SUDP: Secret-Use Delegation Protocol for Agentic Systems
Xiaohang Yu, Hejia Geng, Xinmeng Zeng, William Knottenbelt
Key claim
SUDP prevents reusable authority from crossing requester boundaries.
The paper addresses the security risks associated with agentic systems using user secrets by formalizing the Agent Secret Use (ASU) problem. It proposes the Secret-Use Delegation Protocol (SUDP), which allows secure operations without granting reusable authority to untrusted requesters. This approach ensures that user-authorized actions are performed safely and effectively.
The paper introduces a new protocol for secure agent operations involving user secrets.
The proposed protocol is backed by formal definitions and a reference implementation.
Deep reliability assessment
The methodology supports the formalization of the Agent Secret Use problem and the proposed SUDP protocol, but claims of comprehensive security guarantees may be overstated without extensive real-world testing. The theoretical framework is robust, yet practical implementations may reveal unforeseen vulnerabilities.
Reproducibility
yes, reference implementation is available at https://github.com/xhyumiracle/sudp
Discussion questions
- What assumptions about user behavior and trust in custodians are critical to the success of SUDP?
- How can builders ensure that the integration of SUDP does not introduce new vulnerabilities in existing systems?
- What specific scenarios or attacks would demonstrate the failure of SUDP's security properties?
Key figure
Figure 1 illustrates the roles and interactions in the SUDP protocol, highlighting the flow of authorization and secret use between the requester, authorizer, custodian, and external environment.