1 / 19

An Introduction to Decentralized Trust Management

An Introduction to Decentralized Trust Management. Sandro Etalle University of Twente thanks to William H. Winsborough – University of Texas S. Antonio. The DTM team of the UT (Ha, Marcin, Jeroen Jerry). Overview. Reputation-based trust management Rule-based trust management

monifa
Télécharger la présentation

An Introduction to Decentralized Trust Management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. An Introduction to Decentralized Trust Management Sandro Etalle University of Twente thanks to William H. Winsborough – University of Texas S. Antonio. The DTM team of the UT (Ha, Marcin, Jeroen Jerry)

  2. Overview • Reputation-based trust management • Rule-based trust management • Problems & Challenges (rule-based systems) • scalability & chain discovery • trust negotiation • integrity constraints • Conclusions Etalle: Decentralized Trust Management.

  3. Reputation-based TM concrete • community of cooks (200 people) • need to interact with someone you don’t know, • to extablish trust: • you ask your friends • and friends of friends • ... • some recommendations are better than other • you check the record (if any) • after success trust increases reputation-based TM – rule-based TM – problems & challenges - conclusions Etalle: Decentralized Trust Management.

  4. Reputation-based TM virtual • p2p community of hackers (2000 people) • exchange programs & scripts • need to interact with someone you don’t know, • ... • difference with concrete community: • larger, faster • trust establishment has to be to some extent automatic reputation-based TM – rule-based TM – problems & challenges - conclusions Etalle: Decentralized Trust Management.

  5. for instance reputation-based TM – rule-based TM – problems & challenges - conclusions Etalle: Decentralized Trust Management.

  6. challenges • trust metrics • how to model and compute trust • evaluating initial trust value • combining evidences, recommendations, reputation • management of reputation data • secure & efficient retrieval of reputation data • automating trust based decision • closing the circle: using experience as feedback reputation-based TM – rule-based TM – problems & challenges - conclusions Etalle: Decentralized Trust Management.

  7. Reputation-based TM: salient features • open system (different security domains) • trust is a measure & changes in time • risk-based • recommendation based (NOT identity-based) • peers are not continuously available • Some systems: • PGP, • EigenTrust Algorithm (Stanford) reputation-based TM – rule-based TM – problems & challenges - conclusions Etalle: Decentralized Trust Management.

  8. rule-based TM: concrete example reputation-based TM – rule-based TM – problems & challenges - conclusions Etalle: Decentralized Trust Management.

  9. rule-based tm, virtual • scalability reputation-based TM – rule-based TM – problems & challenges - conclusions Etalle: Decentralized Trust Management.

  10. RT: a language for rule-based tm • family of languages [Li, Mitchell, Winsborough] • four types of credentials • EPub.discount Alice • EPub.discount UTwente.student • EPub.discount FAB.accredited.student • EPub.discount UTwente.student  UTwente.student principal role name principal.rolename = Role trusting principal trusted principal (somewhere else: delegation) attribute-based delegation reputation-based TM – rule-based TM – problems & challenges - conclusions Etalle: Decentralized Trust Management.

  11. some language requirements • [Bertino] • Monotonicity • Constraints (omitted) • Credential combination • Sensitive Policies reputation-based TM – rule-based TM – problems & challenges - conclusions Etalle: Decentralized Trust Management.

  12. open system (different security domains) trust is a measure & changes in time risk-based recommendation based (NOT identity-based) peers are not continuously available Some systems: PGP TBD open system (different security domains) trust is boolean & less time-dependent no risk rule (credential) based (NOT identity-based) peers are not continuously available Some systems: keynote, Trust-X Reputation vs rule based TM reputation-based TM – rule-based TM – problems & challenges - conclusions Etalle: Decentralized Trust Management.

  13. Problem 1: scalability • attribute-based delegation: • accepting student ID from any university • EPub.discount  FAB.accred.student • FAB.accredited  UnivTwente • UnivTwente.student  Alice • Credential chain proves authorization. • Scalability problem reputation-based TM – rule-based TM – problems & challenges - conclusions Etalle: Decentralized Trust Management.

  14. Problem 2: trust negotiations • credentials can be confidential • credential disclosure is a matter of... trust • three strategies [Seamons] • Naive • Reasonable • Informed • additional problem: what do you do with the info in a credential after it has been disclosed reputation-based TM – rule-based TM – problems & challenges - conclusions Etalle: Decentralized Trust Management.

  15. Problem 3: control • Policies change in time: P  P1  ...  Pn • A principal controls only a portion of the policy • Delegating trust implies an understanding between principals, • Trusted principals need assistance • Who could get access to what? (Safety) • Who could be denied? (Availability) • “No-one should ever be both a buyer and an accountant” • Mutual Exclusion reputation-based TM – rule-based TM – problems & challenges - conclusions Etalle: Decentralized Trust Management.

  16. Conclusions • Context: • 2 or more parties in an open system. • parties are not in the same security domain. • Goal • establish trust between parties to exchange information and services (access control) • Constraint • access control decision is made • NOT according to the party identity • BUT according to the credentials it has reputation-based TM – rule-based TM – problems & challenges - conclusions Etalle: Decentralized Trust Management.

  17. Analysis safety analysis we are now working with Spin in RT0, for RTC (with constraints) nothing is available of negotiations protocols w.r.t. the TM goals. Integration with other systems e.g. privacy protection location-dependent policies ambient calculi? DRM Semantics is not correct when considering: chain discovery negotiations is not modular certainly possible to improve this using previous work on omega-semantics. Types Open problems Etalle: Decentralized Trust Management.

  18. Integrity Constraints: General Form • General: L.l ⊒ R.r • Formally, L.l ⊒ R.r holds in P (P ⊢ L.l ⊒ R.r) iff [[L.l]]P [[R.r]]P • sets and intersections are allowed • Special cases • Membership: A.r ⊒ { D1, …, Dn } • Boundedness: { D1, …, Dn }⊒ A.r • expressiveness is limited (it is a universal formula) but we can express all safety properties of [LWM03] • counterexample: at least a manager should have access to the DB Etalle: Decentralized Trust Management.

  19. Examples • buyers and accountants should be disjoint •  ⊒ A.buyer  A.accountant • every employee should have access to the WLAN network • WLAN.access ⊒ UT.employee • welders of BOVAG-accredited workshops should be fellows of the British Institute of Welding • Bovag.welder  Bovag.accr.welder • Bovag.accr  PietersWorkshop • PietersWorkshop.welder  Pieter • BIW.fellow ⊒ Bovag.welder Etalle: Decentralized Trust Management.

More Related