Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Role of Trust Management in Distributed Systems Authors Matt Blaze, John Feigenbaum, John Ioannidis, Angelos D. Keromytis Presented By Akshay Gupte.

Published byEzra Trice Modified over 10 years ago

Similar presentations

Presentation on theme: "The Role of Trust Management in Distributed Systems Authors Matt Blaze, John Feigenbaum, John Ioannidis, Angelos D. Keromytis Presented By Akshay Gupte."— Presentation transcript:

1 The Role of Trust Management in Distributed Systems Authors Matt Blaze, John Feigenbaum, John Ioannidis, Angelos D. Keromytis Presented By Akshay Gupte Dept of Computer Science Kent State University

2 Design of a Distributed Operating System A distributed OS provides the essential services and functionality required of an OS, adding attributes and particular configurations to allow it to support increased scaling and availability. The kernel known as microkernel supports a minimal set of functions, like low-level address space management, thread management, and inter-process communication (IPC).

3 Access Control Lists It is a list of permissions attached to an object i.e defines what kind of access is to be given to a specific operation. Used commonly in Operating Systems as a security mechanism. However they are inadequate for distributed systems even though they are used.

4 Authentication In a distributed system some form of authentication is to be provided before access can be granted Usernames and passwords help accomplish this But this can be easily overcome destroying the security and leaving the system vulnerable.

5 Delegation Necessary for the scalability of a system. Helps in decentralizing administrative tasks. Security mechanisms usually delegate to a certified entity Authorizations are specified only on the highest level in the form of ACL But High level administrative authorities cannot directly specify overall security policy but only certify lower level authorities thus leaving the system inconsistent

6 Expressibility and Extensibility A generic security mechanism must handle new and diverse conditions and restrictions. ACL is inadequate and insufficient to do so Thus many times these new security policies have to be coded into applications. Thus renewing or changing security policies requires reconfiguration, rebuilding or even rewriting of applications

7 Local Trust Policy There can be many administrative entities in a distributed system. These entities trust for different users and entities may differ This implies that there must not be a implicit and uniform policy in a distributed system which is not possible in the case of ACL.

8 Trust Management This model is the solution to all the previously mentioned problems existing in the security of distributed systems This model was introduced by Michael Blaze in 1996 This is a unified approach to interpreting, specifying security policies and credentials that help in direct authorization of security critical actions.

9

10 Components of a Trust Management System A language for describing actions, which are operations with security consequences that are to be controlled by the system. A mechanism for identifying principals, which are entities that can be authorized to perform actions. A language for specifying application policies, which govern the actions that principals are authorized to perform. A language for specifying credentials, which allow principals to delegate authorization to other principals. A compliance checker, which provides a service to applications for determining how an action requested by principals should be handled, given a policy and a set of credentials

11 Questions needed to answer when designing a Trust Management System How should proof of compliance be defined? Should policies and credentials be fully or partially programmable? In which language or notation should they be expressed in? How should responsibility be divided between the trust management engine and the calling application?

12 Example- Policy Maker Its credentials and policies (together known as assertions) are fully programmable. For the engine to make a decision, the input supplied to it by the calling application must contain one or more policy assertions. Credentials can be written in any programming language. The goal of policy maker is to make the Trust Management engine minimal and analyzable.

13 Example- Policy Maker The proof of compliance is fully specified and analyzed. Its runtime system provides an enviornment in which the assertions fed to it by the calling application can co-operate to produce (or fail to produce) a proof that the request complies with the policy.

14 Decisions Policy Maker must make the following decisions – In which order should the assertions be run – How many times each assertion should be run – When an assertion should be discarded because it is behaving in a non co-operative manner

15 Pseudo code for the Compliance Checking Algorithm

16 Example- Keynote Designed on the same principles as Policy Maker Gives more responsibility to the trust management engine than the calling application. Its credentials should be written in a specific assertion language that works smoothly with its compliance checker.

17 Sample Keynote Assertion

18 Applications of Trust Management Engines 1.Active Networks – Trust Management Systems are used for the following Authorize principals to load code on active routers Set resource limits Establish a fine grained control on what actions a switch may take on the active node Notify nodes behind the firewall that the Particular piece of active code should or should not perform a specific action

19 Applications of Trust Management Engines 2. Mobile Code Security – Trust Management engines are used here for the following reasons. Express trust relations between code certifying entities and the conditions under which their certification has meaning Credentials are used to describe the minimal set of capabilities the host environment must grant to enable the code to perform its tasks

20 Applications of Trust Management Engines 3. Access Control Distribution – Trust Management involves the distribution of traditional ACL databases – Architectures based on Trust Management system can be easily extended if it becomes necessary to base access decisions on more complex rules. – Trust management system decouples the specification of access control policies from the mechanism used to distribute and implement them

21 Refrences M.Blaze, J Feigenbaum, J Ioannidis, A. Keromytis. The KeyNote Trust Management System. http://www.cis.upenn.edu/~angelos/keynote.html, June 1998 M.Blaze, J Feigenbaum, J.Lacy. Decentralized Trust Management. In Proc. Of the 17 th Symposium on Security and Privacy. M.Blaze, J Feigenbaum, M.Strauss. Compliance Checking in the Policy Maker Trust Management System. In Proc. Of the Financial Cryptography 98, Lecture Notes in Computer Science vol 1465, pages 254-274, Springer, Berlin 1998 http://en.wikipedia.org/wiki/Distributed_operating_systhttp://en.wikipedia.org/wiki /Distributed_operating_system http://en.wikipedia.org/wiki/Trust_management_(information_system) http://www.w3.org/2007/uwa/wiki/Trust_models http://tools.ietf.org/html/rfc2704

Download ppt "The Role of Trust Management in Distributed Systems Authors Matt Blaze, John Feigenbaum, John Ioannidis, Angelos D. Keromytis Presented By Akshay Gupte."

Similar presentations

Towards Remote Policy Enforcement for Runtime Protection of Mobile Code Using Trusted Computing Xinwen Zhang Francesco Parisi-Presicce Ravi Sandhu www.list.gmu.edu.

Towards Remote Policy Enforcement for Runtime Protection of Mobile Code Using Trusted Computing Xinwen Zhang Francesco Parisi-Presicce Ravi Sandhu
The Challenges of CORBA Security It is important to understand that [CORBAsecurity] is only a (powerful) security toolbox and not the solution to all security.

The Challenges of CORBA Security It is important to understand that [CORBAsecurity] is only a (powerful) security toolbox and not the solution to all security.
AUTHENTICATION AND KEY DISTRIBUTION

AUTHENTICATION AND KEY DISTRIBUTION
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
Executional Architecture

Executional Architecture
External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.

External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.
Lesson 17: Configuring Security Policies

Lesson 17: Configuring Security Policies
Chapter One The Essence of UNIX.

Chapter One The Essence of UNIX.
CCSDS Security Working Group Spring 2014 Meeting 31 March – 1 April 2014 Noordwijkerhout, The Netherlands Charles Sheehe NASA/Glenn.

CCSDS Security Working Group Spring 2014 Meeting 31 March – 1 April 2014 Noordwijkerhout, The Netherlands Charles Sheehe NASA/Glenn.
Secure Systems Research Group - FAU Patterns for access control E.B. Fernandez.

Secure Systems Research Group - FAU Patterns for access control E.B. Fernandez.
Design Principles Overview Principles Least Privilege Fail-Safe Defaults Economy of Mechanism Complete Mediation Open Design Separation of Privilege Least.

Design Principles Overview Principles Least Privilege Fail-Safe Defaults Economy of Mechanism Complete Mediation Open Design Separation of Privilege Least.
Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.

Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved. 0-13-239227-5 DISTRIBUTED SYSTEMS.

Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.
Edward Tsai – CS 239 – Spring 2003 Strong Security for Active Networks CS 239 – Network Security Edward Tsai Tuesday, May 13, 2003.

Edward Tsai – CS 239 – Spring 2003 Strong Security for Active Networks CS 239 – Network Security Edward Tsai Tuesday, May 13, 2003.
Making certificates programmable1 John DeTreville Microsoft Research April 24, 2002.

Making certificates programmable1 John DeTreville Microsoft Research April 24, 2002.
OCT1 Principles From Chapter One of “Distributed Systems Concepts and Design”

OCT1 Principles From Chapter One of “Distributed Systems Concepts and Design”
Implementing a Distributed Firewall

Implementing a Distributed Firewall
An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.

An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.
DISTRIBUTED PROCESS IMPLEMENTAION BHAVIN KANSARA.

DISTRIBUTED PROCESS IMPLEMENTAION BHAVIN KANSARA.
Lecture 7 Access Control

Lecture 7 Access Control

Similar presentations

Ads by Google