The Role of Trust Management in Distributed Systems Authors Matt Blaze, John Feigenbaum, John Ioannidis, Angelos D. Keromytis Presented By Akshay Gupte.

Slides:



Advertisements
Similar presentations
Towards Remote Policy Enforcement for Runtime Protection of Mobile Code Using Trusted Computing Xinwen Zhang Francesco Parisi-Presicce Ravi Sandhu
Advertisements

The Challenges of CORBA Security It is important to understand that [CORBAsecurity] is only a (powerful) security toolbox and not the solution to all security.
AUTHENTICATION AND KEY DISTRIBUTION
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
Executional Architecture
External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.
Lesson 17: Configuring Security Policies
Chapter One The Essence of UNIX.
CCSDS Security Working Group Spring 2014 Meeting 31 March – 1 April 2014 Noordwijkerhout, The Netherlands Charles Sheehe NASA/Glenn.
Secure Systems Research Group - FAU Patterns for access control E.B. Fernandez.
Design Principles Overview Principles Least Privilege Fail-Safe Defaults Economy of Mechanism Complete Mediation Open Design Separation of Privilege Least.
Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.
Edward Tsai – CS 239 – Spring 2003 Strong Security for Active Networks CS 239 – Network Security Edward Tsai Tuesday, May 13, 2003.
Making certificates programmable1 John DeTreville Microsoft Research April 24, 2002.
OCT1 Principles From Chapter One of “Distributed Systems Concepts and Design”
Implementing a Distributed Firewall
An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.
DISTRIBUTED PROCESS IMPLEMENTAION BHAVIN KANSARA.
Lecture 7 Access Control
Module 10: Designing an AD RMS Infrastructure in Windows Server 2008.
Designing Active Directory for Security
Presented by Amlan B Dey.  Access control is the traditional center of gravity of computer security.  It is where security engineering meets computer.
SAMANVITHA RAMAYANAM 18 TH FEBRUARY 2010 CPE 691 LAYERED APPLICATION.
Network Firewall Technologies By: David W Chadwick Implementing a Distributed Firewall By: Sotiris Ioannidis Angelos D. Keromytis Steve M. Bellovin Jonathan.
Computer Science 725 – Software Security Presentation “Decentralized Trust Management” Decentralized Trust ManagementDecentralized Trust Management M.
Proof Carrying Code Zhiwei Lin. Outline Proof-Carrying Code The Design and Implementation of a Certifying Compiler A Proof – Carrying Code Architecture.
Module 5 Configuring Authentication. Module Overview Lesson 1: Understanding Classic SharePoint Authentication Providers Lesson 2: Understanding Federated.
Sanna Liimatainen T Internetworking Seminar1 Scientific Writing T Internetworking Seminar Sanna Liimatainen, Lic. Sc. (Tech)
.Net Security and performance
Secure Active Network Prototypes Sandra Murphy TIS Labs at Network Associates March 16,1999.
Information Security - City College1 Access Control in Collaborative Systems Authors: Emis Simo David Naco.
SECURE WEB APPLICATIONS VIA AUTOMATIC PARTITIONING S. Chong, J. Liu, A. C. Myers, X. Qi, K. Vikram, L. Zheng, X. Zheng Cornell University.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED.
1 Authorization for Metacomputing Applications G. Gheorghiu, T. Ryutov and B. C. Neuman University of Southern California Information Sciences Institute.
Secure Systems Research Group - FAU SW Development methodology using patterns and model checking 8/13/2009 Maha B Abbey PhD Candidate.
Secure Systems Research Group - FAU A Trust Model for Web Services Ph.D Dissertation Progress Report Candidate: Nelly A. Delessy, Advisor: Dr E.B. Fernandez.
Security, Accounting, and Assurance Mahdi N. Bojnordi 2004
GUDURU PRAVEEN REDDY.NET IMPERSONATION. Contents Introduction Impersonation Enabled Impersonation Disabled Impersonation Class Libraries Impersonation.
M. Blaze, J. Feigenbaum, and J. Lacy. Decentralized Trust Management. In Proc. of the 17 th Symposium on Security and Privacy, pages IEEE Computer.
 Copyright 2005 Digital Enterprise Research Institute. All rights reserved. Enabling Components Management and Dynamic Execution Semantic.
Security fundamentals Topic 2 Establishing and maintaining baseline security.
© 2006 Pearson Addison-Wesley. All rights reserved 2-1 Chapter 2 Principles of Programming & Software Engineering.
Architecture View Models A model is a complete, simplified description of a system from a particular perspective or viewpoint. There is no single view.
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE September Integrating Policy with Applications.
Time-Space Trust in Networks Shunan Ma, Jingsha He and Yuqiang Zhang 1 College of Computer Science and Technology 2 School of Software Engineering.
Privilege Management Chapter 22.
June 1, 2004Computer Security: Art and Science © Matt Bishop Slide #13-1 Chapter 13: Design Principles Overview Principles –Least Privilege –Fail-Safe.
Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Securing Distributed Systems with Information Flow Control.
Newcastle uopn Tyne, September 2002 V. Ghini, G. Lodi, N. Mezzetti, F. Panzieri Department of Computer Science University of Bologna.
LINUX Presented By Parvathy Subramanian. April 23, 2008LINUX, By Parvathy Subramanian2 Agenda ► Introduction ► Standard design for security systems ►
Integrating Access Control with Intentional Naming Sanjay Raman MIT Laboratory for Computer Science January 8, 2002 With help from: Dwaine.
IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.
1 Chapter 12: Design Principles Overview –There are principles for many kinds of design Generally, a design should consider: Balance, Rhythm, Proportion,
Slide #13-1 Design Principles CS461/ECE422 Computer Security I Fall 2008 Based on slides provided by Matt Bishop for use with Computer Security: Art and.
1 Design Principles CS461 / ECE422 Spring Overview Simplicity  Less to go wrong  Fewer possible inconsistencies  Easy to understand Restriction.
ASHRAY PATEL Protection Mechanisms. Roadmap Access Control Four access control processes Managing access control Firewalls Scanning and Analysis tools.
Chapter 29: Program Security Dr. Wayne Summers Department of Computer Science Columbus State University
Decentralized Access Control: Policy Languages and Logics
Presented by Edith Ngai MPhil Term 3 Presentation
DISTRIBUTED SYSTEMS Principles and Paradigms Second Edition ANDREW S
Chapter 14: System Protection
Secure Software Confidentiality Integrity Data Security Authentication
XACML and the Cloud.
Operating System Structure
Building Systems That Flexibly Control Downloaded Executable Content
Computer Security Distributed System Security
Chapter 29: Program Security
Chapter 8: Security Policy
Model-based Adaptation for Self-Healing Systems David Garlan, Bradley Schmert ELSEVIER Sciences of Computer Programming 57 (2005) 이경렬
Presentation transcript:

The Role of Trust Management in Distributed Systems Authors Matt Blaze, John Feigenbaum, John Ioannidis, Angelos D. Keromytis Presented By Akshay Gupte Dept of Computer Science Kent State University

Design of a Distributed Operating System A distributed OS provides the essential services and functionality required of an OS, adding attributes and particular configurations to allow it to support increased scaling and availability. The kernel known as microkernel supports a minimal set of functions, like low-level address space management, thread management, and inter-process communication (IPC).

Access Control Lists It is a list of permissions attached to an object i.e defines what kind of access is to be given to a specific operation. Used commonly in Operating Systems as a security mechanism. However they are inadequate for distributed systems even though they are used.

Authentication In a distributed system some form of authentication is to be provided before access can be granted Usernames and passwords help accomplish this But this can be easily overcome destroying the security and leaving the system vulnerable.

Delegation Necessary for the scalability of a system. Helps in decentralizing administrative tasks. Security mechanisms usually delegate to a certified entity Authorizations are specified only on the highest level in the form of ACL But High level administrative authorities cannot directly specify overall security policy but only certify lower level authorities thus leaving the system inconsistent

Expressibility and Extensibility A generic security mechanism must handle new and diverse conditions and restrictions. ACL is inadequate and insufficient to do so Thus many times these new security policies have to be coded into applications. Thus renewing or changing security policies requires reconfiguration, rebuilding or even rewriting of applications

Local Trust Policy There can be many administrative entities in a distributed system. These entities trust for different users and entities may differ This implies that there must not be a implicit and uniform policy in a distributed system which is not possible in the case of ACL.

Trust Management This model is the solution to all the previously mentioned problems existing in the security of distributed systems This model was introduced by Michael Blaze in 1996 This is a unified approach to interpreting, specifying security policies and credentials that help in direct authorization of security critical actions.

Components of a Trust Management System A language for describing actions, which are operations with security consequences that are to be controlled by the system. A mechanism for identifying principals, which are entities that can be authorized to perform actions. A language for specifying application policies, which govern the actions that principals are authorized to perform. A language for specifying credentials, which allow principals to delegate authorization to other principals. A compliance checker, which provides a service to applications for determining how an action requested by principals should be handled, given a policy and a set of credentials

Questions needed to answer when designing a Trust Management System How should proof of compliance be defined? Should policies and credentials be fully or partially programmable? In which language or notation should they be expressed in? How should responsibility be divided between the trust management engine and the calling application?

Example- Policy Maker Its credentials and policies (together known as assertions) are fully programmable. For the engine to make a decision, the input supplied to it by the calling application must contain one or more policy assertions. Credentials can be written in any programming language. The goal of policy maker is to make the Trust Management engine minimal and analyzable.

Example- Policy Maker The proof of compliance is fully specified and analyzed. Its runtime system provides an enviornment in which the assertions fed to it by the calling application can co-operate to produce (or fail to produce) a proof that the request complies with the policy.

Decisions Policy Maker must make the following decisions – In which order should the assertions be run – How many times each assertion should be run – When an assertion should be discarded because it is behaving in a non co-operative manner

Pseudo code for the Compliance Checking Algorithm

Example- Keynote Designed on the same principles as Policy Maker Gives more responsibility to the trust management engine than the calling application. Its credentials should be written in a specific assertion language that works smoothly with its compliance checker.

Sample Keynote Assertion

Applications of Trust Management Engines 1.Active Networks – Trust Management Systems are used for the following Authorize principals to load code on active routers Set resource limits Establish a fine grained control on what actions a switch may take on the active node Notify nodes behind the firewall that the Particular piece of active code should or should not perform a specific action

Applications of Trust Management Engines 2. Mobile Code Security – Trust Management engines are used here for the following reasons. Express trust relations between code certifying entities and the conditions under which their certification has meaning Credentials are used to describe the minimal set of capabilities the host environment must grant to enable the code to perform its tasks

Applications of Trust Management Engines 3. Access Control Distribution – Trust Management involves the distribution of traditional ACL databases – Architectures based on Trust Management system can be easily extended if it becomes necessary to base access decisions on more complex rules. – Trust management system decouples the specification of access control policies from the mechanism used to distribute and implement them

Refrences M.Blaze, J Feigenbaum, J Ioannidis, A. Keromytis. The KeyNote Trust Management System. June 1998 M.Blaze, J Feigenbaum, J.Lacy. Decentralized Trust Management. In Proc. Of the 17 th Symposium on Security and Privacy. M.Blaze, J Feigenbaum, M.Strauss. Compliance Checking in the Policy Maker Trust Management System. In Proc. Of the Financial Cryptography 98, Lecture Notes in Computer Science vol 1465, pages , Springer, Berlin /Distributed_operating_system