Visualization of Automated Trust Negotiation

1
Visualization of Automated Trust Negotiation

• Danfeng Yao Michael Shin
• Brown University Goldman
  Sachs Inc.
• Roberto Tamassia
  William H. Winsborough
• Brown University University of Texas,
  San Antonio

Supported in part by NSF grants CCF0311510,
IIS0324846, CNS0303577 and CNS-0325951
2
Overview

• Introduction to two-party automated trust
  negotiation (ATN)
• Trust target graph (TTG)
• Design of the visualization framework
• Prototype implementation
• Example of a visualization session
• Demo of our visualization program

3
Monitoring the release of sensitive credentials

• Accessing protected resources requires releasing
  digital credentials
• Credentials may be sensitive
• Need to control the release of digital
  credentials
• Trust Negotiation is an incremental, bilateral
  exchange of credentials and policies between
  resource owner and requester
• Visualization of automated trust negotiation
• Gives teaching and learning support for ATN users
  
• Enables users to visually examine the ATN process
• The combination of interactive visualization and
  ATN improves the security of protected resources
• We demonstrate that Grappa and GraphViz (ATT)
  are suitable graph drawing systems for
  visualizing ATN

4
(No Transcript)
5
A simple trust negotiation example
Request for discount
Alice
6
A general trust negotiation Protocol
Request for resource
Alice
7
Trust target graph

• Trust target graph (TTG) is a directed graph
  representing the state of negotiation
  Winsborough Li 02
• The negotiation succeeds when the primary trust
  target is satisfied
• Fails when the primary target cannot be
  satisfied, or when neither negotiator changes the
  graph
• TTG can have cycles and be non-planar
• Construction of TTG
• Each negotiator keeps a local copy of TTG
• Nodes are trust targets
• lt Amazon Amazon.discount ?? Alice gt
• The state of a node unknown, satisified, or
  unsatisfied
• Edges represent implication and control
  relationships
• Satisfied states propagate along the edges
• Negotiators take turns extending the TTG by
  adding new edges and nodes to the current graph
• At the beginning TTG contains only the primary
  trust target
• The new TTG is a supergraph of the previous one
• Associated credentials or policies are
  transmitted

8
TTG construction of the example
Amazon Amazon.discount ? Alice
9
Components of our ATN visualization framework
10
Prototype implementation

• The visualizer displays the construction of TTG
  for negotiators
• Uses Grappa system Barghouti, Mocenigo, Lee. GD
  97, a Java port of GraphViz system Ellson,
  Gansner, Koutsofios, North, Woodhull et al for
  graph drawing
• Layout provided by dot in GraphViz
• The upward drawing heuristics and hierarchical
  (layered) drawing features are suitable for
  drawing directed graphs such as TTGs
• Layout algorithms try to avoid edge crossings and
  reduce edge length
• Colors and shapes of nodes and edges represent
  different types in TTG and can be customized
• Displays local credentials, remote credentials,
  and policies

11
(No Transcript)
12
Edge types
13
Demo of a visualization session

• Requester Alice
• Works at purchase department in Medix Fund
  (MedixFund.purchasingA)
• She considers this credential sensitive
• Resource owner Medical Supply Company (MedSup)
• A member of ReliefNet (ReliefNet.member)
• Requested resource Discount from MedSup
• MedSup.discount
• Delegation credentials transfer privileges
  between roles
• Role provisioner at ReliefNet is delegated to
  MedixFund.purchasingA
• cPartner at Medix Fund is delegated to
  ReliefNet.member
• Discount is given to provisioner at ReliefNet

14
ATN-Vis Demo
15
Example -- Start
Requester Alice
Provider Medical Supply (MedSup)
16
Example -- 3 progress
17
Example -- 16 progress
18
Example -- 19 progress
19
Example -- 23 progress
20
Example -- 29 progress
21
Example -- 42 progress
22
Example -- 45 progress
23
Example -- 52 progress
24
Example -- 61 progress
25
Example -- 71 progress
26
Example -- 77 progress
27
Example -- 74 progress
28
Example -- 84 progress
29
Example -- 97 progress
30
Example -- 100 progress
31
Related Work

• Graph drawing systems
• Grappa Barghouti, Mocenigo, Lee. GD 97
• GraphViz Ellson, Gansner, Koutsofios, North,
  Woodhull et al
• Visualization of protocols
• Hall, Moore, Pratt, Leslie. SIGCOMM Workshop
  03
• Zhao, Mayo. ICEE 02
• Koch, Parisi-Presicce. FASE 03
• Trust negotiation
• Winsborough, Seamons, Jones. DISCEX00
• Yu, Ma, Winslett. CCS00
• Winsborough, Li. POLICY 02
• Li, Du, Boneh 03
• Combination of visualization and automated
  protocols
• Anomaly detection Teoh, Zhang, Tseng, Ma, Wu.
  VizSEC/DMSEC 04
• Mining geo-spatial datasets Keim, Panse, Sips,
  North. CG 04

32
Conclusions and future work

• We have described the architecture and data model
  of an interactive visualization framework for ATN
• We have presented a prototype of our ATN
  visualization framework
• Grappa and GraphViz are suitable tools for
  drawing trust target graphs in ATN
• For future work, we plan to bring more
  interactive components into the implementation
• Provide more interactive explanations of texts
  inside TTG nodes
• Visualization and modification of negotiation
  strategies