The Technology of Trust Credential Chain Discovery

نویسندگان

  • Marianne Winslett
  • Ting Yu
  • Kent E. Seamons
  • Adam Hess
  • Jared Jacobson
  • Ryan Jarvis
  • Bryan Smith
  • Lina Yu
چکیده

Increased connectivity and data availability enable new ways of conducting business, but they also create new security vulnerabilities. For example, to streamline a financial transaction, an organization might want to give certain strangers — that is, parties from outside its security domain — access to some of its local resources. Before doing so, however, the organization must establish firm policies outlining the types of strangers who can access the resources, as well the types of data and services the organization will make available to them. Traditional access-control policies describe access conditions in terms that only apply to parties within the local security domain. Clearly, new kinds of accesscontrol policies are needed. Trust negotiation can allow strangers to access sensitive data and services on the Internet.1,2 Trust negotiation is the iterative disclosure of credentials and requests for credentials between two parties, with the goal of establishing sufficient trust so that the parties can complete a transaction. Trust negotiation should be ubiquitous: available anytime, anywhere, at all layers of software, wherever strangers might wish to interact, including mobile devices and intelligent environments. Traditional approaches to establishing trust either minimize security measures (for example, they do not verify credentials) or assume that the parties are not strangers and can present a local identity (login, capability, or credential) to obtain service. Trust management systems such as PolicyMaker,3 KeyNote,4 simple public key infrastructure/simple distributed security infrastructure (SPKI/SDSI),5 and Delegation Logic6 support delegation of authority, but are not helpful for establishing trust between strangers using generalpurpose credentials. Our system, TrustBuilder, supports automated trust negotiation between strangers on the Internet. TrustBuilder lets negotiating parties disclose relevant digital credentials and access-control policies and establish the trust necessary to complete their interaction (see the sidebar, “TrustBuilder in Action,” for an example scenario). TrustBuilder is intend-

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Distributed Credential Chain Discovery in Trust

We give goal-oriented algorithms for discovering credential chains in RT0, a role-based trust-management language introduced in this paper. The algorithms search credential graphs, a representation of RT0 credentials. We prove that evaluation based on reachability in credential graphs is sound and complete with respect to the set-theoretic semantics of RT0. RT0 is more expressive than SDSI 2.0,...

متن کامل

Distributed Credential Chain Discovery in Trust Management

We introduce a simple Role-based Trust-management language RT0 and a set-theoretic semantics for it. We also introduce credential graphs as a searchable representation of credentials in RT0 and prove that reachability in credential graphs is sound and complete with respect to the semantics of RT0. Based on credential graphs, we give goal-directed algorithms to do credential chain discovery in R...

متن کامل

Distributed Credential Chain Discovery in Trust-Management with Parameterized Roles

Trust management (TM) is an approach to access control in decentralized distributed systems with access control decisions based on statements made by multiple principals. Li et al. developed the RT family of Role-Based Trust-management languages, which combine the strengths of Role-Based Access Control and TM systems. We present a distributed credential chain discovery algorithm for RT C 1 , a ...

متن کامل

Modularized Trust Management For Distributed Coalition Environments

Trust Management in distributed systems incorporates partially independent mechanisms to enable collaboration in distributed coalition environment. These modules can be distinguished by their characteristics of independent functionality, providing access control mechanism in decentralized environment, and discovery and management of credential documents including validation and revocation servi...

متن کامل

Enhancing Personal Identity Verification with Digital Watermarks Introduction

INTRODUCTION This white paper provides a response to a NIST request from the October 7, 2004 meeting regarding the Homeland Security Presidential Directive/Hspd-12 and the Personal Identity Verification (PIV) system. The paper discusses threats to ID security and demonstrates the need to link a physical document, on-card chip data and on-card chip. In addition, the paper describes digital water...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2001