Trust-X: A Peer-to-Peer Framework for Trust Establishment Elisa Bertino, et.al. Presented by: Carlos...
Click here to load reader
Embed Size (px)
Transcript of Trust-X: A Peer-to-Peer Framework for Trust Establishment Elisa Bertino, et.al. Presented by: Carlos...
Trust-X: A Peer-to-Peer Framework for Trust EstablishmentElisa Bertino, et.al.
Presented by:Carlos Caicedo
IntroductionTrust establishment via trust negotiationExchange of digital credentialsCredential exchange has to be protectedPolicies for credential disclosureClaim: Current approaches to trust negotiation dont provide a comprehensive solution that takes into account all phases of the negotiation process
Trust Negotiation modelClientServerPolicy BaseResource requestPoliciesPoliciesResource grantedCredentialsCredentials
Trust-XXML-based systemDesigned for a peer-to-peer environmentBoth parties are equally responsible for negotiation management.Either party can act as a requester or a controller of a resourceX-TNL: XML based language for specifying certificates and policies
Trust-X (2)Certificates: They are of two typesCredentials: States personal characteristics of its owner and is certified by a CADeclarations: collect personal information about its owner that does not need to be certifiedTrust tickets (X-TNL)Used to speed up negotiations for a resource when access was granted in a previous negotiationSupport for policy pre-conditionsNegotiation conducted in phases
Trust-X (3)a) Credential b) Declaration
The basic Trust-X system
Message exchange in a Trust-X negotiationBobPrerequisite acknowledgeMatch disclosurepoliciesAliceRequest Service request Credential and/or DeclarationDisclosure policies Service grantedDisclosure policies Credential and/or Declaration
Disclosure PoliciesThey state the conditions under which a resource can be released during a negotiationPrerequisites associated to a policy, its a set of alternative disclosure policies that must be satisfied before the disclosure of the policy they refer to.
Modeling negotiation:logic formalism P() credential typeC set of conditionsRP1(c), P2(c)Policy expressed asDisclosure policies are expressed in terms of logical expressions which can specify either simple or composite conditions against certificates.Slide from: http://www.ccs.neu.edu/home/ahchan/wsl/symposium/bertino.ppt
ExampleConsider a Rental Car service. The service is free for the employees of Corrier company. Moreover, the Company already knows Corrier employees and has a digital copy of their driving licenses. Thus, it only asks the employees for the company badge and a valid copy of the ID card, to double check the ownership of the badge. By contrast, rental service is available on payment for unknown requesters, who have to submit first a digital copy of their driving licence and then a valid credit card. These requirements can be formalized as follows:
Negotiation TreeUsed in the policy evaluation phaseMaintains the progress of a negotiationUsed to identify at least a possible trust sequence that can lead to success in a negotiation (a view)
Negotiation Tree (2)
Comparison of Trust Negotiation Systems
Credentials contain sensitive infoPolicies specify which credentials must be received before the requested credential can be revealedThe system is composed of a Policy Base, storing disclosure policies, the X-Profile associated with the party,a Tree Manager, storing the state of the negotiation, and aCompliance Checker, to test policy satisfaction and determine request replies.
Client e Server sono dotati di unarchitettura per mantenere sotto controllo il processo di negoziazione in Trust-X che cosi composta:il Policy DataBase dove risiedono le politiche di rilascioUn X-Profile che contiene i certificati che ha a disposizione lentit Un Tree Manager dove viene memorizzato lo stato della negoziazioneUn Compliance Checker che determina sia la soddisfacibilit delle politiche di rilascio che le richieste verso al controparte attra.Il compito principale di tali moduli di supportare la negoziazione tramite lo scambio di politiche e eventualmente di credenziali e risorse sensibili.
Once a trust sequence has been determined the credential exchange phase is actually executed. Each time a credential is received, the local compliance checker module checks local policy satisfaction and verifies at runtime the validity and ownership of the remote credentials. Una slide per lalberoPolicy pol2 requires the driving license of the requesterand is a precondition to proceed on the rental process.Intuitively, there is no reason to ask for a credit card ifthe requester cannot drive a car. Thus, pol3 can bedisclosed whether policy pol2 specified in its preconditionset is satisfied. The resource is thus deliverable (pol4)when either policy pol3 or pol1 are satisfied.
Edges in tree are policiesNodes are terms. A term is an expression of the following forms.Expressions of the form P (C ) where P is a Trust-X certificate and C is a possibly empty list of policy conditionsX(C ) : where X is a variable and C is a nonempty list of policy conditionsTrust builder does not have any facility to speed up negotiation whenever possible. Also, it does not have the notion of sequence caching