DAIS: The Database and Information Systems Laboratory at The University of Illinois at Urbana-Champaign UIUC Department of Computer Science Unversity of Illinois at Urbana-Champaign
Trust Management and Compliance Storage at UIUC

TrustBuilder Overview

In open distributed systems, resources are shared across organizational boundaries and as such, traditional identity-based access control lists (ACLs) are not viable options for protecting resources, as the set of authorized users may not be known a priori. The TrustBuilder project is investigating trust negotiation, an attribute-based access control (ABAC) model in which parties conduct bilateral and iterative exchanges of policies and certified attributes to negotiate for access to system resources including services, roles, capabilities, personal credentials, and sensitive system policies. The image below illustrates a simple trust negotiation occurring between Bob's service and a previously unknown user Alice. Upon requesting access to Bob's server, Alice is provided with the policy guarding this service, which states that she must disclose a Visa card credential so that she can be billed for her service usage. Alice has this credential, but is only willing to show it to members of the Better Business Bureau (BBB), so she sends Bob a policy to this effect. Bob then discloses his BBB credential to Alice along with a proof of ownership. Alice is then satisfied that Bob belongs to the BBB, so she discloses her credit card and is granted access to Bob's service.

Step 1: Alice requests a service from Bob.
Step 2: Bob discloses his policy for the service.
Step 3: Alice discloses her policy for her VISA card. 
Step 4: Bob discloses his BB credential.
Step 5: Alice discloses her VISA card credential. 
Step 6: Bob grants access to the service.

Research

The TrustBuilder project is an ongoing research effort that has contributed to both the theoretical foundations and the systems-level issues surrounding trust negotiation. Below, we highlight several key areas of research in the TrustBuilder project along with a list of representative publications for each area. A complete list of publications for this project can be found in the Trust Management and Compliance Storage group publications page. For readers interested in a general introduction to trust negotiation, such an article is available, targeted toward people without a background in security research.

Return to top

Theory

Return to top

Systems

Return to top

People

All e-mail addresses are in the cs.uiuc.edu domain.

Principal Investigator: Marianne Winslett

Primary Student Contact: Adam J. Lee (adamlee)

Postdoctoral Associates:

Graduate Students:

Alumni:

Return to top

Software

Return to top

Links of Interest

Internet Security Research Lab at BYU

Return to top