computer science 725 – software security presentation “decentralized trust management”...
TRANSCRIPT
Computer Science 725 – Software Computer Science 725 – Software Security PresentationSecurity Presentation
““Decentralized Trust ManagementDecentralized Trust Management””M. Blaze, J. Feigenbaum, J. Lacy,M. Blaze, J. Feigenbaum, J. Lacy,
IEEE Symposium on Security and Privacy, IEEE Symposium on Security and Privacy, pp. 164-173, 1996.pp. 164-173, 1996.
http://ieeexplore.ieee.org/iel3/3742/10940/00502679.pdf
SummarySummary
IdentifyIdentify Trust Management as a Trust Management as a distinct and important component in distinct and important component in network securitynetwork security
ReviewReview of 2 existing systems of 2 existing systems PresentPresent a new comprehensive a new comprehensive
approach to this problemapproach to this problem DescribeDescribe a prototype (PolicyMaker) a prototype (PolicyMaker)
which implements this new approachwhich implements this new approach
What is Trust Management?What is Trust Management?
PolicyPolicy (a banking system requires at least (a banking system requires at least kk officers to approve a loan of $10,000)officers to approve a loan of $10,000)
CredentialsCredentials (enable an employee to prove he can (enable an employee to prove he can be counted as 1 out of be counted as 1 out of kk approvers) approvers)
TrustTrust (enable the bank to specify who may issue (enable the bank to specify who may issue such credentials)such credentials)
Public Key Public Key
Public Key
Principles of our approachPrinciples of our approach
Unified mechanismUnified mechanism• A common language is provided for policies, credentials, A common language is provided for policies, credentials,
and relationshipsand relationships
FlexibilityFlexibility• The system is rich enough to support potentially The system is rich enough to support potentially
complex relationships in large networkscomplex relationships in large networks
Locality of controlLocality of control• Each party in the network can independently decide Each party in the network can independently decide
whether to accept the credentials presentedwhether to accept the credentials presented
Separation of mechanism from policySeparation of mechanism from policy• The mechanisms for verification does not depend on the The mechanisms for verification does not depend on the
credentials themselvescredentials themselves
Review of Existing SystemsReview of Existing Systems
What are some potential issues with this system?What are some potential issues with this system?
PGPPGP framework uses “ key certificates” in which trusted framework uses “ key certificates” in which trusted third parties (C, D) signs copies of a public key to be third parties (C, D) signs copies of a public key to be distributeddistributed
X.509X.509 framework uses a similar system, but also postulates framework uses a similar system, but also postulates that public keys are only obtained from official “certifying that public keys are only obtained from official “certifying authorities” (C, D)authorities” (C, D)
Specify trust
Public Key signed by C
Public Key signed by DEtc …
B accepts Public Key if its trust value is high enough
PolicyMaker ApproachPolicyMaker Approach
11 Obtain certificates, verify signatures on certificates and on application request, Obtain certificates, verify signatures on certificates and on application request, determine public key of original signer(s)determine public key of original signer(s)
22 Verify that certificates are unrevokedVerify that certificates are unrevoked33 Find “trust path” from trusted certifier to certificate of public key in questionFind “trust path” from trusted certifier to certificate of public key in question44 Extract names from certificatesExtract names from certificates55 Lookup names in database that maps names to the actions that they are trusted Lookup names in database that maps names to the actions that they are trusted
to performto perform66 Determine whether requested action is legal, based on the names extracted from Determine whether requested action is legal, based on the names extracted from
certificates and whether the certification authorities are permitted to authorize certificates and whether the certification authorities are permitted to authorize such actions according to local policy.such actions according to local policy.
77 Proceed if everything appears validProceed if everything appears valid
PolicyMakerPolicyMaker Submit request, certificates, and description of local policy to local Submit request, certificates, and description of local policy to local “trust management engine”“trust management engine”
The PolicyMaker SystemThe PolicyMaker System
What are some potential issues with this system?What are some potential issues with this system?
An independent trust management engine An independent trust management engine to be used either as a linked library (within to be used either as a linked library (within systems) or daemon (background systems) or daemon (background application)application)
Called using action query stringsCalled using action query strings Extendable to allow for external Extendable to allow for external
verification of signaturesverification of signatures
CommentsComments
The idea behind this paper is goodThe idea behind this paper is good• Encapsulation of trust managementEncapsulation of trust management• Better security provided by consolidated systemBetter security provided by consolidated system
The idea presented is more difficult to The idea presented is more difficult to implementimplement• Dedicated trust management engine and parser is more Dedicated trust management engine and parser is more
difficult to implement than certificate based systemdifficult to implement than certificate based system• Only applicable to large commercial applicationsOnly applicable to large commercial applications
Protype is already made.Protype is already made.
Questions?Questions?