80 likes | 93 Views
DECENTRALIZED TRUST MANAGEMENT. M. Blaze, J. Feigenbaum, and J. Lacy. Decentralized Trust Management. In Proc. of the 17 th Symposium on Security and Privacy, pages 164-173. IEEE Computer Society Press, Los Alamitos, 1996. Presenter: Tony Wu. PolicyMaker.
E N D
DECENTRALIZED TRUST MANAGEMENT M. Blaze, J. Feigenbaum, and J. Lacy. Decentralized Trust Management. In Proc. of the 17th Symposium on Security and Privacy, pages 164-173. IEEE Computer Society Press, Los Alamitos, 1996. Presenter: Tony Wu
PolicyMaker • This paper introduced the first example of a “trust-management engine” which is called PolicyMaker . • The old mechanism is like this: • The PolicyMaker’s approach is like this: Information found on certificate External lookup Traditional public key certificate Name/ Identity Authorization Information found on credential Trust management credential Authorization
Appreciation • “...The problem of reliably mapping names to the actions they are trusted to perform can represent as much of a security risk as the problem of mapping public keys to names, yet the certificate do not help the application map names to actions...” • Novelty: the trust management problem has not previously been identified as a general problem and studied in its own right. • Usability: Secure Email system. Anonymous electronic voting system. • Non-obvious: The PolicyMaker engine is very complex. There are lots of mathematical details for the compliance checking.
Criticism (1) • “...PolicyMaker departs sharply from certificate-based security system centred on the binding of identities to keys in that it allows requested of secure services to prove directly that they hold credentials that authorize them to use those services...” • The authors didn’t provide any comprehensive diagrams to show the idea.
Existing Approach User Authenticator Authoriser UserID Yes/No Requests
PolicyMaker’s Architecture Verifier PolicyMaker Engine User Query Yes/No Local Policy
Criticism (2) • PolicyMaker is unable to handle dynamic form of trust. • Systems change and evolve so there is a need to monitor trust relationships to determine whether the criteria on which they are based still apply. This could also involve the process of keeping track of the activities of the trustee and of determining the necessary action needed when the trustee violates the trustor’s trust. • It should cover monitoring and re-evaluation of trust.
Questions for us • Where should the boundaries be drawn between a trust-management system and the application use it? For example, should credential-fetching and digital signature verification be the responsibility of the trust-management system or the calling application?