Trust Management
Access control in heterogeneous,
decentralized, distributed systems.
By Scot Anderson
Introduction







What is Trust Management (TM)
History of Trust Management
Requirements
Public Key Cryptography
Policy Discovery
Policy Languages
Research vs Commercial Trust
Management Systems
What is Trust Management (TM)
Definition: Trust Management is an
approach to access control in a
decentralized, distributed environment
with access control decisions based on
policy statements made by multiple
principals.
What is Trust Management
History of Trust Management
Diffie Hellman
Public Key Cryptography (1976)
Rivest, Shamir and Adleman
RSA algorithm (1977)
Blaze, Feigenbaum and Lacy
PolicyMaker (1996)
Blaze, Feigenbaum and Keromytis
KeyNote (1998)
Sandhu, Coyne, Feinstein
RBAC (1996)
Ellison, Frantz, Lampson, Rivest,
Thomas and Ylonen
SPKI (1998)
Chu, Feigenbaum, LaMacchia
Resnick and Strauss
REFEREE (1997)
Freudenthal, Pesin, Port
dRBAC (2002)
Herzberg, Mass, Mihaeli, Naor,and
Ravid.
TPL (2000)
Rivest and Lampson
SDSI (1996)
Ellison, Frantz, Lampson, Rivest,
Thomas and Ylonen
SDSI/SPKI (2000-2003)
Li, Mitchell
RT Framework (2002)
History of Trust Management
Areas of Active Research
There are three areas of active
research that coincide with the three
basis’ for TM
 Chain discovery Policy Discovery.
 The semantic analysis of Policy languages
 The complexity of the algorithms.
History of Trust Management
ATM Example of Trust Management




Every Bank controls and services
their own ATM
Banks enter into a coalition with
with other banks through Cirrus,
INTERLINK, Pulse…
In this way a bank can authorize an ATM
card holder to withdraw cash even
though the card holder does not have
an account
ATM’s have policies about what a user
can do. These policies are stated in a
policy language
What is Trust Management
Trust Management Policies Example
Accountant
Company
Amount
Transactions/Day
“Alice”
“Any”
Amt <= $100,000
<=5
“Bob”
“Suzuki”
Amt <= $100,000
<=5
“Bob”
“Any”
Amt <= $10,000
<=2
“Alice” & ”Bob”
“Any”
100k < Amt <= 500k
<=2


We may also want to limit the number of
transactions in one day to no more than
$300,000 without both accountants digitally
signing the transactions.
These are examples of policies limiting the
companies trust in it’s employees, but it also
protects the company from mistakes.
Requirements
1.
2.
3.
4.
5.
6.
Local control of resources
Grant full or partial access &
authorization
Delegate authority to grant access &
authorization
Operate regardless of the domains in
use
Enter into multiple coalitions
Delegate the right to delegate
authorizations
What is Trust Management
The Basis of Security in TM
Three areas form the basis for Trust
Management



Public-Key Cryptography and Certificates
Policy Discovery
Policy specification Language
What is Trust Management
Public-Key Cryptography
Certificates: X.509 v3












Version
Serial Number
Algorithm ID
Issuer
Validity
 Not Before
 Not After
Subject
Subject Public Key Info
 Public Key Algorithm
 Subject Public Key
Issuer Unique Identifier (Optional)
Subject Unique Identifier (Optional)
Extensions (Optional)
Certificate Signature Algorithm
Certificate Signature
digsigtrust
What is Trust Management
Additional Information for TM




In order to use Certificates for Policy
statements we can include Policies on
the Certificates Prior to the Certificate
Signature.
Policies may be encrypted, or in plain
text.
The certificate is included with a request
If the certificate authorizes the request
and the TM system can authenticate the
requestor, the request is granted.
What is Trust Management
Authorization Process
Trust Management System
ETMU(Request)
ETMP(EAU(Request,Authorization|Rejection)
What is Trust Management
The Basis of Security in TM
Three areas form the basis for Trust
Management



Certificates (PKI)
Policy Discovery
Policy specification
What is Trust Management
Policy Discovery


Policy discovery is not trivial because
authorization is included on the
certificate.
The key issue is who do I trust. So,
given a certificate and a request, does
this certificate authorize the request and
is it issued by someone I trust.
What is Trust Management
Policy Discovery via Chains

Consider a fourth level delegation.
PA  PB  Pc  E
This is a delegation chain to some entity
E. If E makes a request to PA, how can PA
authorize E with out knowing the chain of
authorization PA  PB  Pc? This process
is called chain discovery and is largely
solved using graph theory.
What is Trust Management
The Basis of Security in TM
Three areas form the basis for Trust
Management



Certificates (PKI)
Policy Discovery
Policy specification
What is Trust Management
Policy Specification


The ground breaking work of
certificates for authentication in a
hierarchical environment such as SSL
certificates used to secure web pages
has been extended to include policies
for authorization.
Authorizations on the certificates are
specified in a policy language that is
often based on logic (e.g. First Order
Predicate Logic).
What is Trust Management
Policy Languages


The policy languages must be closed.
The consequences of a closed language:
1.
2.
3.
Expression is limited
Every Expression can be proven true or
false.
Approximation techniques exist in
Logics that lend themselves to
expanding the expressive capabilities
of policy languages.
What is Trust Management
Research vs. Commercial Systems



Research in Trust Management spans a
time period from 1996 when
PolicyMaker was introduced to the
present time.
Research has made most if not all of the
theoretical breakthroughs necessary to
make TM a viable commercial
technology.
Commercial systems approximate the
capabilities of research systems.
Current Trust Management
Commercial Systems

IBM provides Federated Identity
Management System
http://www-306.ibm.com/software/tivoli/products/federated-identity-mgr/

Microsoft has an Identity and Access
Management Series that talks about
their systems.
http://www.microsoft.com/technet/security/topics/identitymanagement/idmanage/default.mspx

RSA Security has a suite of applications
to provide TM including: ClearTrust and
Federated Identity Manager.
http://www.rsasecurity.com/node.asp?id=1155
Current Trust Management
Conclusions



Trust Management is a system that
provides access control in a
decentralized distributed environment.
Research on TM provides a sound
theoretical basis.
Commercial Systems are now providing
most if not all of the components of
Trust Management.
References











S. Anderson. Constraint datalog in trust management. Master's thesis, University of
Nebraska, Lincoln, 2003.
M. Blaze, J. Feigenbaum, and J. Lacy. Decentralized trust management. Technical Report
96-17, AT and T Research, 1996.
Y.-H. Chu, J. Feigenbaum, B. LaMacchia, P. Resnick, and M. Strauss. REFEREE: Trust
management for Web applications. Computer Networks and ISDN Systems, 29(8-13):953964, 1997.
T. Grandison and M. Sloman. A survey of trust in internet application. IEEE Communications
Surveys and Tutorials, 3(Fourth Quarter), 2000.
Herzberg, Mass, Mihaeli, Naor, and Ravid. Access control meets public key infrastructure,
or: Assigning roles to strangers. In RSP: 21th IEEE Computer Society Symposium on
Research in Security and Privacy, 2000.
N. Li and J. C. Mitchell. Datalog with constraints: A foundation for trust management
languages. In Proceedings of the Fifth International Symposium on Practical Aspects of
Declarative Languages, 2003. To appear.
N. Li and J. Mitchell. Understanding SPKI/SDSI using first-order logic. In To Appear in IEEE
Computer Security Foundations Workshop, 2003.
Y. Tao, D. Papadias, and J. Sun. The TPR*-tree: An optimized spatio-temporal access
method for predictive queries. In Proceedings of the Twenty-ninth International Conference
on Very Large Data Bases, 2003.
http://www-306.ibm.com/software/tivoli/products/federated-identity-mgr/
http://www.microsoft.com/technet/security/topics/identitymanagement/idmanage/
http://www.rsasecurity.com/node.asp?id=1155
Questions