Presentation is loading. Please wait.

Presentation is loading. Please wait.

M. Blaze, J. Feigenbaum, and J. Lacy. Decentralized Trust Management. In Proc. of the 17 th Symposium on Security and Privacy, pages 164-173. IEEE Computer.

Published bySheryl Nichols Modified over 8 years ago

Similar presentations

Presentation on theme: "M. Blaze, J. Feigenbaum, and J. Lacy. Decentralized Trust Management. In Proc. of the 17 th Symposium on Security and Privacy, pages 164-173. IEEE Computer."— Presentation transcript:

1 M. Blaze, J. Feigenbaum, and J. Lacy. Decentralized Trust Management. In Proc. of the 17 th Symposium on Security and Privacy, pages 164-173. IEEE Computer Society Press, Los Alamitos, 1996. Presenter: Tony Wu

2 This paper introduced the first example of a “trust-management engine” which is called PolicyMaker. The old mechanism is like this: The PolicyMaker’s approach is like this: Traditional public key certificate Name/ Identity Authorization Trust management credential Authorization Informatio n found on certificate External lookup Information found on credential

3 “...The problem of reliably mapping names to the actions they are trusted to perform can represent as much of a security risk as the problem of mapping public keys to names, yet the certificate do not help the application map names to actions...” Novelty: the trust management problem has not previously been identified as a general problem and studied in its own right. Usability: Secure Email system. Anonymous electronic voting system. Non-obvious: The PolicyMaker engine is very complex. There are lots of mathematical details for the compliance checking.

4 “...PolicyMaker departs sharply from certificate- based security system centred on the binding of identities to keys in that it allows requested of secure services to prove directly that they hold credentials that authorize them to use those services...”  The authors didn’t provide any comprehensive diagrams to show the idea.

5 UserAuthenticatorAuthoriser UserID Requests Yes/No

6 User Verifier PolicyMaker Engine Query Yes/No Local Policy

7 PolicyMaker is unable to handle dynamic form of trust. Systems change and evolve so there is a need to monitor trust relationships to determine whether the criteria on which they are based still apply. This could also involve the process of keeping track of the activities of the trustee and of determining the necessary action needed when the trustee violates the trustor’s trust. It should cover monitoring and re-evaluation of trust.

8 Where should the boundaries be drawn between a trust-management system and the application use it? For example, should credential-fetching and digital signature verification be the responsibility of the trust-management system or the calling application?

Download ppt "M. Blaze, J. Feigenbaum, and J. Lacy. Decentralized Trust Management. In Proc. of the 17 th Symposium on Security and Privacy, pages 164-173. IEEE Computer."

Similar presentations

The Role of Trust Management in Distributed Systems Authors Matt Blaze, John Feigenbaum, John Ioannidis, Angelos D. Keromytis Presented By Akshay Gupte.

The Role of Trust Management in Distributed Systems Authors Matt Blaze, John Feigenbaum, John Ioannidis, Angelos D. Keromytis Presented By Akshay Gupte.
3SKey 3SKey.

3SKey 3SKey.
Directory and Trust Services (D&TS) Define an Abstract Model Purpose: Document a common terminology that the group can use between the various tracks Identify.

Directory and Trust Services (D&TS) Define an Abstract Model Purpose: Document a common terminology that the group can use between the various tracks Identify.
A Public Web Services Security Framework Based on Current and Future Usage Scenarios J.Thelin, Chief Architect PJ.Murray, Product Manager Cape Clear Software.

A Public Web Services Security Framework Based on Current and Future Usage Scenarios J.Thelin, Chief Architect PJ.Murray, Product Manager Cape Clear Software.
Claudia Diaz, Hannelore Dekeyser, Markulf Kohlweiss, Girma Nigusse K.U.Leuven IDIS Workshop 29/05/2008 [Work done in the context of the ADAPID project]

Claudia Diaz, Hannelore Dekeyser, Markulf Kohlweiss, Girma Nigusse K.U.Leuven IDIS Workshop 29/05/2008 [Work done in the context of the ADAPID project]
ESign-Online Digital Signature Service February 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry.

ESign-Online Digital Signature Service February 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry.
Location Based Trust for Mobile User – Generated Content : Applications, Challenges and Implementations Presented By : Anand Dipakkumar Joshi USC.

Location Based Trust for Mobile User – Generated Content : Applications, Challenges and Implementations Presented By : Anand Dipakkumar Joshi USC.
Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.

Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.
21 mai 2015 Bridges between Certification Authorities.

21 mai 2015 Bridges between Certification Authorities.
1 ARPA A regional infrastructure for secure role-based access to RTRT services Ing. Laura Castellani Tuscany Region.

1 ARPA A regional infrastructure for secure role-based access to RTRT services Ing. Laura Castellani Tuscany Region.
David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.

David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
1 Trust and Privacy in Authorization Bharat Bhargava Yuhui Zhong Leszek Lilien CERIAS Security Center CWSA Wireless Center Department of CS and ECE Purdue.

1 Trust and Privacy in Authorization Bharat Bhargava Yuhui Zhong Leszek Lilien CERIAS Security Center CWSA Wireless Center Department of CS and ECE Purdue.
An Authentication Service Based on Trust and Clustering in Wireless Ad Hoc Networks: Description and Security Evaluation Edith C.H. Ngai and Michael R.

An Authentication Service Based on Trust and Clustering in Wireless Ad Hoc Networks: Description and Security Evaluation Edith C.H. Ngai and Michael R.
Computers in Society Encryption. Shameless Plug Catch the kayak club trip to Glenwood on Saturday. Fun!

Computers in Society Encryption. Shameless Plug Catch the kayak club trip to Glenwood on Saturday. Fun!
Using Digital Credentials On The World-Wide Web M. Winslett.

Using Digital Credentials On The World-Wide Web M. Winslett.
Trust CS 239 Advanced Topics in Computer Security Bernie Perez Vahab Pournaghshband November 9th, 2010.

Trust CS 239 Advanced Topics in Computer Security Bernie Perez Vahab Pournaghshband November 9th, 2010.
An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.

An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.
Anonymity and Security in Public Internet Forums Ho-fung LEUNG Senior Member, IEEE Dept. of Computer Science & Engineering The Chinese University of Hong.

Anonymity and Security in Public Internet Forums Ho-fung LEUNG Senior Member, IEEE Dept. of Computer Science & Engineering The Chinese University of Hong.

Similar presentations

Ads by Google