M. Blaze, J. Feigenbaum, and J. Lacy. Decentralized Trust Management. In Proc. of the 17 th Symposium on Security and Privacy, pages 164-173. IEEE Computer.

Slides:



Advertisements
Similar presentations
The Role of Trust Management in Distributed Systems Authors Matt Blaze, John Feigenbaum, John Ioannidis, Angelos D. Keromytis Presented By Akshay Gupte.
Advertisements

3SKey 3SKey.
Directory and Trust Services (D&TS) Define an Abstract Model Purpose: Document a common terminology that the group can use between the various tracks Identify.
A Public Web Services Security Framework Based on Current and Future Usage Scenarios J.Thelin, Chief Architect PJ.Murray, Product Manager Cape Clear Software.
Claudia Diaz, Hannelore Dekeyser, Markulf Kohlweiss, Girma Nigusse K.U.Leuven IDIS Workshop 29/05/2008 [Work done in the context of the ADAPID project]
ESign-Online Digital Signature Service February 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry.
Location Based Trust for Mobile User – Generated Content : Applications, Challenges and Implementations Presented By : Anand Dipakkumar Joshi USC.
Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.
21 mai 2015 Bridges between Certification Authorities.
1 ARPA A regional infrastructure for secure role-based access to RTRT services Ing. Laura Castellani Tuscany Region.
David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.
16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
1 Trust and Privacy in Authorization Bharat Bhargava Yuhui Zhong Leszek Lilien CERIAS Security Center CWSA Wireless Center Department of CS and ECE Purdue.
An Authentication Service Based on Trust and Clustering in Wireless Ad Hoc Networks: Description and Security Evaluation Edith C.H. Ngai and Michael R.
Computers in Society Encryption. Shameless Plug Catch the kayak club trip to Glenwood on Saturday. Fun!
Using Digital Credentials On The World-Wide Web M. Winslett.
Trust CS 239 Advanced Topics in Computer Security Bernie Perez Vahab Pournaghshband November 9th, 2010.
An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.
Anonymity and Security in Public Internet Forums Ho-fung LEUNG Senior Member, IEEE Dept. of Computer Science & Engineering The Chinese University of Hong.
CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.
E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean
Digital Signature Technologies & Applications Ed Jensen Fall 2013.
Cloud Computing Cloud Security– an overview Keke Chen.
Security Awareness Norfolk State University Policies.
CS 4720 Security CS 4720 – Web & Mobile Systems. CS 4720 The Traditional Security Model The Firewall Approach “Keep the good guys in and the bad guys.
Qualifications Portal Guide Personal Development and Employability Qualification.
AQA Computing A2 © Nelson Thornes 2009 Section Unit 3 Section 6.4: Internet Security Digital Signatures and Certificates.
SECURITY Is cloud computing secure? Are Microsoft Online Services secure? Is cloud computing secure? Are Microsoft Online Services secure? PRIVACY What.
Annual Workshop February 5th, A Formal Approach to Analyze Privacy in Electronic Services MSEC Koen Decroix [Koen Decroix – MSEC - KU Leuven]
1 TAPAS Workshop Nicola Mezzetti - TAPAS Workshop Bologna Achieving Security and Privacy on the Grid Nicola Mezzetti.
Csci5233 Computer Security1 Bishop: Chapter 14 Representing Identity.
E-Science Meeting March Trusted Coordination in Dynamic Virtual Organisations Santosh Shrivastava School of Computing Science Newcastle University,
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
Computer Science 725 – Software Security Presentation “Decentralized Trust Management” Decentralized Trust ManagementDecentralized Trust Management M.
New Web Portal for Digital (PKI) Submissions 1. What is PKI? PKI stands for Public Key Infrastructure For the purpose of the Federal Register, it allows.
Risks of data manipulation and theft Gateway Average route travelled by an sent via the Internet from A to B Washington DC A's provider Paris A.
Sanna Liimatainen T Internetworking Seminar1 Scientific Writing T Internetworking Seminar Sanna Liimatainen, Lic. Sc. (Tech)
Trust- and Clustering-Based Authentication Service in Mobile Ad Hoc Networks Presented by Edith Ngai 28 October 2003.
Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.
Proof-Carrying Code & Proof-Carrying Authentication Stuart Pickard CSCI 297 June 2, 2005.
Information Systems Ethics (Cyberethics) Dr. Robert Chi Department of Information Systems California State University, Long Beach.
NDSU Lunchbytes "Are They Really Who They Say They Are?" Digital or Electronic Signature Information Rick Johnson, Theresa Semmens, Lorna Olsen April 24,
Security Issues in Distributed Heterogeneous Systems Somesh Jha Computer Sciences Department University of Wisconsin Madison, WI
An Analysis of Trust Requirements and Design Choices for Trust Management in Web Services Based Service Oriented Architectures Bienvenida Pagdanganan Supervisor:
SOA-39: Securing Your SOA Francois Martel Principal Solution Engineer Mitigating Security Risks of a De-coupled Infrastructure.
Who’s watching your network The Certificate Authority In a Public Key Infrastructure, the CA component is responsible for issuing certificates. A certificate.
WISTP’08 ©LAM /05/2008 A Self-Certified and Sybil-Free Framework for Secure Digital Identity Domain Buildup Christer Andersson Markulf Kohlweiss.
Personal Information Management in a Ubiquitous Computing Environment Institute of Systems & Information Technologies/KYUSHU Kenichi Takahashi.
Decentralized authorization and data security in web content delivery * Danfeng Yao (Brown University, USA) Yunhua Koglin (Purdue University, USA) Elisa.
Copyright © 2003 Jorgen Thelin / Cape Clear Software 1 A Web Services Security Framework Jorgen Thelin Chief Scientist Cape Clear Software Inc.
Accountability, Deterrence, and Identifiability Aaron D. Jaggard U.S. Naval Research Laboratory.
July 14 th SAM 2008 Las Vegas, NV An Ad Hoc Trust Inference Model for Flexible and Controlled Information Sharing Danfeng (Daphne) Yao Rutgers University,
Security & Privacy. Learning Objectives Explain the importance of varying the access allowed to database elements at different times and for different.
Using Public Key Cryptography Key management and public key infrastructures.
Chapter 14: Representing Identity Dr. Wayne Summers Department of Computer Science Columbus State University
Time-Space Trust in Networks Shunan Ma, Jingsha He and Yuqiang Zhang 1 College of Computer Science and Technology 2 School of Software Engineering.
Internal Auditing ISO 9001:2015
Organizing a Privacy Program: Administrative Infrastructure and Reporting Relationships Presented by: Samuel P. Jenkins, Director Defense Privacy Office.
Electronic Security and PKI Richard Guida Chair, Federal PKI Steering Committee Chief Information Officers Council
Omniran CF00 1 Key Concepts of Authentication and Trust Establishment Date: Authors: NameAffiliationPhone Max RiegelNokia Networks+49.
Chapt. 10 – Key Management Dr. Wayne Summers Department of Computer Science Columbus State University
Functioning as a Business Associate Under HIPAA William F. Tulloch Director, PCBA March 9, 2004.
1 Token–based Dynamic Trust Establishment for Web Services Zhengping Wu and Alfred C. Weaver Department of Computer Science University of Virginia March.
Csci5233 Computer Security1 Bishop: Chapter 14 Representing Identity.
The Points Based System Sponsorship Responsibilities Employer’s Obligations Cheryl Pellew.
Module 8: Securing Network Traffic by Using IPSec and Certificates
Module 8: Securing Network Traffic by Using IPSec and Certificates
PKI (Public Key Infrastructure)
Presentation transcript:

M. Blaze, J. Feigenbaum, and J. Lacy. Decentralized Trust Management. In Proc. of the 17 th Symposium on Security and Privacy, pages IEEE Computer Society Press, Los Alamitos, Presenter: Tony Wu

This paper introduced the first example of a “trust-management engine” which is called PolicyMaker. The old mechanism is like this: The PolicyMaker’s approach is like this: Traditional public key certificate Name/ Identity Authorization Trust management credential Authorization Informatio n found on certificate External lookup Information found on credential

“...The problem of reliably mapping names to the actions they are trusted to perform can represent as much of a security risk as the problem of mapping public keys to names, yet the certificate do not help the application map names to actions...” Novelty: the trust management problem has not previously been identified as a general problem and studied in its own right. Usability: Secure system. Anonymous electronic voting system. Non-obvious: The PolicyMaker engine is very complex. There are lots of mathematical details for the compliance checking.

“...PolicyMaker departs sharply from certificate- based security system centred on the binding of identities to keys in that it allows requested of secure services to prove directly that they hold credentials that authorize them to use those services...”  The authors didn’t provide any comprehensive diagrams to show the idea.

UserAuthenticatorAuthoriser UserID Requests Yes/No

User Verifier PolicyMaker Engine Query Yes/No Local Policy

PolicyMaker is unable to handle dynamic form of trust. Systems change and evolve so there is a need to monitor trust relationships to determine whether the criteria on which they are based still apply. This could also involve the process of keeping track of the activities of the trustee and of determining the necessary action needed when the trustee violates the trustor’s trust. It should cover monitoring and re-evaluation of trust.

Where should the boundaries be drawn between a trust-management system and the application use it? For example, should credential-fetching and digital signature verification be the responsibility of the trust-management system or the calling application?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.