1 / 21

The Role of Trust Management in Distributed Systems

The Role of Trust Management in Distributed Systems . Authors Matt Blaze, John Feigenbaum , John Ioannidis, Angelos D. Keromytis Presented By Akshay Gupte Dept of Computer Science Kent State University. Design of a Distributed Operating System.

gordon
Download Presentation

The Role of Trust Management in Distributed Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Role of Trust Management in Distributed Systems Authors Matt Blaze, John Feigenbaum, John Ioannidis, Angelos D. Keromytis Presented By AkshayGupte Dept of Computer Science Kent State University

  2. Design of a Distributed Operating System • A distributed OS provides the essential services and functionality required of an OS, adding attributes and particular configurations to allow it to support increased scaling and availability. • The kernel known as microkernel supports a minimal set of functions, like low-level address space management, thread management, and inter-process communication (IPC).

  3. Access Control Lists • It is a list of permissions attached to an object i.e defines what kind of access is to be given to a specific operation. • Used commonly in Operating Systems as a security mechanism. • However they are inadequate for distributed systems even though they are used.

  4. Authentication • In a distributed system some form of authentication is to be provided before access can be granted • Usernames and passwords help accomplish this • But this can be easily overcome destroying the security and leaving the system vulnerable.

  5. Delegation • Necessary for the scalability of a system. • Helps in decentralizing administrative tasks. • Security mechanisms usually delegate to a “certified entity” • Authorizations are specified only on the highest level in the form of ACL • But High level administrative authorities cannot directly specify overall security policy but only certify lower level authorities thus leaving the system inconsistent

  6. Expressibility and Extensibility • A generic security mechanism must handle new and diverse conditions and restrictions. • ACL is inadequate and insufficient to do so • Thus many times these new security policies have to be coded into applications. • Thus renewing or changing security policies requires reconfiguration, rebuilding or even rewriting of applications

  7. Local Trust Policy • There can be many administrative entities in a distributed system. • These entities’ trust for different users and entities may differ • This implies that there must not be a implicit and uniform policy in a distributed system which is not possible in the case of ACL.

  8. Trust Management • This model is the solution to all the previously mentioned problems existing in the security of distributed systems • This model was introduced by Michael Blaze in 1996 • This is a unified approach to interpreting, specifying security policies and credentials that help in direct authorization of security critical actions.

  9. Components of a Trust Management System • A language for describing ‘actions’, which are operations with security consequences that are to be controlled by the system. • A mechanism for identifying ‘principals’, which are entities that can be authorized to perform actions. • A language for specifying application ‘policies’, which govern the actions that principals are authorized to perform. • A language for specifying ‘credentials’, which allow principals to delegate authorization to other principals. • A ‘compliance checker’, which provides a service to applications for determining how an action requested by principals should be handled, given a policy and a set of credentials

  10. Questions needed to answer when designing a Trust Management System • How should “proof of compliance” be defined? • Should policies and credentials be fully or partially programmable? In which language or notation should they be expressed in? • How should responsibility be divided between the trust management engine and the calling application?

  11. Example- Policy Maker • Its credentials and policies (together known as assertions) are fully programmable. • For the engine to make a decision, the input supplied to it by the calling application must contain one or more policy assertions. • Credentials can be written in any programming language. • The goal of policy maker is to make the Trust Management engine minimal and analyzable.

  12. Example- Policy Maker • The “proof of compliance” is fully specified and analyzed. • Its runtime system provides an enviornmentin which the assertions fed to it by the calling application can co-operate to produce (or fail to produce) a proof that the request complies with the policy.

  13. Decisions • Policy Maker must make the following decisions • In which order should the assertions be run • How many times each assertion should be run • When an assertion should be discarded because it is behaving in a non co-operative manner

  14. Pseudo code for the Compliance Checking Algorithm

  15. Example- Keynote • Designed on the same principles as Policy Maker • Gives more responsibility to the trust management engine than the calling application. • Its credentials should be written in a specific assertion language that works smoothly with its compliance checker.

  16. Sample Keynote Assertion

  17. Applications of Trust Management Engines • Active Networks • Trust Management Systems are used for the following • Authorize principals to load code on active routers • Set resource limits • Establish a fine grained control on what actions a switch may take on the active node • Notify nodes behind the firewall that the Particular piece of active code should or should not perform a specific action

  18. Applications of Trust Management Engines 2. Mobile Code Security • Trust Management engines are used here for the following reasons. • Express trust relations between code certifying entities and the conditions under which their certification has meaning • Credentials are used to describe the minimal set of capabilities the host environment must grant to enable the code to perform its tasks

  19. Applications of Trust Management Engines 3. Access Control Distribution • Trust Management involves the distribution of traditional ACL databases • Architectures based on Trust Management system can be easily extended if it becomes necessary to base access decisions on more complex rules. • Trust management system decouples the specification of access control policies from the mechanism used to distribute and implement them

  20. Refrences • M.Blaze, J Feigenbaum, J Ioannidis, A. Keromytis. The KeyNote Trust Management System. http://www.cis.upenn.edu/~angelos/keynote.html , June 1998 • M.Blaze, J Feigenbaum, J.Lacy. Decentralized Trust Management . In Proc. Of the 17th Symposium on Security and Privacy. • M.Blaze, J Feigenbaum, M.Strauss. Compliance Checking in the Policy Maker Trust Management System. In Proc. Of the Financial Cryptography ’98, Lecture Notes in Computer Science vol 1465, pages 254-274, Springer, Berlin 1998 • http://en.wikipedia.org/wiki/Distributed_operating_systhttp://en.wikipedia.org/wiki/Distributed_operating_system • http://en.wikipedia.org/wiki/Trust_management_(information_system) • http://www.w3.org/2007/uwa/wiki/Trust_models • http://tools.ietf.org/html/rfc2704

More Related