An Introduction to Decentralized Trust Management Sandro Etalle University of Twente thanks to William H. Winsborough – University of Texas S. Antonio.

Slides:

Advertisements

Similar presentations

Logical Model and Specification of Usage Control Xinwen Zhang, Jaehong Park Francesco Parisi-Presicce, Ravi Sandhu George Mason University.

Advertisements

Policy Based Dynamic Negotiation for Grid Services Authorization Infolunch, L3S Research Center Hannover, 29 th Jun Ionut Constandache Daniel Olmedilla.

University Data Classification Table* Level 5Level 4 Information that would cause severe harm to individuals or the University if disclosed. Level 5 information.

An Introduction to the Model Verifier verds Wenhui Zhang September 15 th, 2010.

Decentralized Trust Management Sandro Etalle Jerry den Hartog.

Rule based Trust management using RT - second lecture Sandro Etalle thanks to Ninghui Li - Purdue William H. Winsborough – University of Texas S. Antonio.

Deeper Security Analysis of Web-based Identity Federation Apurva Kumar IBM Research – India.

The Office of Information Technology Information Security Administrator Kenneth Pierce, Vice Provost for IT and Chief Information Officer.

Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.

Responding to Policies at Runtime in TrustBuilder Bryan Smith, Kent E. Seamons, and Michael D. Jones Computer Science Department Brigham Young University.

TrustMe: Anonymous Management of Trust Relationships in Decentralized P2P Systems Aameek Singh and Ling Liu Presented by: Korporn Panyim.

1 Trust and Privacy in Authorization Bharat Bhargava Yuhui Zhong Leszek Lilien CERIAS Security Center CWSA Wireless Center Department of CS and ECE Purdue.

Enterprise Privacy Promises and Enforcement Adam Barth John C. Mitchell.

Trust, Privacy, and Security Moderator: Bharat Bhargava Purdue University.

Trust Management II Anupam Datta Fall A: Foundations of Security and Privacy.

Using Digital Credentials On The World-Wide Web M. Winslett.

11 World-Leading Research with Real-World Impact! RT-Based Administrative Models for Community Cyber Security Information Sharing Ravi Sandhu, Khalid Zaman.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.

RETSINA: A Distributed Multi-Agent Infrastructure for Information Gathering and Decision Support The Robotics Institute Carnegie Mellon University PI:

First Practice - Information Security Management System Implementation and ISO Certification.

IT Security Challenges In Higher Education Steve Schuster Cornell University.

Enterprise Privacy Promises and Enforcement Adam Barth John C. Mitchell.

Audumbar Chormale Advisor: Dr. Anupam Joshi M.S. Thesis Defense

Role-based Trust Management Security Policy Analysis and Correction Environment (RT-SPACE). Gregory T. Hoffer CS7323 – Research Seminar (Dr. Qi Tian)

Web Policy Zeitgeist Panel SWPW 2005 – Galway, Ireland Piero Bonatti, November 7th, 2005.

1 Role-Based Cascaded Delegation: A Decentralized Delegation Model for Roles Roberto Tamassia Danfeng Yao William H. Winsborough Brown University Brown.

CS590U Access Control: Theory and Practice Lecture 21 (April 11) Distributed Credential Chain Discovery in Trust Management.

Adaptive Trust Negotiation and Access Control Tatyana Ryutov, et.al. Presented by: Carlos Caicedo.

TRUST NEGOTIATION IN ONLINE BUSINESS TRANSACTIONS BY CHANDRAKANTH REDDY.

MITREMITRE Coalition Security Policy Language Project 11 December 2000.

© Synergetics Portfolio Security Aspecten.

Rule based Trust management using RT Sandro Etalle thanks to Ninghui Li - Purdue William H. Winsborough – University of Texas S. Antonio. The DTM team.

Grid Security Issues Shelestov Andrii Space Research Institute NASU-NSAU, Ukraine.

POLIPO: Policies & OntoLogies for Interoperability, Portability, and autOnomy Daniel Trivellato.

Rule based Trust management using RT – third lecture Sandro Etalle University of Twente & Eindhoven thanks to Ninghui Li - Purdue William H. Winsborough.

Confidentiality-preserving Proof Theories for Distributed Proof Systems Kazuhiro Minami National Institute of Informatics FAIS 2011.

Access Control for Federation of Emulab-based Network Testbeds Ted Faber, John Wroclawski 28 July 2008

SOA-39: Securing Your SOA Francois Martel Principal Solution Engineer Mitigating Security Risks of a De-coupled Infrastructure.

Lightweight Consistency Enforcement Schemes for Distributed Proofs with Hidden Subtrees Adam J. Lee, Kazuhiro Minami, and Marianne Winslett University.

Trust-X: A Peer-to-Peer Framework for Trust Establishment Elisa Bertino, et.al. Presented by: Carlos Caicedo.

PEP Similarity Credential Repository Gossip protocol Access request Credential request Reputation-based Similarity Evaluator AC Policy Request Decision.

22/01/2004Daniel Olmedilla1 INTEGRATING PROLOG IN TRUST NEGOTIATION Software Project / Summer Semester /04/2004 Daniel Olmedilla L3S / University.

University of British Columbia Towards Web 2.0 Content Sharing Beyond Walled Gardens San-Tsai Sun Supervisor: Kosta Beznosov Laboratory for Education and.

Visualization of Automated Trust Negotiation Danfeng Yao Michael Shin Danfeng Yao Michael Shin Brown University Goldman Sachs Inc. Brown University Goldman.

CSIIR Workshop March 14-15, Privilege and Policy Management for Cyber Infrastructures Dennis Kafura Markus Lorch Support provided by: Commonwealth.

Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Policies September 7, 2010.

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Automatic Trust Negotiation Rajesh Gangam

A Quantitative Trust Model for Negotiating Agents A Quantitative Trust Model for Negotiating Agents Jamal Bentahar, John Jules Ch. Meyer Concordia University.

Introduction to Access Control and Trust Management Daniel Trivellato.

Connect. Communicate. Collaborate Deploying Authorization Mechanisms for Federated Services in the eduroam architecture (DAMe)* Antonio F. Gómez-Skarmeta.

Computer Science and Engineering 1 Mobile Computing and Security.

University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.

Rule based Trust management using RT – third lecture Sandro Etalle University of Twente & Eindhoven thanks to Ninghui Li - Purdue William H. Winsborough.

Policy-Based Dynamic Negotiation for Grid Services Authorization Ionut Constandache, Daniel Olmedilla, Wolfgang Nejdl Semantic Web Policy Workshop, ISWC’05.

Newcastle uopn Tyne, September 2002 V. Ghini, G. Lodi, N. Mezzetti, F. Panzieri Department of Computer Science University of Bologna.

Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Policies June 2011.

1 Authorization Sec PAL: A Decentralized Authorization Language.

Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #18 Secure Knowledge Management:

Anupam Joshi University of Maryland, Baltimore County Joint work with Tim Finin and several students Computational/Declarative Policies.

Decentralized Access Control: Overview Deepak Garg Foundations of Security and Privacy Fall 2009.

Talal H. Noor, Quan Z. Sheng, Lina Yao,

Kent Seamons Brigham Young University Marianne Winslett, Ting Yu

Building Trustworthy Semantic Webs

SECURITY MECHANISM & E-COMMERCE

CONFIDENTIALITY, INTEGRITY, LEGAL INTERCEPTION

Beyond Proof-of-compliance: Security Analysis in Trust Management

Identity and Trust Management Platform in DICOM

Protecting Privacy During On-line Trust Negotiation

Policy Language Requirements for Trust Negotiation

Presentation transcript:

An Introduction to Decentralized Trust Management Sandro Etalle University of Twente thanks to William H. Winsborough – University of Texas S. Antonio. The DTM team of the UT (Ha, Marcin, Jeroen Jerry)

IPA Herfstdagen SecurityEtalle: Decentralized Trust Management. 2 Overview Reputation-based trust management Rule-based trust management Problems & Challenges (rule-based systems)  scalability & chain discovery  trust negotiation  integrity constraints Conclusions

IPA Herfstdagen SecurityEtalle: Decentralized Trust Management. 3 Reputation-based TM concrete community of cooks (200 people) need to interact with someone you don’t know,  to extablish trust: you ask your friends  and friends of friends ... some recommendations are better than other you check the record (if any)  after success trust increases reputation-based TM – rule-based TM – problems & challenges - conclusions

IPA Herfstdagen SecurityEtalle: Decentralized Trust Management. 4 Reputation-based TM virtual p2p community of hackers (2000 people)  exchange programs & scripts need to interact with someone you don’t know, ... difference with concrete community:  larger, faster trust establishment has to be to some extent automatic reputation-based TM – rule-based TM – problems & challenges - conclusions

IPA Herfstdagen SecurityEtalle: Decentralized Trust Management. 5 for instance reputation-based TM – rule-based TM – problems & challenges - conclusions

IPA Herfstdagen SecurityEtalle: Decentralized Trust Management. 6 challenges trust metrics  how to model and compute trust  evaluating initial trust value  combining evidences, recommendations, reputation management of reputation data  secure & efficient retrieval of reputation data automating trust based decision closing the circle: using experience as feedback reputation-based TM – rule-based TM – problems & challenges - conclusions

IPA Herfstdagen SecurityEtalle: Decentralized Trust Management. 7 Reputation-based TM: salient features open system (different security domains) trust is a measure & changes in time risk-based recommendation based (NOT identity-based) peers are not continuously available Some systems:  PGP,  EigenTrust Algorithm (Stanford) reputation-based TM – rule-based TM – problems & challenges - conclusions

IPA Herfstdagen SecurityEtalle: Decentralized Trust Management. 8 rule-based TM: concrete example reputation-based TM – rule-based TM – problems & challenges - conclusions

IPA Herfstdagen SecurityEtalle: Decentralized Trust Management. 9 rule-based tm, virtual scalability reputation-based TM – rule-based TM – problems & challenges - conclusions

IPA Herfstdagen SecurityEtalle: Decentralized Trust Management. 10 RT: a language for rule-based tm family of languages [Li, Mitchell, Winsborough] four types of credentials EPub.discount  Alice EPub.discount  UTwente.student EPub.discount  FAB.accredited.student EPub.discount  UTwente.student  UTwente.student principal role name principal.rolename = Role trusting principaltrusted principal (somewhere else: delegation) reputation-based TM – rule-based TM – problems & challenges - conclusions attribute-based delegation

IPA Herfstdagen SecurityEtalle: Decentralized Trust Management. 11 some language requirements [Bertino] Monotonicity Constraints (omitted) Credential combination Sensitive Policies reputation-based TM – rule-based TM – problems & challenges - conclusions

IPA Herfstdagen SecurityEtalle: Decentralized Trust Management. 12 Reputation vs rule based TM open system (different security domains) trust is a measure & changes in time risk-based recommendation based (NOT identity-based) peers are not continuously available Some systems: PGP TBD open system (different security domains) trust is boolean & less time- dependent no risk rule (credential) based (NOT identity-based) peers are not continuously available Some systems: keynote, Trust-X reputation-based TM – rule-based TM – problems & challenges - conclusions

IPA Herfstdagen SecurityEtalle: Decentralized Trust Management. 13 Problem 1: scalability attribute-based delegation:  accepting student ID from any university EPub.discount  FAB.accred.student FAB.accredited  UnivTwente UnivTwente.student  Alice Credential chain proves authorization. Scalability problem reputation-based TM – rule-based TM – problems & challenges - conclusions

IPA Herfstdagen SecurityEtalle: Decentralized Trust Management. 14 Problem 2: trust negotiations credentials can be confidential credential disclosure is a matter of... trust three strategies [Seamons]  Naive  Reasonable  Informed additional problem: what do you do with the info in a credential after it has been disclosed reputation-based TM – rule-based TM – problems & challenges - conclusions

IPA Herfstdagen SecurityEtalle: Decentralized Trust Management. 15 Problem 3: control Policies change in time: P  P1 ...  Pn A principal controls only a portion of the policy Delegating trust implies an understanding between principals,  Trusted principals need assistance  Who could get access to what? (Safety)  Who could be denied? (Availability) “No-one should ever be both a buyer and an accountant”  Mutual Exclusion reputation-based TM – rule-based TM – problems & challenges - conclusions

IPA Herfstdagen SecurityEtalle: Decentralized Trust Management. 16 Conclusions Context:  2 or more parties in an open system.  parties are not in the same security domain. Goal  establish trust between parties to exchange information and services (access control) Constraint  access control decision is made NOT according to the party identity BUT according to the credentials it has reputation-based TM – rule-based TM – problems & challenges - conclusions

IPA Herfstdagen SecurityEtalle: Decentralized Trust Management. 17 Open problems Analysis  safety analysis we are now working with Spin in RT0, for RTC (with constraints) nothing is available  of negotiations protocols w.r.t. the TM goals. Integration with other systems  e.g. privacy protection location-dependent policies  ambient calculi? DRM Semantics is not correct when considering:  chain discovery  negotiations is not modular  certainly possible to improve this using previous work on omega-semantics. Types

IPA Herfstdagen SecurityEtalle: Decentralized Trust Management. 18 Integrity Constraints: General Form General: L.l ⊒ R.r  Formally, L.l ⊒ R.r holds in P ( P ⊢ L.l ⊒ R.r) iff [[L.l]] P  [[R.r]] P  sets and intersections are allowed Special cases  Membership: A.r ⊒ { D 1, …, D n }  Boundedness: { D 1, …, D n } ⊒ A.r  expressiveness is limited (it is a universal formula) but we can express all safety properties of [LWM03]  counterexample: at least a manager should have access to the DB

IPA Herfstdagen SecurityEtalle: Decentralized Trust Management. 19 Examples buyers and accountants should be disjoint   ⊒ A.buyer  A.accountant every employee should have access to the WLAN network  WLAN.access ⊒ UT.employee welders of BOVAG-accredited workshops should be fellows of the British Institute of Welding Bovag.welder  Bovag.accr.welder Bovag.accr  PietersWorkshop PietersWorkshop.welder  Pieter  BIW.fellow ⊒ Bovag.welder