KeyNote: Trust Management for Public-Key. 180 Park Avenue. Florham Park, NJ USA.

Similar documents
QCM implementation currently supports denitions in an LDAP database [23] or a at le in a specic format. After L has made these denitions, a QCM evalua

Network Working Group. A. Keromytis U. of Pennsylvania March DSA and RSA Key and Signature Encoding for the KeyNote Trust Management System

CS590U Access Control: Theory and Practice. Lecture 15 (March 1) Overview of Trust Management

Advanced Access Control. Role-Based Access Control. Common Concepts. General RBAC Rules RBAC96

Trust Management: An Overview

Category: Informational January 2010 ISSN:

Position Paper. Joan Feigenbaum. AT&T Labs í Research. 180 Park Avenue, Room C203. well-suited to e-commerce.

Delegation Logic: A Logic-based Approach to Distributed Authorization

Distributed Access Control. Trust Management Approach. Characteristics. Another Example. An Example

Computing of Trust in Distributed Networks

Secure Active Network Environment (SANE) Trust, but Verify

Adding SPKI Certificates to JDK 1.2

Policy-directed certificate retrieval

Delegation Logic: A Logic-based Approach to Distributed Authorization

Network Working Group. AT&T Labs - Research A. Keromytis U. of Pennsylvania September 1999

Path-based Access Control for Enterprise Networks

Programming Languages Third Edition

Distributed Trust. John Ioannidis, AT&T Labs Research. Angelos D. Keromytis, Columbia University

Personal Security Agent: KQML-Based PKI. Dept. of Computer Science & Electrical Engineering. Baltimore, MD 21250

Personal Security Agent: KQML-Based PKI. Qi He, Katia P. Sycara. The Robotics Institute. Carnegie Mellon University. Pittsburgh, PA.

Modeling Public Key Infrastructure in the Real World

Logic and Practice of Trust Management

Authorization and Certificates: Are We Pushing When We Should Be Pulling?

Lecture 11 Lecture 11 Nov 5, 2014

Applying decentralized trust management to DNS dynamic updates

Induction and Semantics in Dafny

Datalog with Constraints: A Foundation for Trust Management Languages

Lecture Notes 14 : Public-Key Infrastructure

Role-Based Cascaded Delegation

CMSC 330: Organization of Programming Languages. Formal Semantics of a Prog. Lang. Specifying Syntax, Semantics

Rule Formats for Nominal Modal Transition Systems

A Delegation Based Model for Distributed Trust

the application rule M : x:a: B N : A M N : (x:a: B) N and the reduction rule (x: A: B) N! Bfx := Ng. Their algorithm is not fully satisfactory in the

Part II. Hoare Logic and Program Verification. Why specify programs? Specification and Verification. Code Verification. Why verify programs?

Robust Membership Management for Ad-hoc Groups

An Implementation of a Secure Web Client Using SPKI/SDSI Certicates by Andrew J. Maywah Submitted to the Department of Electrical Engineering and Comp

Leslie Lamport: The Specification Language TLA +

Outline. Modeling Trust in Distributed Systems. Supply Chain Management. Problem. Problems. Ontology. Background. Processing Limitations

ISO/IEC INTERNATIONAL STANDARD

Proceedings of HotOS IX: The 9th Workshop on Hot Topics in Operating Systems

RFC 4871 DomainKeys Identified Mail (DKIM) Signatures -- Update draft-ietf-dkim-rfc4871-errata-03-01dc

A Boolean Expression. Reachability Analysis or Bisimulation. Equation Solver. Boolean. equations.

Authorization in Trust Management: Features and Foundations

XACML Function Annotations

D. Crocker, Ed. Updates: RFC4871 June 10, 2009 (if approved) Intended status: Standards Track Expires: December 12, 2009

SERIES X: DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY Secure applications and services Security protocols

Towards Flexible Credential Negotiation Protocols

ISO/IEC INTERNATIONAL STANDARD

core services service installation PLAN packet protocol B

Software Component Relationships. Stephen H. Edwards. Department of Computer Science. Virginia Polytechnic Institute and State University

Certificate chain discovery in SPKI/SDSI

Outlines. Design of A Role -based Trustmanagement. Permission-based (capability-style) What We Mean by Trust- Management? Systems?

A Robust Trust Model for Named-Data Networks

An LCF-Style Interface between HOL and First-Order Logic

Natural Semantics [14] within the Centaur system [6], and the Typol formalism [8] which provides us with executable specications. The outcome of such

Controlling digital multisignature with attribute certificate

On the Diculty of Software Key Escrow. Abstract. At Eurocrypt'95, Desmedt suggested a scheme which allows individuals to encrypt

Advanced Systems Security: Principles

Chapter 1: Key Concepts of Programming and Software Engineering

Advanced Systems Security: Principles

Hong Kong Access Federation (HKAF) Identity Provider Management Standard Version 1.0

Secure Role-Based Workflow Models

Information technology Open Systems Interconnection The Directory Part 8: Public-key and attribute certificate frameworks

Internet Engineering Task Force (IETF) Category: Experimental Helsinki Institute for Information Technology ISSN: May 2011

Video Services Forum Rules of Procedure

Binary Decision Diagrams

proc {Produce State Out} local State2 Out2 in State2 = State + 1 Out = State Out2 {Produce State2 Out2}

Program Design in PVS. Eindhoven University of Technology. Abstract. Hoare triples (precondition, program, postcondition) have

Supplementary Notes on Abstract Syntax

Linguistics and Philosophy 23: , Is Compositionality Formally Vacuous? Francis Jeffry Pelletier

has developed a specication of portions of the IEEE 854 oating-point standard in PVS [7]. In PVS, the injective function space injection can be dened

Algebraic Properties of CSP Model Operators? Y.C. Law and J.H.M. Lee. The Chinese University of Hong Kong.

AMAPOLA: A SIMPLE INFRASTRUCTURE FOR UBIQUITOUS COMPUTING*

Judith N. Froscher. Charles N. Payne, Jr. Code Naval Research Laboratory. Washington, D.C. October 12, 1992

Using XACML for Privacy Control in SAML-based Identity Federations

ITU-T Y Next generation network evolution phase 1 Overview

Advanced Algorithms and Computational Models (module A)

Statecharts. Chapter Interplay of Statecharts with Prolog

This is already grossly inconvenient in present formalisms. Why do we want to make this convenient? GENERAL GOALS

Trust Negotiation Protocol Support for Secure Mobile Network Service Deployment

Expiration Date: August 2003 February Access Control Prefix Router Advertisement Option for IPv6 draft-bellovin-ipv6-accessprefix-01.

Distributed authorization using delegation with acyclic paths

Reconstructing Trust Management

such internal data dependencies can be formally specied. A possible approach to specify

Advanced Systems Security: Principles

CS590U Access Control: Theory and Practice. Lecture 18 (March 10) SDSI Semantics & The RT Family of Role-based Trust-management Languages

CSCI 3155: Principles of Programming Languages Exam preparation #1 2007

OASIS: Architecture, Model and Management of Policy

Semantics via Syntax. f (4) = if define f (x) =2 x + 55.

Certificate Recommendations to Improve the Robustness of Web of Trust

Labels and Information Flow

How to Make a Correct Multiprocess Program Execute Correctly on a Multiprocessor

Operational Semantics 1 / 13

CSC Discrete Math I, Spring Sets

Proxy Blind Signature Scheme

Managing Access Control in Large Scale Heterogeneous Networks

Formal Verification. Lecture 10

Chapter 3. Describing Syntax and Semantics ISBN

(b) extended UML state machine diagram. (a) UML state machine diagram. tr D2 tr D1 D2 D1 D2

Trust Management in Wireless Networks

Transcription:

KeyNote: Trust Management for Public-Key Infrastructures Matt Blaze 1 Joan Feigenbaum 1 Angelos D. Keromytis 2 1 AT&T Labs { Research 180 Park Avenue Florham Park, NJ 07932 USA fmab,jfg@research.att.com 2 Distributed Systems Lab CIS Department, University of Pennsylvania 200 S. 33rd Str., Philadelphia, PA 19104 USA angelos@dsl.cis.upenn.edu Abstract. This paper discusses the rationale for designing a simple trust-management system for public-key infrastructures, called KeyNote. The motivating principles are expressiveness, simplicity, and extensibility. We believe that none of the existing public-key infrastructure proposals provide as good a combination of these three factors. 1 Introduction Trust management, introduced in the PolicyMaker system [2], is a unied approach to specifying and interpreting security policies, credentials, and relationships that allows direct authorization of security-critical actions. Security credentials (which subsume the role of \certicates") describe a specic delegation of trust among public keys; unlike traditional certicates, which bind keys to names, trust-management credentials bind keys to the authorization to perform specic tasks. KeyNote provides a simple notation for specifying both local security policies and security credentials that can be sent over an untrusted network. Policies and credentials, called \assertions," contain predicates that describe the trusted actions permitted by the holders of specic public keys. A signed assertion that can be sent over an untrusted network is called a Credential Assertion. Credential assertions, which subsume the role of certicates, have the same syntax as policy assertions with the additional feature that they are signed by the entity delegating the trust. A KeyNote evaluator accepts as input a set of local policy assertions, a collection of credential assertions, and a collection of attributes, called an \action environment," that describes a proposed trusted action associated with a set of public keys. KeyNote determines whether proposed actions are consistent with local policy by applying the assertion predicates to the action environment. Although the basic design of KeyNote [1] is similar in spirit to that of Policy- Maker, KeyNote's features have been simplied to more directly support public-

key infrastructure-like applications. The central dierences between PolicyMaker and KeyNote are: { KeyNote predicates are written in a simple notation based on C-like expressions and regular expressions. { KeyNote assertions always return a boolean (authorized or not) answer. { Credential signature verication is built in to the KeyNote system. { Assertion syntax is based on a human-readable \RFC-822"-style syntax. { Trusted actions are described by simple attribute/value pairs. SPKI/SDSI [4] also essentially attempts to do trust-management for publickey infrastructures. We believe that KeyNote provides a better solution, because it was designed to be simpler, more extensible, and more expressive than SPKI (and certainly than X.509 [7]). In the following sections, we expand on these three design principles. 2 Simplicity Simplicity in the design of KeyNote manifests itself in various aspects of the system: { Narrow focus. KeyNote aims to provide a common, application-independent mechanism for use with application-specic credentials and policies. Each application (or class of applications) will develop its own set of attributes, with applicationspecic credentials and policies created to operate on them. Other approaches include name-based schemes (such as X.509 [7]), in which the infrastructure aims to provide a common application-independent certicate with each application left to develop its own mechanism to interpret the security semantics of the name, and SPKI/SDSI [4], which attempts to provide both an authorization and a naming mechanism. Both systems are unnecessarily large and complex (because secure naming and authorization are orthogonal). { Easily describable system. The basic KeyNote document [1] is 15 pages long, including an extensive examples section. We believe that such a compact document makes the system easy to understand. Constrast this size with other systems' documentation (especially those produced by committees!) { Easy to understand and create assertions. The KeyNote assertion format is human-readabled, ASCII-based. Furthermore, the notation used to describe the trusted actions is based on C-like expressions (arithmetic, string, and boolean operations), which is widely known and used. Although we intend to provide an easy-to-use graphical user interface, it is possible to write a KeyNote assertion using just a text editor (except for the signature of course).

{ Easy to implement. Our reference implementation is less than 1500 lines of C and lex/yacc speci- cation and was written with readalibity in mind. The small code size argues for robust and relatively bug-free implementations. The same cannot be said of all other schemes. 3 Expressiveness The KeyNote language is designed to make it easy to express and evaluate the kinds of policies and trust delegations that occur in \public-key infrastructure" applications. KeyNote syntax is minimal and reects the system's focus on delegation of authority. The basic element of KeyNote programming is the assertion. Assertions are the mechanism by which a key (or collection of keys) is authorized to perform various trusted actions. Assertions are used to specify local policy. The same assertion syntax is also used to provide signed credentials in which one party defers authorization to another. Thus security policies and credentials share a common syntax, and policy can be used as a credential simply by signing it. Assertions are written independently from one another and are essentially autonomous programs that do not communicate directly with one another or depend on other assertions or externally-dened data structures. Assertions are designed to be easy for humans and computers to write and understand. In particular, simple authorizations have simple syntax, and it is usually easy to determine what an assertion does simply by reading it. The function of an assertion is to allow an entity to authorize another entity to perform specic trusted actions. An assertion is divided into sections that reect the logical components of such an authorization. One section identies the authorizer (either local policy or, in the case of credentials, the key that signed it). Another section, the \key predicate," describes the key or collection of keys being authorized. Finally, the \action predicate" describes the action being authorized. Assertions are designed to require only minimal computation to evaluate. Key predicates and authorization predicates are based on simple C-like expressions that match against action environment attributes. In particular, there are no loops or function calls, and an assertion can be parsed in a single pass. The expression semantics are rich enough to allow complex regular expression matching and numeric evaluation but constrained enough to allow a KeyNote evaluator to be built into embedded applications or operation system kernels. Our design philosophy for KeyNote thus departs from that of PolicyMaker, in which assertions can be arbitrary programs. PolicyMaker is designed to provide a general trust-management framework across a wide range of applications, at some expense of eciency. KeyNote, on the other hand, provides somewhat simpler syntax and semantics, aimed specically for building public-key infrastructure applications, at some expense of generality.

4 Extensibility Two important components of a trust-management system are the assertion syntax and the compliance-checking algorithm. (Recall that \compliance checking" is the process of deciding whether a set of credential assertions prove that a request complies with a policy assertion.) In the PolicyMaker trust-management system [2, 3], both the assertion syntax and the compliance-checking algorithm are proper generalizations of the corresponding components of KeyNote. This implies that KeyNote is highly extensible; indeed, its natural extension has already been implemented. An application that needs more general assertions than KeyNote provides can easily upgrade its trust-management engine: It can switch from using the KeyNote compliance checker to using the PolicyMaker compliance checker, write its new, more general assertions in PolicyMaker, and continue to use its old KeyNote assertions, because they are compatible with PolicyMaker assertions and can be processed by the PolicyMaker compliance checker. The PolicyMaker notion of \proof of compliance" is beyond the scope of this paper; it is discussed in full detail in [3]. Here we briey explain one way in which PolicyMaker assertions generalize KeyNote assertions and why this generalization might be useful. A PolicyMaker assertion is a pair (fi; si). The \source" si is basically identical to the KeyNote SIGNER eld. The function fi is a general program that may be written in any language that can be \safely" interpreted within the trust-management environment; in particular, fi may be a KeyNote assertion. Rather than simply returning TRUE or FALSE, Policy- Maker assertions produce sets of \acceptance records." A record has the form (i; si; Rij) and means that \assertion number i, issued by source si, approves action string Rij." The action string may be the request that was fed to the trust-management system by the calling application, or it may be some related action-string that makes sense in the context of this attempted proof of compliance. Each time it is executed during an attempted proof, an assertion receives as input all of the acceptance records that have been approved so far by the policy assertion (f 0 ; POLICY) or by any of the credential assertions (f 1 ; s 1 ), : : :, (fn?1; sn?1). Such non-boolean assertions are useful in several standard trustmanagement constructions, including those that require explicit control over \delegation depth." See [3, Section 3] for more details. Ellison et al. note that some applications may require more expressive power than the SPKI/SDSI certication framework provides, and they suggest the use of PolicyMaker to achieve this additional power. More precisely, [5, Section 7.3] contains the following suggestion: \For any trust policy which the full SPKI 5- tuple reduction can not express, one must write a policy interpretation program and PolicyMaker provides a language and body of examples for that purpose. The result of the PolicyMaker execution can be a 5-tuple to be used within an SPKI 5-tuple reduction." The observation that a PolicyMaker assertion may produce an acceptance record whose action string Rij encodes a SPKI 5-tuple is a good one, and this may indeed be a reasonable way to extend SPKI. However, the precise relationship between the PolicyMaker denition of \proof of compliance" and the denition given by SPKI 5-tuple reduction has not yet

been formally analyzed. (This is a potentially interesting direction for further research.) Thus we cannot formally characterize the additional power that this use of PolicyMaker would bring to the SPKI/SDSI framework or assess the ease with which such an extension could be implemented. 5 Conclusions We have presented the design principles for KeyNote and contrasted our design with other existing proposals. We believe that the combination of simplicity, expressiveness, and extensibility makes KeyNote well-suited for trust-management in public-key infrastructure. For more information about KeyNote, please read the Internet Draft [1]. References 1. M. Blaze, J. Feigenbaum, and A. D. Keromytis, \The KeyNote Trust Management System," work in progress. Internet Draft, April 1998, http://www.cis.upenn.edu/~angelos/draft-angelos-spki-keynote.txt.gz. 2. M. Blaze, J. Feigenbaum, and J. Lacy, \Decentralized Trust Management," in Proceedings of the 17th Symposium on Security and Privacy, IEEE Computer Society Press, Los Alamitos, 1996, pp. 164{173. 3. M. Blaze, J. Feigenbaum, and M. Strauss, \Compliance Checking in the PolicyMaker Trust Management System," in Proceedings of the 2nd Financial Crypto Conference, Lecture Notes in Computer Science, Springer, Berlin, 1998, to appear. Available in preprint form as AT&T Technical Report 98.3.2, http://www.research.att.com/library/trs/trs/98/98.3/98.3.2.body.ps. 4. C. Ellison, A Simple Public-Key Infrastructure, http://www.clark.net/pub/cme/html/spki.html. 5. C. Ellison, B. Frantz, B. Lampson, R. Rivest, B. Thomas, and T. Ylonen, \SPKI Certicate Theory," http://www.clark.net/pub/cme/theory.txt 6. R. Rivest and B. Lampson, SDSI: A Simple Distributed Security Infrastructure, http://theory.lcs.mit.edu/~rivest/sdsi11.html. 7. Consultation Committee, X.509: The Directory Authentication Framework, International Telephone and Telegraph, International Telecommunications Union, Geneva, 1989.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback