Presentation is loading. Please wait.

Presentation is loading. Please wait.

Computer Science 725 – Software Security Presentation “Decentralized Trust Management” Decentralized Trust ManagementDecentralized Trust Management M.

Published byLiliana Rogers Modified over 9 years ago

Similar presentations

Presentation on theme: "Computer Science 725 – Software Security Presentation “Decentralized Trust Management” Decentralized Trust ManagementDecentralized Trust Management M."— Presentation transcript:

1 Computer Science 725 – Software Security Presentation “Decentralized Trust Management” Decentralized Trust ManagementDecentralized Trust Management M. Blaze, J. Feigenbaum, J. Lacy, IEEE Symposium on Security and Privacy, pp. 164-173, 1996. http://ieeexplore.ieee.org/iel3/3742/10940/00502679.pdf

2 Summary Identify Trust Management as a distinct and important component in network security Identify Trust Management as a distinct and important component in network security Review of 2 existing systems Review of 2 existing systems Present a new comprehensive approach to this problem Present a new comprehensive approach to this problem Describe a prototype (PolicyMaker) which implements this new approach Describe a prototype (PolicyMaker) which implements this new approach

3 What is Trust Management? Policy (a banking system requires at least k officers to approve a loan of $10,000) Policy (a banking system requires at least k officers to approve a loan of $10,000) Credentials (enable an employee to prove he can be counted as 1 out of k approvers) Credentials (enable an employee to prove he can be counted as 1 out of k approvers) Trust (enable the bank to specify who may issue such credentials) Trust (enable the bank to specify who may issue such credentials) Public Key

4 Principles of our approach Unified mechanism Unified mechanism A common language is provided for policies, credentials, and relationshipsA common language is provided for policies, credentials, and relationships Flexibility Flexibility The system is rich enough to support potentially complex relationships in large networksThe system is rich enough to support potentially complex relationships in large networks Locality of control Locality of control Each party in the network can independently decide whether to accept the credentials presentedEach party in the network can independently decide whether to accept the credentials presented Separation of mechanism from policy Separation of mechanism from policy The mechanisms for verification does not depend on the credentials themselvesThe mechanisms for verification does not depend on the credentials themselves

5 Review of Existing Systems What are some potential issues with this system? PGP framework uses “ key certificates” in which trusted third parties (C, D) signs copies of a public key to be distributed PGP framework uses “ key certificates” in which trusted third parties (C, D) signs copies of a public key to be distributed X.509 framework uses a similar system, but also postulates that public keys are only obtained from official “certifying authorities” (C, D) X.509 framework uses a similar system, but also postulates that public keys are only obtained from official “certifying authorities” (C, D) Specify trust Public Key signed by C Public Key signed by D Etc … B accepts Public Key if its trust value is high enough

6 PolicyMaker Approach 1 Obtain certificates, verify signatures on certificates and on application request, determine public key of original signer(s) 2 Verify that certificates are unrevoked 3 Find “trust path” from trusted certifier to certificate of public key in question 4 Extract names from certificates 5 Lookup names in database that maps names to the actions that they are trusted to perform 6 Determine whether requested action is legal, based on the names extracted from certificates and whether the certification authorities are permitted to authorize such actions according to local policy. 7 Proceed if everything appears valid PolicyMakerSubmit request, certificates, and description of local policy to local “trust management engine”

7 The PolicyMaker System What are some potential issues with this system? An independent trust management engine to be used either as a linked library (within systems) or daemon (background application) An independent trust management engine to be used either as a linked library (within systems) or daemon (background application) Called using action query strings Called using action query strings Extendable to allow for external verification of signatures Extendable to allow for external verification of signatures

8 Comments The idea behind this paper is good The idea behind this paper is good Encapsulation of trust managementEncapsulation of trust management Better security provided by consolidated systemBetter security provided by consolidated system The idea presented is more difficult to implement The idea presented is more difficult to implement Dedicated trust management engine and parser is more difficult to implement than certificate based systemDedicated trust management engine and parser is more difficult to implement than certificate based system Only applicable to large commercial applicationsOnly applicable to large commercial applications Protype is already made. Protype is already made.Questions?

Download ppt "Computer Science 725 – Software Security Presentation “Decentralized Trust Management” Decentralized Trust ManagementDecentralized Trust Management M."

Similar presentations

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.
The Role of Trust Management in Distributed Systems Authors Matt Blaze, John Feigenbaum, John Ioannidis, Angelos D. Keromytis Presented By Akshay Gupte.

The Role of Trust Management in Distributed Systems Authors Matt Blaze, John Feigenbaum, John Ioannidis, Angelos D. Keromytis Presented By Akshay Gupte.
Chapter 14 – Authentication Applications

Chapter 14 – Authentication Applications
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
PIS: Unit III Digital Signature & Authentication Sanjay Rawat PIS Unit 3 Digital Sign Auth Sanjay Rawat1 Based on the slides of Lawrie.

PIS: Unit III Digital Signature & Authentication Sanjay Rawat PIS Unit 3 Digital Sign Auth Sanjay Rawat1 Based on the slides of Lawrie.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
OWASP Secure Coding Practices Quick Reference Guide

OWASP Secure Coding Practices Quick Reference Guide
ETen E-Poll ID – Strasbourg COE meeting 23-24 November, 2006 Slide 1 E-TEN 29332 E-POLL Project Electronic Polling System for Remote Operation Strasbourg.

ETen E-Poll ID – Strasbourg COE meeting November, 2006 Slide 1 E-TEN E-POLL Project Electronic Polling System for Remote Operation Strasbourg.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 12 Slide 1 Distributed Systems Design 2.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 12 Slide 1 Distributed Systems Design 2.
PKE PP Mike Henry Jean Petty Entrust CygnaCom Santosh Chokhani.

PKE PP Mike Henry Jean Petty Entrust CygnaCom Santosh Chokhani.
REFEREE: Trust Management for Web Applications Yang-hua Chu (MIT/W3C) Joint Work with Joan Feigenbaum (AT&T Labs) Brian LaMacchia (AT&T Labs) Paul Resnick.

REFEREE: Trust Management for Web Applications Yang-hua Chu (MIT/W3C) Joint Work with Joan Feigenbaum (AT&T Labs) Brian LaMacchia (AT&T Labs) Paul Resnick.
ESign-Online Digital Signature Service February 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry.

ESign-Online Digital Signature Service February 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry.
Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.

Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.
TGDC Meeting, July 2011 Review of VVSG 1.1 Nelson Hastings, Ph.D. Technical Project Leader for Voting Standards, ITL

TGDC Meeting, July 2011 Review of VVSG 1.1 Nelson Hastings, Ph.D. Technical Project Leader for Voting Standards, ITL
6/1/20151 Digital Signature and Public Key Infrastructure Course:COSC513-01 Instructor:Professor Anvari Student ID:106845 Name:Xin Wen Date:11/25/00.

6/1/20151 Digital Signature and Public Key Infrastructure Course:COSC Instructor:Professor Anvari Student ID: Name:Xin Wen Date:11/25/00.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.

David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.
DIGITAL SIGNATURE AND ELECTRONIC DOCUMENTS IN ITALY Prof. Pierluigi Ridolfi AIPA Authority for Information Technology in the Public Administration V. Solferino,

DIGITAL SIGNATURE AND ELECTRONIC DOCUMENTS IN ITALY Prof. Pierluigi Ridolfi AIPA Authority for Information Technology in the Public Administration V. Solferino,
Federal Information Processing Standard (FIPS) 201, Personal Identity Verification for Federal Employees and Contractors Tim Polk May.

Federal Information Processing Standard (FIPS) 201, Personal Identity Verification for Federal Employees and Contractors Tim Polk May.
7M701 1 Software Engineering Object-oriented Design Sommerville, Ian (2001) Software Engineering, 6 th edition: Chapter 12 )

7M701 1 Software Engineering Object-oriented Design Sommerville, Ian (2001) Software Engineering, 6 th edition: Chapter 12 )

Similar presentations

Ads by Google