1 / 10

KeyNote

KeyNote. KeyNote: “?”. Aim:- A notation for specifying local security policies and security credentials that can be sent over an untrusted network. KeyNote: versus PolicyMaker. KeyNote predicate notations are based on C-like expressions and regular expressions.

Mercy
Télécharger la présentation

KeyNote

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. KeyNote

  2. KeyNote: “?” • Aim:- A notation for specifying local security policies and security credentials that can be sent over an untrusted network. Vishwas Patil, TIFR.

  3. KeyNote: versus PolicyMaker • KeyNote predicate notations are based on C-like expressions and regular expressions. • KeyNote assertions always return a boolean. • It has built-in credential signature verification. • Human-readable assertion syntax (RFC 822). • Trusted actions are described by simple attribute/value pair. But it is similar in spirit to that of PolicyMaker! Vishwas Patil, TIFR.

  4. KeyNote: Approach • KeyNote accepts as input a set of local policy assertions, a collection of credential assertions, and a collection of attributes (action environment) that describes a proposed trusted action associated with a set of public-keys. • By applying assertion predicates to the environment it decides consistency of actions with local policy. Vishwas Patil, TIFR.

  5. KeyNote: Architecture • KeyNote is monotonic; adding an assertion to a query can never result in a query's having a lower compliance value that it would have had without the assertion. • Removing an assertion never results in increasing the compliance value returned by KeyNote for a given query. • The monotonicity property can simplify the design and analysis of complex network- based security protocols. Vishwas Patil, TIFR.

  6. KeyNote: Architecture Continued • KeyNote does not itself provide credential revocation services. • KeyNote compliance checker helps in verifying (signature) the credentials received from untrusted requestor. Vishwas Patil, TIFR.

  7. Vishwas Patil, TIFR.

  8. Keynote: Basic Syntax structure • A KeyNote assertion contains a sequence of sections, called fields,each of which specifies one aspect of the assertion's semantics. • Fields start with an identifier at the beginning of a line and continue until the next field is encountered. <Assertion>:: <VersionField>? <AuthField> <LicenseesField>? <LocalConstantsField>? <ConditionsField>? <CommentField>? <SignatureField>? ; [X]* means zero or more repetitions of character string X. [X]+ means one or more repetitions of X. <X>* means zero or more repetitions of non-terminal <X>. <X>+ means one or more repetitions ofX. <X>? means zero or one repetitions ofX. • Nonterminal grammar symbols are enclosed in angle brackets. • Quoted strings in grammar productions represent terminals. • All KeyNote assertions are encoded in ASCII. Vishwas Patil, TIFR.

  9. KeyNote: Semantics • Informally, the semantics of KeyNote evaluation can be thought of as involving the construction of a directed graph of KeyNote assertions rooted at aPOLICYassertion that connects with at least one of the principals that requested the action. • Semantics are almost similar to PolicyMaker. • RFC 2704 gives detailed description of the semantics. Vishwas Patil, TIFR.

  10. KeyNote: Discussion • Advantages / Disadvantages • Evaluation: simplicity, expressiveness, generality, extensibility • Open-Source implementations available. • OpenBSD uses it in IPSEC implementation. • $ man keynote Vishwas Patil, TIFR.

More Related