Trust Management Access control in heterogeneous, decentralized, distributed systems. By Scot Anderson Introduction What is Trust Management (TM) History of Trust Management Requirements Public Key Cryptography Policy Discovery Policy Languages Research vs Commercial Trust Management Systems What is Trust Management (TM) Definition: Trust Management is an approach to access control in a decentralized, distributed environment with access control decisions based on policy statements made by multiple principals. What is Trust Management History of Trust Management Diffie Hellman Public Key Cryptography (1976) Rivest, Shamir and Adleman RSA algorithm (1977) Blaze, Feigenbaum and Lacy PolicyMaker (1996) Blaze, Feigenbaum and Keromytis KeyNote (1998) Sandhu, Coyne, Feinstein RBAC (1996) Ellison, Frantz, Lampson, Rivest, Thomas and Ylonen SPKI (1998) Chu, Feigenbaum, LaMacchia Resnick and Strauss REFEREE (1997) Freudenthal, Pesin, Port dRBAC (2002) Herzberg, Mass, Mihaeli, Naor,and Ravid. TPL (2000) Rivest and Lampson SDSI (1996) Ellison, Frantz, Lampson, Rivest, Thomas and Ylonen SDSI/SPKI (2000-2003) Li, Mitchell RT Framework (2002) History of Trust Management Areas of Active Research There are three areas of active research that coincide with the three basis’ for TM Chain discovery Policy Discovery. The semantic analysis of Policy languages The complexity of the algorithms. History of Trust Management ATM Example of Trust Management Every Bank controls and services their own ATM Banks enter into a coalition with with other banks through Cirrus, INTERLINK, Pulse… In this way a bank can authorize an ATM card holder to withdraw cash even though the card holder does not have an account ATM’s have policies about what a user can do. These policies are stated in a policy language What is Trust Management Trust Management Policies Example Accountant Company Amount Transactions/Day “Alice” “Any” Amt <= $100,000 <=5 “Bob” “Suzuki” Amt <= $100,000 <=5 “Bob” “Any” Amt <= $10,000 <=2 “Alice” & ”Bob” “Any” 100k < Amt <= 500k <=2 We may also want to limit the number of transactions in one day to no more than $300,000 without both accountants digitally signing the transactions. These are examples of policies limiting the companies trust in it’s employees, but it also protects the company from mistakes. Requirements 1. 2. 3. 4. 5. 6. Local control of resources Grant full or partial access & authorization Delegate authority to grant access & authorization Operate regardless of the domains in use Enter into multiple coalitions Delegate the right to delegate authorizations What is Trust Management The Basis of Security in TM Three areas form the basis for Trust Management Public-Key Cryptography and Certificates Policy Discovery Policy specification Language What is Trust Management Public-Key Cryptography Certificates: X.509 v3 Version Serial Number Algorithm ID Issuer Validity Not Before Not After Subject Subject Public Key Info Public Key Algorithm Subject Public Key Issuer Unique Identifier (Optional) Subject Unique Identifier (Optional) Extensions (Optional) Certificate Signature Algorithm Certificate Signature digsigtrust What is Trust Management Additional Information for TM In order to use Certificates for Policy statements we can include Policies on the Certificates Prior to the Certificate Signature. Policies may be encrypted, or in plain text. The certificate is included with a request If the certificate authorizes the request and the TM system can authenticate the requestor, the request is granted. What is Trust Management Authorization Process Trust Management System ETMU(Request) ETMP(EAU(Request,Authorization|Rejection) What is Trust Management The Basis of Security in TM Three areas form the basis for Trust Management Certificates (PKI) Policy Discovery Policy specification What is Trust Management Policy Discovery Policy discovery is not trivial because authorization is included on the certificate. The key issue is who do I trust. So, given a certificate and a request, does this certificate authorize the request and is it issued by someone I trust. What is Trust Management Policy Discovery via Chains Consider a fourth level delegation. PA PB Pc E This is a delegation chain to some entity E. If E makes a request to PA, how can PA authorize E with out knowing the chain of authorization PA PB Pc? This process is called chain discovery and is largely solved using graph theory. What is Trust Management The Basis of Security in TM Three areas form the basis for Trust Management Certificates (PKI) Policy Discovery Policy specification What is Trust Management Policy Specification The ground breaking work of certificates for authentication in a hierarchical environment such as SSL certificates used to secure web pages has been extended to include policies for authorization. Authorizations on the certificates are specified in a policy language that is often based on logic (e.g. First Order Predicate Logic). What is Trust Management Policy Languages The policy languages must be closed. The consequences of a closed language: 1. 2. 3. Expression is limited Every Expression can be proven true or false. Approximation techniques exist in Logics that lend themselves to expanding the expressive capabilities of policy languages. What is Trust Management Research vs. Commercial Systems Research in Trust Management spans a time period from 1996 when PolicyMaker was introduced to the present time. Research has made most if not all of the theoretical breakthroughs necessary to make TM a viable commercial technology. Commercial systems approximate the capabilities of research systems. Current Trust Management Commercial Systems IBM provides Federated Identity Management System http://www-306.ibm.com/software/tivoli/products/federated-identity-mgr/ Microsoft has an Identity and Access Management Series that talks about their systems. http://www.microsoft.com/technet/security/topics/identitymanagement/idmanage/default.mspx RSA Security has a suite of applications to provide TM including: ClearTrust and Federated Identity Manager. http://www.rsasecurity.com/node.asp?id=1155 Current Trust Management Conclusions Trust Management is a system that provides access control in a decentralized distributed environment. Research on TM provides a sound theoretical basis. Commercial Systems are now providing most if not all of the components of Trust Management. References S. Anderson. Constraint datalog in trust management. Master's thesis, University of Nebraska, Lincoln, 2003. M. Blaze, J. Feigenbaum, and J. Lacy. Decentralized trust management. Technical Report 96-17, AT and T Research, 1996. Y.-H. Chu, J. Feigenbaum, B. LaMacchia, P. Resnick, and M. Strauss. REFEREE: Trust management for Web applications. Computer Networks and ISDN Systems, 29(8-13):953964, 1997. T. Grandison and M. Sloman. A survey of trust in internet application. IEEE Communications Surveys and Tutorials, 3(Fourth Quarter), 2000. Herzberg, Mass, Mihaeli, Naor, and Ravid. Access control meets public key infrastructure, or: Assigning roles to strangers. In RSP: 21th IEEE Computer Society Symposium on Research in Security and Privacy, 2000. N. Li and J. C. Mitchell. Datalog with constraints: A foundation for trust management languages. In Proceedings of the Fifth International Symposium on Practical Aspects of Declarative Languages, 2003. To appear. N. Li and J. Mitchell. Understanding SPKI/SDSI using first-order logic. In To Appear in IEEE Computer Security Foundations Workshop, 2003. Y. Tao, D. Papadias, and J. Sun. The TPR*-tree: An optimized spatio-temporal access method for predictive queries. In Proceedings of the Twenty-ninth International Conference on Very Large Data Bases, 2003. http://www-306.ibm.com/software/tivoli/products/federated-identity-mgr/ http://www.microsoft.com/technet/security/topics/identitymanagement/idmanage/ http://www.rsasecurity.com/node.asp?id=1155 Questions
© Copyright 2024 Paperzz