Visualization of Automated Trust Negotiation
description
Transcript of Visualization of Automated Trust Negotiation
![Page 1: Visualization of Automated Trust Negotiation](https://reader036.fdocuments.net/reader036/viewer/2022062315/568158ce550346895dc61767/html5/thumbnails/1.jpg)
Visualization of Visualization of Automated Trust Automated Trust NegotiationNegotiation
Danfeng YaoDanfeng Yao Michael Shin Michael Shin Brown University Goldman Sachs Inc.Brown University Goldman Sachs Inc.
Roberto Tamassia William H. WinsboroughRoberto Tamassia William H. Winsborough Brown UniversityBrown University University of Texas, San University of Texas, San
AntonioAntonio
Supported in part by NSF grants CCF–0311510, IIS–0324846, CNS–0303577 and CNS-0325951
![Page 2: Visualization of Automated Trust Negotiation](https://reader036.fdocuments.net/reader036/viewer/2022062315/568158ce550346895dc61767/html5/thumbnails/2.jpg)
OverviewOverview
Introduction to two-party Introduction to two-party automated trust negotiation (ATN)automated trust negotiation (ATN)– Trust target graph (TTG) Trust target graph (TTG)
Design of the visualization Design of the visualization frameworkframework– Prototype implementation Prototype implementation
Example of a visualization sessionExample of a visualization session– Demo of our visualization program Demo of our visualization program
![Page 3: Visualization of Automated Trust Negotiation](https://reader036.fdocuments.net/reader036/viewer/2022062315/568158ce550346895dc61767/html5/thumbnails/3.jpg)
Monitoring the release Monitoring the release of sensitive of sensitive credentialscredentials Accessing protected resources requires Accessing protected resources requires
releasing digital credentialsreleasing digital credentials Credentials may be sensitiveCredentials may be sensitive
– Need to control the release of digital credentialsNeed to control the release of digital credentials– Trust Negotiation is an incremental, bilateral Trust Negotiation is an incremental, bilateral
exchange of credentials and policies between exchange of credentials and policies between resource owner and requesterresource owner and requester
Visualization of automated trust negotiation – Gives teaching and learning support for ATN users – Enables users to visually examine the ATN process– The combination of interactive visualization and
ATN improves the security of protected resources– We demonstrate that Grappa and GraphViz (AT&T) We demonstrate that Grappa and GraphViz (AT&T)
are suitable graph drawing systems for visualizing are suitable graph drawing systems for visualizing ATNATN
![Page 4: Visualization of Automated Trust Negotiation](https://reader036.fdocuments.net/reader036/viewer/2022062315/568158ce550346895dc61767/html5/thumbnails/4.jpg)
![Page 5: Visualization of Automated Trust Negotiation](https://reader036.fdocuments.net/reader036/viewer/2022062315/568158ce550346895dc61767/html5/thumbnails/5.jpg)
A simple trust A simple trust negotiation examplenegotiation example
Request for discount
Request UID
Request BBB
Send BBB
Send UID
Grant the discount
PolicPolicyy
Releasing UID requires BBB
Cred.UID (student ID)
Alice
PolicPolicyy
Discount requires UID
Cred.
BBB (better business bureau)
![Page 6: Visualization of Automated Trust Negotiation](https://reader036.fdocuments.net/reader036/viewer/2022062315/568158ce550346895dc61767/html5/thumbnails/6.jpg)
A general trust A general trust negotiation Protocol negotiation Protocol
Request for resource
Request credential
Sensitive, request proof
Sensitive, request more credential
Send credential
Grant the resource
PoliciesPolicies
Credentials
Alice
PoliciesPolicies
Credentials
Send proof
Primary trust target
![Page 7: Visualization of Automated Trust Negotiation](https://reader036.fdocuments.net/reader036/viewer/2022062315/568158ce550346895dc61767/html5/thumbnails/7.jpg)
Trust target graphTrust target graph Trust target graph (TTG) is a directed graph Trust target graph (TTG) is a directed graph
representing the state of negotiation [Winsborough Li representing the state of negotiation [Winsborough Li ’02] ’02] – The negotiation succeeds when the primary trust target is
satisfied– Fails when the primary target cannot be satisfied, or when
neither negotiator changes the graph– TTG can have cycles and be non-planar
Construction of TTGConstruction of TTG– Each negotiator keeps a local copy of TTGEach negotiator keeps a local copy of TTG– Nodes are trust targets:Nodes are trust targets:
< < Amazon: Amazon.discount Amazon: Amazon.discount ? Alice? Alice > > The state of a node: unknown, satisified, or unsatisfiedThe state of a node: unknown, satisified, or unsatisfied
– Edges represent implication and control relationshipsEdges represent implication and control relationships Satisfied states propagate along the edgesSatisfied states propagate along the edges
– Negotiators take turns extending the TTG by adding new Negotiators take turns extending the TTG by adding new edges and nodes to the current graphedges and nodes to the current graph
At the beginning TTG contains only the primary trust At the beginning TTG contains only the primary trust targettarget
The new TTG is a supergraph of the previous oneThe new TTG is a supergraph of the previous one Associated credentials or policies are transmitted Associated credentials or policies are transmitted
![Page 8: Visualization of Automated Trust Negotiation](https://reader036.fdocuments.net/reader036/viewer/2022062315/568158ce550346895dc61767/html5/thumbnails/8.jpg)
TTG construction of TTG construction of the examplethe example
Amazon: Amazon.discount ? Alice
Amazon: Univ.Student ? Alice
Alice: BBB.member ? Amazon
Alice: Amazon ? Amazon
Alice: BBB.member ? Amazon
Amazon: Univ.Student ? Alice
Amazon: Amazon.discount ? Alice
![Page 9: Visualization of Automated Trust Negotiation](https://reader036.fdocuments.net/reader036/viewer/2022062315/568158ce550346895dc61767/html5/thumbnails/9.jpg)
Components of our Components of our ATN visualization ATN visualization frameworkframework
Visualization(View)
LogParser
ProtocolState &Update
text
text
Credentials,Policies,
Strategies
Logs
(1)
(2)
(3)
(4)
(5)
ATNEngine
(6)
(8)Modifier
User Inputs
![Page 10: Visualization of Automated Trust Negotiation](https://reader036.fdocuments.net/reader036/viewer/2022062315/568158ce550346895dc61767/html5/thumbnails/10.jpg)
Prototype Prototype implementationimplementation
The visualizer displays the construction of The visualizer displays the construction of TTG for negotiatorsTTG for negotiators
Uses Grappa system [Barghouti, Mocenigo, Lee. GD ‘97], a Java port of GraphViz system [Ellson, Gansner, Koutsofios, North, Woodhull et al] for graph drawing– Layout provided by dot in GraphViz– The upward drawing heuristics and
hierarchical (layered) drawing features are suitable for drawing directed graphs such as TTGs
– Layout algorithms try to avoid edge crossings and reduce edge length
Colors and shapes of nodes and edges represent different types in TTG and can be customized
Displays local credentials, remote credentials, and policies
![Page 11: Visualization of Automated Trust Negotiation](https://reader036.fdocuments.net/reader036/viewer/2022062315/568158ce550346895dc61767/html5/thumbnails/11.jpg)
Standard target
Intersection target
Trivial target
Linked role target
![Page 12: Visualization of Automated Trust Negotiation](https://reader036.fdocuments.net/reader036/viewer/2022062315/568158ce550346895dc61767/html5/thumbnails/12.jpg)
Edge typesEdge types
Edge name Color Meaning
Implication PurpleA parent node implies the child node
Linking monitor BlueForm a target with a linked role to a linking goal
Linking solution GoldFrom a linked goal to a standard target
Linking implication GreenFrom a target with a linked role to a linked role target
Control Sienna Used with ack and access policies
Intersection OrangeFrom an intersection target to standard targets
![Page 13: Visualization of Automated Trust Negotiation](https://reader036.fdocuments.net/reader036/viewer/2022062315/568158ce550346895dc61767/html5/thumbnails/13.jpg)
Demo Demo of a visualization of a visualization sessionsession
Requester: AliceRequester: Alice– Works at purchase department in Medix Fund Works at purchase department in Medix Fund
((MedixFund.purchasingAMedixFund.purchasingA))– She considers this credential sensitiveShe considers this credential sensitive
Resource owner: Medical Supply Company (Resource owner: Medical Supply Company (MedSupMedSup))– A member of ReliefNet (A member of ReliefNet (ReliefNet.memberReliefNet.member))
Requested resource: Discount from MedSupRequested resource: Discount from MedSup– MedSup.discountMedSup.discount
Delegation credentials transfer privileges between rolesDelegation credentials transfer privileges between roles– Role Role provisionerprovisioner at ReliefNet is delegated to at ReliefNet is delegated to
MedixFund.purchasingAMedixFund.purchasingA– cPartnercPartner at Medix Fund is delegated to at Medix Fund is delegated to ReliefNet.memberReliefNet.member– Discount is given toDiscount is given to provisioner provisioner at ReliefNetat ReliefNet
![Page 14: Visualization of Automated Trust Negotiation](https://reader036.fdocuments.net/reader036/viewer/2022062315/568158ce550346895dc61767/html5/thumbnails/14.jpg)
ATN-Vis DemoATN-Vis Demo
![Page 15: Visualization of Automated Trust Negotiation](https://reader036.fdocuments.net/reader036/viewer/2022062315/568158ce550346895dc61767/html5/thumbnails/15.jpg)
Example -- StartExample -- Start
Requester: Alice Provider: Medical Supply (MedSup)
![Page 16: Visualization of Automated Trust Negotiation](https://reader036.fdocuments.net/reader036/viewer/2022062315/568158ce550346895dc61767/html5/thumbnails/16.jpg)
Example -- 3% progressExample -- 3% progress
![Page 17: Visualization of Automated Trust Negotiation](https://reader036.fdocuments.net/reader036/viewer/2022062315/568158ce550346895dc61767/html5/thumbnails/17.jpg)
Example -- 16% Example -- 16% progressprogress
![Page 18: Visualization of Automated Trust Negotiation](https://reader036.fdocuments.net/reader036/viewer/2022062315/568158ce550346895dc61767/html5/thumbnails/18.jpg)
Example -- 19% Example -- 19% progressprogress
![Page 19: Visualization of Automated Trust Negotiation](https://reader036.fdocuments.net/reader036/viewer/2022062315/568158ce550346895dc61767/html5/thumbnails/19.jpg)
Example -- 23% Example -- 23% progressprogress
![Page 20: Visualization of Automated Trust Negotiation](https://reader036.fdocuments.net/reader036/viewer/2022062315/568158ce550346895dc61767/html5/thumbnails/20.jpg)
Example -- 29% Example -- 29% progressprogress
![Page 21: Visualization of Automated Trust Negotiation](https://reader036.fdocuments.net/reader036/viewer/2022062315/568158ce550346895dc61767/html5/thumbnails/21.jpg)
Example -- 42% Example -- 42% progressprogress
![Page 22: Visualization of Automated Trust Negotiation](https://reader036.fdocuments.net/reader036/viewer/2022062315/568158ce550346895dc61767/html5/thumbnails/22.jpg)
Example -- 45% Example -- 45% progressprogress
![Page 23: Visualization of Automated Trust Negotiation](https://reader036.fdocuments.net/reader036/viewer/2022062315/568158ce550346895dc61767/html5/thumbnails/23.jpg)
Example -- 52% Example -- 52% progressprogress
![Page 24: Visualization of Automated Trust Negotiation](https://reader036.fdocuments.net/reader036/viewer/2022062315/568158ce550346895dc61767/html5/thumbnails/24.jpg)
Example -- 61% Example -- 61% progressprogress
![Page 25: Visualization of Automated Trust Negotiation](https://reader036.fdocuments.net/reader036/viewer/2022062315/568158ce550346895dc61767/html5/thumbnails/25.jpg)
Example -- 71% Example -- 71% progressprogress
![Page 26: Visualization of Automated Trust Negotiation](https://reader036.fdocuments.net/reader036/viewer/2022062315/568158ce550346895dc61767/html5/thumbnails/26.jpg)
Example -- 77% Example -- 77% progressprogress
![Page 27: Visualization of Automated Trust Negotiation](https://reader036.fdocuments.net/reader036/viewer/2022062315/568158ce550346895dc61767/html5/thumbnails/27.jpg)
Example -- 74% Example -- 74% progressprogress
![Page 28: Visualization of Automated Trust Negotiation](https://reader036.fdocuments.net/reader036/viewer/2022062315/568158ce550346895dc61767/html5/thumbnails/28.jpg)
Example -- 84% Example -- 84% progressprogress
![Page 29: Visualization of Automated Trust Negotiation](https://reader036.fdocuments.net/reader036/viewer/2022062315/568158ce550346895dc61767/html5/thumbnails/29.jpg)
Example -- 97% Example -- 97% progressprogress
![Page 30: Visualization of Automated Trust Negotiation](https://reader036.fdocuments.net/reader036/viewer/2022062315/568158ce550346895dc61767/html5/thumbnails/30.jpg)
Example -- 100% Example -- 100% progressprogress
![Page 31: Visualization of Automated Trust Negotiation](https://reader036.fdocuments.net/reader036/viewer/2022062315/568158ce550346895dc61767/html5/thumbnails/31.jpg)
Related WorkRelated Work Graph drawing systemsGraph drawing systems
– Grappa [Barghouti, Mocenigo, Lee. GD ‘97] – GraphViz [Ellson, Gansner, Koutsofios, North, Woodhull
et al] Visualization of protocols
– [Hall, Moore, Pratt, Leslie. SIGCOMM Workshop ‘03]– [Zhao, Mayo. ICEE ’02]– [Koch, Parisi-Presicce. FASE ‘03]
Trust negotiationTrust negotiation– [Winsborough, Seamons, Jones. DISCEX’00][Winsborough, Seamons, Jones. DISCEX’00]– [Yu, Ma, Winslett. CCS’00] [Yu, Ma, Winslett. CCS’00] – [Winsborough, Li. POLICY ’02][Winsborough, Li. POLICY ’02]– [Li, Du, Boneh ‘03][Li, Du, Boneh ‘03]
Combination of visualization and automated protocols– Anomaly detection [Anomaly detection [Teoh, Zhang, Tseng, Ma, Wu.
VizSEC/DMSEC ‘04]]– Mining Mining geo-spatial datasets [Keim, Panse, Sips, North. CG
‘04]
![Page 32: Visualization of Automated Trust Negotiation](https://reader036.fdocuments.net/reader036/viewer/2022062315/568158ce550346895dc61767/html5/thumbnails/32.jpg)
Conclusions and future Conclusions and future workwork
We have described the architecture and data We have described the architecture and data model of an interactive visualization framework model of an interactive visualization framework for ATNfor ATN
We have presented a prototype of our ATN We have presented a prototype of our ATN visualization frameworkvisualization framework
Grappa and GraphViz are suitable tools for Grappa and GraphViz are suitable tools for drawing trust target graphs in ATNdrawing trust target graphs in ATN
For future work, we plan to bring more For future work, we plan to bring more interactive components into the implementationinteractive components into the implementation– Provide more interactive explanations of texts inside Provide more interactive explanations of texts inside
TTG nodesTTG nodes– Visualization and modification of negotiation strategiesVisualization and modification of negotiation strategies