Skip to main content
SpringerLink
Log in

The Role of Trust Management in Distributed Systems Security

  • Chapter
Book cover Secure Internet Programming

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 1603))

Abstract

Existing authorization mechanisms fail to provide powerful and robust tools for handling security at the scale necessary for today’s Internet. These mechanisms are coming under increasing strain from the development and deployment of systems that increase the programmability of the Internet. Moreover, this “increased flexibility through programmability” trend seems to be accelerating with the advent of proposals such as Active Networking and Mobile Agents.

The trust-management approach to distributed-system security was developed as an answer to the inadequacy of traditional authorization mechanisms. Trust-management engines avoid the need to resolve “identities” in an authorization decision. Instead, they express privileges and restrictions in a programming language. This allows for increased flexibility and expressibility, as well as standardization of modern, scalable security mechanisms. Further advantages of the trust-management approach include proofs that requested transactions comply with local policies and system architectures that encourage developers and administrators to consider an application’s security policy carefully and specify it explicitly.

In this paper, we examine existing authorization mechanisms and their inadequacies. We introduce the concept of trust management, explain its basic principles, and describe some existing trust-management engines, including PolicyMaker and KeyNote. We also report on our experience using trust-management engines in several distributed-system applications.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. D. S. Alexander, W. A. Arbaugh, M. Hicks, P. Kakkar, A. D. Keromytis, J. T. Moore, C. A. Gunter, S. M. Nettles, and J. M. Smith. The SwitchWare Active Network Architecture. IEEE Network Magazine, special issue on Active and Programmable Networks, 12(3):29–36, 1998.

    Google Scholar 

  2. D. S. Alexander, W. A. Arbaugh, A. D. Keromytis, and J. M. Smith. A Secure Active Network Environment Architecture: Realization in SwitchWare. IEEE Network Magazine, special issue on Active and Programmable Networks, 12(3):37–45, 1998.

    Google Scholar 

  3. D. S. Alexander, W. A. Arbaugh, A. D. Keromytis, and J. M. Smith. Security in active networks. In Jan Vitek and Christian Jensen, editors, Secure Internet Programming, Lecture Notes in Computer Science. Springer-Verlag Inc., New York, NY, USA, 1999.

    Google Scholar 

  4. M. Blaze, J. Feigenbaum, J. Ioannidis, and A. Keromytis. The KeyNote Trust-Management System. Work in Progress, http://www.cis.upenn.edu/~angelos/keynote.html, June 1998.

  5. M. Blaze, J. Feigenbaum, and J. Lacy. Decentralized Trust Management. In Proc. of the 17th Symposium on Security and Privacy, pages 164–173. IEEE Computer Society Press, Los Alamitos, 1996.

    Google Scholar 

  6. M. Blaze, J. Feigenbaum, P. Resnick, and M. Strauss. Managing Trust in an Information Labeling System. In European Transactions on Telecommunications, 8, pages 491–501, 1997.

    Article  Google Scholar 

  7. M. Blaze, J. Feigenbaum, and M. Strauss. Compliance Checking in the Policy-Maker Trust-Management System. In Proc. of the Financial Cryptography’ 98, Lecture Notes in Computer Science, vol. 1465, pages 254–274. Springer, Berlin, 1998.

    Chapter  Google Scholar 

  8. R. Braden, L. Zhang, S. Berson, S. Herzog, and S. Jamin. Resource ReSerVation Protocol (RSVP) — Version 1 Functional Specification. Internet RFC 2208, 1997.

    Google Scholar 

  9. M. Calderon, M. Sedano, A. Azcorra, and C. Alonso. The Support of Active Networks for Fuzzy-Tolerant Multicast Applications. IEEE Network Magazine, special issue on Active and Programmable Networks, 12(3):20–28, 1998.

    Google Scholar 

  10. J. Chinitz and S. Sonnenberg. A Transparent Security Framework For TCP/IP and Legacy Applications. Technical report, Intellisoft Corp., August 1996.

    Google Scholar 

  11. Y.-H. Chu, J. Feigenbaum, B. LaMacchia, P. Resnick, and M. Strauss. REFEREE: Trust Management for Web Applications. In World Wide Web Journal, 2, pages 127–139, 1997.

    Google Scholar 

  12. S. E. Deering. Host extensions for IP multicasting. Internet RFC 1112, 1989.

    Google Scholar 

  13. C. M. Ellison, B. Frantz, R. Rivest, B. M. Thomas, and T. Ylonen. Simple Public Key Certificate. Work in Progress, http://www.pobox.com/~cme/html/spki.html, April 1997.

  14. S. Even, A. Selman, and Y. Yacobi. The Complexity of Promise Problems with Applications to Public-Key Cryptography. Information and Control, 61:159–174, 1984.

    Article  MATH  MathSciNet  Google Scholar 

  15. James Gosling, Bill Joy, and Guy Steele. The Java Language Specification. Addison Wesley, Reading, 1996.

    MATH  Google Scholar 

  16. M. Hicks, P. Kakkar, J. T. Moore, C. A. Gunter, and S. Nettles. PLAN: A Programming Language for Active Networks. Technical Report MS-CIS-98-25, Department of Computer and Information Science, University of Pennsylvania, February 1998.

    Google Scholar 

  17. Angelos D. Keromytis, Matt Blaze, John Ioannidis, and Jonathan M. Smith. Firewalls in Active Networks. Technical Report MS-CIS-98-03, University of Pennsylvania, February 1998.

    Google Scholar 

  18. J. Lacy, J. Snyder, and D. Malier. Music on the Internet and the Intellectual Property Protection Problem. In Proc. of the International Symposium on Industrial Electronics, pages SS77–83. IEEE Press, 1997.

    Google Scholar 

  19. B. Lampson and R. Rivest. Cryptography and Information Security Group Research Project: A Simple Distributed Security Infrastructure. Technical report, MIT, 1997.

    Google Scholar 

  20. Xavier Leroy. The Caml Special Light System (Release 1.10). http://pauillac.inria.fr/ocaml.

  21. R. Levien, L. McCarthy, and M. Blaze. Transparent Internet E-mail Security. http://www.cs.umass.edu/~lmccarth/crypto/papers/email.ps.

  22. S. P. Miller, B. C. Neuman, J. I. Schiller, and J. H. Saltzer. Kerberos authentication and authorization system. Technical report, MIT, December 1987.

    Google Scholar 

  23. George C. Necula. Proof-Carrying Code. In Proceedings of the 24th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL), pages 106–119. ACM Press, New York, January 1997.

    Chapter  Google Scholar 

  24. George C. Necula and Peter Lee. Safe Kernel Extensions Without Run-Time Checking. In Second Symposium on Operating System Design and Implementation (OSDI), pages 229–243. Usenix, Seattle, 1996.

    Google Scholar 

  25. C. Partridge and A. Jackson. Smart Packets. Technical report, BBN, 1996. http://www.net-tech.bbn.com-/smtpkts/smtpkts-index.html.

  26. P. Resnick and J. Miller. PICS: Internet Access Controls Without Censorship. Communications of the ACM, pages 87–93, October 1996.

    Google Scholar 

  27. D. Wetherall, U. Legedza, and J. Guttag. Introducing New Internet Services: Why and How. IEEE Network Magazine, special issue on Active and Programmable Networks, 12(3):12–19, 1998.

    Google Scholar 

  28. David J. Wetherall, John Guttag, and David L. Tennenhouse. Ants: A toolkit for building and dynamically deploying network protocols. In IEEE OpenArch Proceedings. IEEE Computer Society Press, Los Alamitos, April 1998.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. AT&T Labs — research, 180 Park Avenue, Florham Park, NJ, 07932, USA

    Matt Blaze, Joan Feigenbaum & John Ioannidis

  2. Distributed Systems Lab CIS Department, University of Pennsylvania, 200 S. 33rd Str., Philadelphia, PA, 19104, USA

    Angelos D. Keromytis

Authors
  1. Matt Blaze
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Joan Feigenbaum
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. John Ioannidis
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Angelos D. Keromytis
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Object Systems Group, University of Geneva, CH-1211, Geneva 4, Switzerland

    Jan Vitek

  2. Department of Computer Science, O’Reilly Institute, Trinity College Dublin, Dublin 2, Ireland

    Christian D. Jensen

Rights and permissions

Reprints and permissions

Copyright information

© 1999 Springer-Verlag Berlin Heidelberg

About this chapter

Cite this chapter

Blaze, M., Feigenbaum, J., Ioannidis, J., Keromytis, A.D. (1999). The Role of Trust Management in Distributed Systems Security. In: Vitek, J., Jensen, C.D. (eds) Secure Internet Programming. Lecture Notes in Computer Science, vol 1603. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-48749-2_8

Download citation

  • DOI: https://doi.org/10.1007/3-540-48749-2_8

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-66130-6

  • Online ISBN: 978-3-540-48749-4

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation