Type Dependent Policy Language

Remote attestation is the act of making trust decisions about a communicating party. During thisprocess, an appraiser asks a target to execute an attestation protocol that generates and returns evidence. The appraiser can then make claims about the target by evaluating the evidence. Coplandis a formally specified, executable language for representing attestation protocols. We introduceCopland centered negotiation as prerequisite to attestation to find a protocol that meets the target’s needs for constrained disclosure and the appraiser’s desire for comprehensive information. Negotiation begins when the appraiser sends a request, a Copland phrase, to the target. The target gathers all protocols that satisfy the request and then, using their privacy policy, can filter out the phrases that expose sensitive information. The target sends these phrases to the appraiser as a proposal. The appraiser then chooses the best phrase for attestation, based on situational requirementsembodied in a selection function. Our focus is statically ensuring the target does not share sensitive information though terms in the proposal, meeting their need for constrained disclosure. To accomplish this, we realize two independent implementation of the privacy and selection policies using indexed types and subset types. In using indexed types, the policy check is accomplished by indexing the term grammar with the type of evidence the term produces. The statically ensures that terms written in the language will satisfy the privacy policy criteria. In using the subset type,we statically limit the collection of terms to those that satisfy the privacy policy. This type abides by the rules of set comprehension to build a set such that all elements of the set satisfy the privacy policy. Combining our ideas for a dependently typed privacy policy and negotiation, we give the target the chance to suggest a term or terms for attestation that fits the appraiser’s needs while not disclosing sensitive information