1 / 8

Computer Science 725 – Software Security Presentation

Computer Science 725 – Software Security Presentation. “ Decentralized Trust Management ” M. Blaze, J. Feigenbaum, J. Lacy, IEEE Symposium on Security and Privacy, pp. 164-173, 1996. http://ieeexplore.ieee.org/iel3/3742/10940/00502679.pdf. Summary.

tasha-chase
Download Presentation

Computer Science 725 – Software Security Presentation

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Computer Science 725 – Software Security Presentation “Decentralized Trust Management” M. Blaze, J. Feigenbaum, J. Lacy, IEEE Symposium on Security and Privacy, pp. 164-173, 1996. http://ieeexplore.ieee.org/iel3/3742/10940/00502679.pdf

  2. Summary • Identify Trust Management as a distinct and important component in network security • Review of 2 existing systems • Present a new comprehensive approach to this problem • Describe a prototype (PolicyMaker) which implements this new approach

  3. Public Key Public Key What is Trust Management? ? • Policy (a banking system requires at least k officers to approve a loan of $10,000) • Credentials (enable an employee to prove he can be counted as 1 out of k approvers) • Trust (enable the bank to specify who may issue such credentials) C Public Key A B

  4. Principles of our approach • Unified mechanism • A common language is provided for policies, credentials, and relationships • Flexibility • The system is rich enough to support potentially complex relationships in large networks • Locality of control • Each party in the network can independently decide whether to accept the credentials presented • Separation of mechanism from policy • The mechanisms for verification does not depend on the credentials themselves

  5. Review of Existing Systems What are some potential issues with this system? • PGP framework uses “ key certificates” in which trusted third parties (C, D) signs copies of a public key to be distributed • X.509 framework uses a similar system, but also postulates that public keys are only obtained from official “certifying authorities” (C, D) C B accepts Public Key if its trust value is high enough Public Key signed by C A B Specify trust Public Key signed by D D Etc …

  6. PolicyMaker 3 4 5 6 PolicyMaker Approach • Obtain certificates, verify signatures on certificates and on application request, determine public key of original signer(s) • Verify that certificates are unrevoked • Find “trust path” from trusted certifier to certificate of public key in question • Extract names from certificates • Lookup names in database that maps names to the actions that they are trusted to perform • Determine whether requested action is legal, based on the names extracted from certificates and whether the certification authorities are permitted to authorize such actions according to local policy. • Proceed if everything appears valid PolicyMaker Submit request, certificates, and description of local policy to local “trust management engine” 1 2 7

  7. The PolicyMaker System What are some potential issues with this system? • An independent trust management engine to be used either as a linked library (within systems) or daemon (background application) • Called using action query strings • Extendable to allow for external verification of signatures

  8. Comments • The idea behind this paper is good • Encapsulation of trust management • Better security provided by consolidated system • The idea presented is more difficult to implement • Dedicated trust management engine and parser is more difficult to implement than certificate based system • Only applicable to large commercial applications • Protype is already made. Questions?

More Related