the client with the requested service (server policy). The client, on the other hand, wants to minimize the sensitivity of the set of credentials disclosed (client preference). We present a qualitative preference formalism based on conditional importance networks (CI-nets) for representing and reasoning with client preferences over the relative sensitivity of sets of credentials. The semantics of CI-net preferences is described using a preference graph over the set of credentials for which the preferences are expressed. We develop a model checking-based approach for analyzing the preference graph, efficiently verifying whether one set of credentials is more sensitive than another (dominance testing). Further, we identify the least (minimum) sensitive set of information that may be disclosed by the client to get access to the desired service. We present a technique based on iterative verification and refinement of the preference graph for computing a sequence of credential sets, ensuring that a credential set with higher sensitivity is never returned before one with lower sensitivity. We present a prototype implementation and preliminary simulation results.
UR - http://www.scopus.com/inward/record.url?scp=84872701988&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84872701988&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-35861-6_13
DO - 10.1007/978-3-642-35861-6_13
M3 - Conference contribution
AN - SCOPUS:84872701988
SN - 9783642358609
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 205
EP - 223
BT - Formal Aspects of Component Software - 9th International Symposium, FACS 2012, Revised Selected Papers
T2 - 9th International Symposium on Formal Aspects of Component Software, FACS 2012
Y2 - 12 September 2012 through 14 September 2012
ER -