Abstract
Existing authorization mechanisms fail to provide powerful and robust tools for handling security at the scale necessary for today’s Internet. These mechanisms are coming under increasing strain from the development and deployment of systems that increase the programmability of the Internet. Moreover, this “increased flexibility through programmability” trend seems to be accelerating with the advent of proposals such as Active Networking and Mobile Agents.
The trust-management approach to distributed-system security was developed as an answer to the inadequacy of traditional authorization mechanisms. Trust-management engines avoid the need to resolve “identities” in an authorization decision. Instead, they express privileges and restrictions in a programming language. This allows for increased flexibility and expressibility, as well as standardization of modern, scalable security mechanisms. Further advantages of the trust-management approach include proofs that requested transactions comply with local policies and system architectures that encourage developers and administrators to consider an application’s security policy carefully and specify it explicitly.
In this paper, we examine existing authorization mechanisms and their inadequacies. We introduce the concept of trust management, explain its basic principles, and describe some existing trust-management engines, including PolicyMaker and KeyNote. We also report on our experience using trust-management engines in several distributed-system applications.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
D. S. Alexander, W. A. Arbaugh, M. Hicks, P. Kakkar, A. D. Keromytis, J. T. Moore, C. A. Gunter, S. M. Nettles, and J. M. Smith. The SwitchWare Active Network Architecture. IEEE Network Magazine, special issue on Active and Programmable Networks, 12(3):29–36, 1998.
D. S. Alexander, W. A. Arbaugh, A. D. Keromytis, and J. M. Smith. A Secure Active Network Environment Architecture: Realization in SwitchWare. IEEE Network Magazine, special issue on Active and Programmable Networks, 12(3):37–45, 1998.
D. S. Alexander, W. A. Arbaugh, A. D. Keromytis, and J. M. Smith. Security in active networks. In Jan Vitek and Christian Jensen, editors, Secure Internet Programming, Lecture Notes in Computer Science. Springer-Verlag Inc., New York, NY, USA, 1999.
M. Blaze, J. Feigenbaum, J. Ioannidis, and A. Keromytis. The KeyNote Trust-Management System. Work in Progress, http://www.cis.upenn.edu/~angelos/keynote.html, June 1998.
M. Blaze, J. Feigenbaum, and J. Lacy. Decentralized Trust Management. In Proc. of the 17th Symposium on Security and Privacy, pages 164–173. IEEE Computer Society Press, Los Alamitos, 1996.
M. Blaze, J. Feigenbaum, P. Resnick, and M. Strauss. Managing Trust in an Information Labeling System. In European Transactions on Telecommunications, 8, pages 491–501, 1997.
M. Blaze, J. Feigenbaum, and M. Strauss. Compliance Checking in the Policy-Maker Trust-Management System. In Proc. of the Financial Cryptography’ 98, Lecture Notes in Computer Science, vol. 1465, pages 254–274. Springer, Berlin, 1998.
R. Braden, L. Zhang, S. Berson, S. Herzog, and S. Jamin. Resource ReSerVation Protocol (RSVP) — Version 1 Functional Specification. Internet RFC 2208, 1997.
M. Calderon, M. Sedano, A. Azcorra, and C. Alonso. The Support of Active Networks for Fuzzy-Tolerant Multicast Applications. IEEE Network Magazine, special issue on Active and Programmable Networks, 12(3):20–28, 1998.
J. Chinitz and S. Sonnenberg. A Transparent Security Framework For TCP/IP and Legacy Applications. Technical report, Intellisoft Corp., August 1996.
Y.-H. Chu, J. Feigenbaum, B. LaMacchia, P. Resnick, and M. Strauss. REFEREE: Trust Management for Web Applications. In World Wide Web Journal, 2, pages 127–139, 1997.
S. E. Deering. Host extensions for IP multicasting. Internet RFC 1112, 1989.
C. M. Ellison, B. Frantz, R. Rivest, B. M. Thomas, and T. Ylonen. Simple Public Key Certificate. Work in Progress, http://www.pobox.com/~cme/html/spki.html, April 1997.
S. Even, A. Selman, and Y. Yacobi. The Complexity of Promise Problems with Applications to Public-Key Cryptography. Information and Control, 61:159–174, 1984.
James Gosling, Bill Joy, and Guy Steele. The Java Language Specification. Addison Wesley, Reading, 1996.
M. Hicks, P. Kakkar, J. T. Moore, C. A. Gunter, and S. Nettles. PLAN: A Programming Language for Active Networks. Technical Report MS-CIS-98-25, Department of Computer and Information Science, University of Pennsylvania, February 1998.
Angelos D. Keromytis, Matt Blaze, John Ioannidis, and Jonathan M. Smith. Firewalls in Active Networks. Technical Report MS-CIS-98-03, University of Pennsylvania, February 1998.
J. Lacy, J. Snyder, and D. Malier. Music on the Internet and the Intellectual Property Protection Problem. In Proc. of the International Symposium on Industrial Electronics, pages SS77–83. IEEE Press, 1997.
B. Lampson and R. Rivest. Cryptography and Information Security Group Research Project: A Simple Distributed Security Infrastructure. Technical report, MIT, 1997.
Xavier Leroy. The Caml Special Light System (Release 1.10). http://pauillac.inria.fr/ocaml.
R. Levien, L. McCarthy, and M. Blaze. Transparent Internet E-mail Security. http://www.cs.umass.edu/~lmccarth/crypto/papers/email.ps.
S. P. Miller, B. C. Neuman, J. I. Schiller, and J. H. Saltzer. Kerberos authentication and authorization system. Technical report, MIT, December 1987.
George C. Necula. Proof-Carrying Code. In Proceedings of the 24th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL), pages 106–119. ACM Press, New York, January 1997.
George C. Necula and Peter Lee. Safe Kernel Extensions Without Run-Time Checking. In Second Symposium on Operating System Design and Implementation (OSDI), pages 229–243. Usenix, Seattle, 1996.
C. Partridge and A. Jackson. Smart Packets. Technical report, BBN, 1996. http://www.net-tech.bbn.com-/smtpkts/smtpkts-index.html.
P. Resnick and J. Miller. PICS: Internet Access Controls Without Censorship. Communications of the ACM, pages 87–93, October 1996.
D. Wetherall, U. Legedza, and J. Guttag. Introducing New Internet Services: Why and How. IEEE Network Magazine, special issue on Active and Programmable Networks, 12(3):12–19, 1998.
David J. Wetherall, John Guttag, and David L. Tennenhouse. Ants: A toolkit for building and dynamically deploying network protocols. In IEEE OpenArch Proceedings. IEEE Computer Society Press, Los Alamitos, April 1998.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1999 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Blaze, M., Feigenbaum, J., Ioannidis, J., Keromytis, A.D. (1999). The Role of Trust Management in Distributed Systems Security. In: Vitek, J., Jensen, C.D. (eds) Secure Internet Programming. Lecture Notes in Computer Science, vol 1603. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-48749-2_8
Download citation
DOI: https://doi.org/10.1007/3-540-48749-2_8
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-66130-6
Online ISBN: 978-3-540-48749-4
eBook Packages: Springer Book Archive