Trust negotiation is a process that establishes mutual trust by the exchange of digital credentials and/or guiding policies among entities who may have no pre-existing knowledge about each other. Motivated by the desire to disclose as little sensitive information as possible in practice, this paper investigates the problem of minimizing the “cost” of the credentials exchanged during a trust-negotiation protocol. A credential or a policy is assigned a weighted cost, referred to as its sensitivity cost. We formalize an optimization problem, namely the Minimum Sensitivity Cost problem, whose objective is to minimize the total sensitivity costs of the credentials and policies disclosed by a trust-negotiation protocol. We study the complexity of the Minimal Sensitivity Cost problem and propose algorithms to solve the problem efficiently, in both cases when policies are cost-sensitive and cost-insensitive. A simple Finite State Machine model of trust-negotiation protocols is presented ...
Weifeng Chen, L. Clarke, James F. Kurose, Donald F