SlideShare ist ein Scribd-Unternehmen logo

Trust in Distributed Systems

Tyrone Grandison
Tyrone Grandison

A Talk in 2000 on Trust and Trust Management in Distributed Systems

Technologie
1 von 11
1 Trust in Distributed Systems - Tyrone W. A. Grandison Supervisors: Prof Morris Sloman and Dr Naranker Dulay Outline Definition Motivation Properties of trust and trust relationships Trust classification Trust management solutions Future work
2 Definition The contemporary approach My Definition “The firm belief in the reliability, truth and competence of an entity and its transmissions” - Reliable, dependable, honest, secure, competent and timely Attributes that relate to trust: What are trustors and trustees? Motivation The need for a universal way to specify and monitor trust. Remove trust complexity from application layer. Enable E-Commerce. Risk. Domain Navigation.
3 Properties Constraints on trusted actions. I believe that you will find a way to bridge this gap Properties Trust levels. I have to admit that I do trust the manual system more
4 The issue of transitivity. Not symmetrical. A trust relationship can be: Properties One-to-One TR TE Many-to-One TR TE One-to-Many TR TE Many-to-Many TR TE Trust Classification Access to Trustor Resources Tom is trusted to install NT on Server B “The trustor trusts a trustee to use resources that he owns or controls” Resources may be anything from trustor’s services to trustor software environment. Resource Access Trust can be refined into authorisation policies.
5 Trust Classification Provision of Service by the Trustee “The trustor trusts the trustee to provide a service that does not involve access to the trustor’s resources” Forms of Service Provision Trust: Confidence, Competence & Reliability Tom trusts news.com Trust Classification Certification “The trustor trusts the trustee based on certification from a third party about the trustee’s trustworthiness” ME YOU CA Certification is actually a special form of service provision trust.
6 Trust Classification Delegation “The trustor trusts the trustee to make decision(s) on its behalf, with respect to a resource or service that the trustor owns or controls” Micky delegates all decisions concerning his investments to his financial advisor Delegation is also a special form of service provision trust - a trust decision-making service. Trust Classification Infrastructure Trust “The trustor’s trust in its infrastructure” I hope this tight rope holds
7 Trust Management Solutions Current Solutions include: – Public Key Certificates – PICS (Platform for Internet Content Selection) – IBM Trust Establishment Framework – PolicyMaker and KeyNote – REFEREE The problem with current solutions N-Time Solutions - i.e. run once or at the coder’s discretion, do not learn, believe calling applications unconditionally, suggestion-oriented, no monitoring. Trust Management Solutions Public Key Certificates “Who is the owner of this public key? ” A third party vouches for key-name validity.
8 Trust Management Solutions Public Key Certificates Address authentication (public-key-to-name binding), but leaves determination of access rights to application. Two more popular certificate frameworks: PGP and X.509 PGP’s informality is good for email, but not E- Commerce, X.509 may lead to unnatural alliances. Both suffer from expiry problems. Trust Management Solutions PICS A solution to the problem of protecting children from pornography, without compromising freedom of speech. Developed by MIT WWW Consortium. PICS defines standards for format and distribution of labels. PICS doesn’t stipulate a label vocabulary nor state which labels are important. It merely defines standards for stating ratings services and rating systems. There is an associated policy language, PICSRules.
9 Trust Management Solutions A Very Simple PICSRules StatementA PICS Label A PICS Rating Service (PicsRule-1.1 ( Policy (RejectByURL ( “http://*@www.doc.ic.ac.uk*/*” “http://*@www.yahoo.com*/s*” ) ) Policy (AcceptIf “otherwise) ) ) ( (PICS-version1.1) “http://www.doc.worldwide.com/descrip.html” labels on “1998.11.05T08:15-0500” until “1999.09.30T23:34-0000” for “http://www-dse.doc.ic.ac.uk/~per/index.html” by “Tom Green” ratings (rc “a lot”) ) ( category (transmit-as rc) (name “Research Content”) (label (name “very little”) (value 0) (icon “icons/little.gif”) ) (label (name “a lot”) (value 1) (icon “icons/lots.gif”) ) ) ) ( (PICS-version1.1) (rating-system “http://www.doc.worldwide.com/ratings/”) (rating-service “http://www.doc.worldwide.com/descrip.html”) (icon “icons/good.gif”) (name “The Computing Department Rating System”) (description “All about the rating of the pages offered by computing departments all over the world”) PICS Trust Management Solutions PolicyMaker Seeks to solve a problem with public key certificates. “What is a public key authorised to do?” PolicyMaker is a query engine. It accepts local policy, a set of credentials and an action string from a calling application. Policies and credentials are assertions. An assertion is of the form: Source ASSERTS AuthorityStruct WHERE Filter
10 Trust Management Solutions PolicyMaker Examples of assertions: policy ASSERTS doctor_key WHERE filter that allows check-up if the field is not plastic surgery BMA_key ASSERTS “0x12345” WHERE filter that returns “not a plastic surgeon”, if the field is not plastic surgery Policymaker has no standard assertion language. Filters are interpreted programs. Filter language is external to PolicyMaker. Trust Management Solutions PolicyMaker The format of a PolicyMaker query is: key1, key2, key3, ……… REQUESTS ActionString Action strings are application-specific. Example of a query: “0x12345” REQUESTS “do check-up” PolicyMaker tries to prove that the credentials contain a proof that the requested actions(s) compiles with the policy.
11 Future Work Composing Trust Classes Conflict Detection and Resolution resulting from Trust Class Composition Formulation of a generic trust establishment framework Trust Enforcement, Monitoring and Management Implementing a Trust Specification Language Implementing a Trust Management System

Empfohlen

IRJET- Personalised Privacy-Preserving Social Recommendation based on Ranking...
IRJET- Personalised Privacy-Preserving Social Recommendation based on Ranking...IRJET- Personalised Privacy-Preserving Social Recommendation based on Ranking...
IRJET- Personalised Privacy-Preserving Social Recommendation based on Ranking...IRJET Journal
 
Protecting user data in profile matching social networks
Protecting user data in profile matching social networksProtecting user data in profile matching social networks
Protecting user data in profile matching social networksVenkat Projects
 
NDSS_submission_240
NDSS_submission_240NDSS_submission_240
NDSS_submission_240Sakshi Jain
 
Jw day 10 (unit 3)
Jw day 10 (unit 3)Jw day 10 (unit 3)
Jw day 10 (unit 3)Angala Maria
 
National Parks
National ParksNational Parks
National Parkstpuetz
 
Gerry newe presentation
Gerry newe presentationGerry newe presentation
Gerry newe presentationGreen17Creative
 
News affects the world jacob
News affects the world jacobNews affects the world jacob
News affects the world jacobkingjayo
 
Paychex One Source Solution
Paychex One Source SolutionPaychex One Source Solution
Paychex One Source Solutiontmccarrey
 

Empfohlen

IRJET- Personalised Privacy-Preserving Social Recommendation based on Ranking...
IRJET- Personalised Privacy-Preserving Social Recommendation based on Ranking...IRJET- Personalised Privacy-Preserving Social Recommendation based on Ranking...
IRJET- Personalised Privacy-Preserving Social Recommendation based on Ranking...IRJET Journal
 
Protecting user data in profile matching social networks
Protecting user data in profile matching social networksProtecting user data in profile matching social networks
Protecting user data in profile matching social networksVenkat Projects
 
NDSS_submission_240
NDSS_submission_240NDSS_submission_240
NDSS_submission_240Sakshi Jain
 
Jw day 10 (unit 3)
Jw day 10 (unit 3)Jw day 10 (unit 3)
Jw day 10 (unit 3)Angala Maria
 
National Parks
National ParksNational Parks
National Parkstpuetz
 
Gerry newe presentation
Gerry newe presentationGerry newe presentation
Gerry newe presentationGreen17Creative
 
News affects the world jacob
News affects the world jacobNews affects the world jacob
News affects the world jacobkingjayo
 
Paychex One Source Solution
Paychex One Source SolutionPaychex One Source Solution
Paychex One Source Solutiontmccarrey
 
An amazing man
An amazing manAn amazing man
An amazing manthandastuff
 
คอมพิวเตอร์
คอมพิวเตอร์คอมพิวเตอร์
คอมพิวเตอร์deepre
 
幸福..
幸福..幸福..
幸福..tswai
 
คอมพิวเตอร์
คอมพิวเตอร์คอมพิวเตอร์
คอมพิวเตอร์deepre
 
Communication
CommunicationCommunication
Communicationthandastuff
 
One year in e-commerce: 9 things I've learned
One year in e-commerce: 9 things I've learnedOne year in e-commerce: 9 things I've learned
One year in e-commerce: 9 things I've learnedKristof Nizet
 
Are nonusers socially disadvantaged?
Are nonusers socially disadvantaged? Are nonusers socially disadvantaged?
Are nonusers socially disadvantaged? Petr Lupac
 
Just Words day 7
Just Words day 7Just Words day 7
Just Words day 7Angala Maria
 
Programa de prácticas en empresas internacionales para el Máster de Sistemas ...
Programa de prácticas en empresas internacionales para el Máster de Sistemas ...Programa de prácticas en empresas internacionales para el Máster de Sistemas ...
Programa de prácticas en empresas internacionales para el Máster de Sistemas ...Grial - University of Salamanca
 
SocialNet
SocialNetSocialNet
SocialNetGrial - University of Salamanca
 
Learning services-based technological ecosystems
Learning services-based technological ecosystemsLearning services-based technological ecosystems
Learning services-based technological ecosystemsGrial - University of Salamanca
 
EHISTO - External Newsletter
EHISTO - External NewsletterEHISTO - External Newsletter
EHISTO - External NewsletterGrial - University of Salamanca
 
Library Instruction Session Outline Example
Library Instruction Session Outline ExampleLibrary Instruction Session Outline Example
Library Instruction Session Outline ExampleJulie Anne Kent
 
Sarova Hotels Presentation
Sarova Hotels PresentationSarova Hotels Presentation
Sarova Hotels PresentationSarova Hotels
 
South Korean Women Today
South Korean Women TodaySouth Korean Women Today
South Korean Women TodayKyle
 
Quantity and Quality in University Teaching
Quantity and Quality in University TeachingQuantity and Quality in University Teaching
Quantity and Quality in University Teachingvogmae
 
Cs6703 grid and cloud computing unit 5
Cs6703 grid and cloud computing unit 5Cs6703 grid and cloud computing unit 5
Cs6703 grid and cloud computing unit 5RMK ENGINEERING COLLEGE, CHENNAI
 
7.Trust Management
7.Trust Management7.Trust Management
7.Trust Managementphanleson
 
Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3Doeren Mayhew
 
GRC Dynamics in Securing Cloud
GRC Dynamics in Securing CloudGRC Dynamics in Securing Cloud
GRC Dynamics in Securing CloudNoman Bari PMP,CISSP,CCSP,AWSx4,CISM,CISA
 
The most trusted, proven enterprise-class Cloud:Closer than you think
The most trusted, proven enterprise-class Cloud:Closer than you think The most trusted, proven enterprise-class Cloud:Closer than you think
The most trusted, proven enterprise-class Cloud:Closer than you think Uni Systems S.M.S.A.
 
Rama Mail the only solution that COMPLETELY prevents phishing
Rama Mail the only solution that COMPLETELY prevents phishingRama Mail the only solution that COMPLETELY prevents phishing
Rama Mail the only solution that COMPLETELY prevents phishingHoward Sterling
 

Weitere ähnliche Inhalte

Andere mochten auch

คอมพิวเตอร์
คอมพิวเตอร์คอมพิวเตอร์
คอมพิวเตอร์deepre
 
幸福..
幸福..幸福..
幸福..tswai
 
คอมพิวเตอร์
คอมพิวเตอร์คอมพิวเตอร์
คอมพิวเตอร์deepre
 
One year in e-commerce: 9 things I've learned
One year in e-commerce: 9 things I've learnedOne year in e-commerce: 9 things I've learned
One year in e-commerce: 9 things I've learnedKristof Nizet
 
Are nonusers socially disadvantaged?
Are nonusers socially disadvantaged? Are nonusers socially disadvantaged?
Are nonusers socially disadvantaged? Petr Lupac
 
Programa de prácticas en empresas internacionales para el Máster de Sistemas ...
Programa de prácticas en empresas internacionales para el Máster de Sistemas ...Programa de prácticas en empresas internacionales para el Máster de Sistemas ...
Programa de prácticas en empresas internacionales para el Máster de Sistemas ...Grial - University of Salamanca
 
Library Instruction Session Outline Example
Library Instruction Session Outline ExampleLibrary Instruction Session Outline Example
Library Instruction Session Outline ExampleJulie Anne Kent
 
Sarova Hotels Presentation
Sarova Hotels PresentationSarova Hotels Presentation
Sarova Hotels PresentationSarova Hotels
 
South Korean Women Today
South Korean Women TodaySouth Korean Women Today
South Korean Women TodayKyle
 
Quantity and Quality in University Teaching
Quantity and Quality in University TeachingQuantity and Quality in University Teaching
Quantity and Quality in University Teachingvogmae
 

Andere mochten auch (16)

An amazing man
An amazing manAn amazing man
An amazing man
 
คอมพิวเตอร์
คอมพิวเตอร์คอมพิวเตอร์
คอมพิวเตอร์
 
幸福..
幸福..幸福..
幸福..
 
คอมพิวเตอร์
คอมพิวเตอร์คอมพิวเตอร์
คอมพิวเตอร์
 
Communication
CommunicationCommunication
Communication
 
One year in e-commerce: 9 things I've learned
One year in e-commerce: 9 things I've learnedOne year in e-commerce: 9 things I've learned
One year in e-commerce: 9 things I've learned
 
Are nonusers socially disadvantaged?
Are nonusers socially disadvantaged? Are nonusers socially disadvantaged?
Are nonusers socially disadvantaged?
 
Just Words day 7
Just Words day 7Just Words day 7
Just Words day 7
 
Programa de prácticas en empresas internacionales para el Máster de Sistemas ...
Programa de prácticas en empresas internacionales para el Máster de Sistemas ...Programa de prácticas en empresas internacionales para el Máster de Sistemas ...
Programa de prácticas en empresas internacionales para el Máster de Sistemas ...
 
SocialNet
SocialNetSocialNet
SocialNet
 
Learning services-based technological ecosystems
Learning services-based technological ecosystemsLearning services-based technological ecosystems
Learning services-based technological ecosystems
 
EHISTO - External Newsletter
EHISTO - External NewsletterEHISTO - External Newsletter
EHISTO - External Newsletter
 
Library Instruction Session Outline Example
Library Instruction Session Outline ExampleLibrary Instruction Session Outline Example
Library Instruction Session Outline Example
 
Sarova Hotels Presentation
Sarova Hotels PresentationSarova Hotels Presentation
Sarova Hotels Presentation
 
South Korean Women Today
South Korean Women TodaySouth Korean Women Today
South Korean Women Today
 
Quantity and Quality in University Teaching
Quantity and Quality in University TeachingQuantity and Quality in University Teaching
Quantity and Quality in University Teaching
 

Ähnlich wie Trust in Distributed Systems

7.Trust Management
7.Trust Management7.Trust Management
7.Trust Managementphanleson
 
Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3Doeren Mayhew
 
The most trusted, proven enterprise-class Cloud:Closer than you think
The most trusted, proven enterprise-class Cloud:Closer than you think The most trusted, proven enterprise-class Cloud:Closer than you think
The most trusted, proven enterprise-class Cloud:Closer than you think Uni Systems S.M.S.A.
 
Rama Mail the only solution that COMPLETELY prevents phishing
Rama Mail the only solution that COMPLETELY prevents phishingRama Mail the only solution that COMPLETELY prevents phishing
Rama Mail the only solution that COMPLETELY prevents phishingHoward Sterling
 
Why IAM is the Need of the Hour
Why IAM is the Need of the HourWhy IAM is the Need of the Hour
Why IAM is the Need of the HourTechdemocracy
 
IT Series: Cloud Computing Done Right @One 2011
IT Series: Cloud Computing Done Right @One 2011IT Series: Cloud Computing Done Right @One 2011
IT Series: Cloud Computing Done Right @One 2011Donald E. Hester
 
Whose Cloud Is It Anyway: Exploring Data Security Ownership and Control
Whose Cloud Is It Anyway: Exploring Data Security Ownership and ControlWhose Cloud Is It Anyway: Exploring Data Security Ownership and Control
Whose Cloud Is It Anyway: Exploring Data Security Ownership and ControlSafeNet
 
Respect Connect: From Social Login to Personal Cloud Login
Respect Connect: From Social Login to Personal Cloud LoginRespect Connect: From Social Login to Personal Cloud Login
Respect Connect: From Social Login to Personal Cloud Logindrummondreed
 
Automation alley day in the cloud presentation - formatted
Automation alley day in the cloud presentation - formattedAutomation alley day in the cloud presentation - formatted
Automation alley day in the cloud presentation - formattedMatthew Moldvan
 
Beware the Firewall My Son: The Workshop
Beware the Firewall My Son: The WorkshopBeware the Firewall My Son: The Workshop
Beware the Firewall My Son: The WorkshopMichele Chubirka
 
Software Defined Networking in the ATMOSPHERE project
Software Defined Networking in the ATMOSPHERE projectSoftware Defined Networking in the ATMOSPHERE project
Software Defined Networking in the ATMOSPHERE projectATMOSPHERE .
 
Don’t Just Trust Cloud Providers - How To Audit Cloud Providers
Don’t Just Trust Cloud Providers - How To Audit Cloud ProvidersDon’t Just Trust Cloud Providers - How To Audit Cloud Providers
Don’t Just Trust Cloud Providers - How To Audit Cloud ProvidersMichael Davis
 
Cyber review-guide
Cyber review-guideCyber review-guide
Cyber review-guideaqazad
 
Building Trust in Blockchain: How Blockchain Will Revolutionize Businesses in...
Building Trust in Blockchain: How Blockchain Will Revolutionize Businesses in...Building Trust in Blockchain: How Blockchain Will Revolutionize Businesses in...
Building Trust in Blockchain: How Blockchain Will Revolutionize Businesses in...PECB
 
IEEE 1609.2 and Connected Vehicle Security: Standards Making in a Pocket Univ...
IEEE 1609.2 and Connected Vehicle Security: Standards Making in a Pocket Univ...IEEE 1609.2 and Connected Vehicle Security: Standards Making in a Pocket Univ...
IEEE 1609.2 and Connected Vehicle Security: Standards Making in a Pocket Univ...OnBoard Security, Inc. - a Qualcomm Company
 

Ähnlich wie Trust in Distributed Systems (20)

Cs6703 grid and cloud computing unit 5
Cs6703 grid and cloud computing unit 5Cs6703 grid and cloud computing unit 5
Cs6703 grid and cloud computing unit 5
 
7.Trust Management
7.Trust Management7.Trust Management
7.Trust Management
 
Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3
 
GRC Dynamics in Securing Cloud
GRC Dynamics in Securing CloudGRC Dynamics in Securing Cloud
GRC Dynamics in Securing Cloud
 
The most trusted, proven enterprise-class Cloud:Closer than you think
The most trusted, proven enterprise-class Cloud:Closer than you think The most trusted, proven enterprise-class Cloud:Closer than you think
The most trusted, proven enterprise-class Cloud:Closer than you think
 
Rama Mail the only solution that COMPLETELY prevents phishing
Rama Mail the only solution that COMPLETELY prevents phishingRama Mail the only solution that COMPLETELY prevents phishing
Rama Mail the only solution that COMPLETELY prevents phishing
 
Unc charlotte prezo2016
Unc charlotte prezo2016Unc charlotte prezo2016
Unc charlotte prezo2016
 
Zero Trust and Data Security
Zero Trust and Data SecurityZero Trust and Data Security
Zero Trust and Data Security
 
Why IAM is the Need of the Hour
Why IAM is the Need of the HourWhy IAM is the Need of the Hour
Why IAM is the Need of the Hour
 
IT Series: Cloud Computing Done Right @One 2011
IT Series: Cloud Computing Done Right @One 2011IT Series: Cloud Computing Done Right @One 2011
IT Series: Cloud Computing Done Right @One 2011
 
Whose Cloud Is It Anyway: Exploring Data Security Ownership and Control
Whose Cloud Is It Anyway: Exploring Data Security Ownership and ControlWhose Cloud Is It Anyway: Exploring Data Security Ownership and Control
Whose Cloud Is It Anyway: Exploring Data Security Ownership and Control
 
Respect Connect: From Social Login to Personal Cloud Login
Respect Connect: From Social Login to Personal Cloud LoginRespect Connect: From Social Login to Personal Cloud Login
Respect Connect: From Social Login to Personal Cloud Login
 
Automation alley day in the cloud presentation - formatted
Automation alley day in the cloud presentation - formattedAutomation alley day in the cloud presentation - formatted
Automation alley day in the cloud presentation - formatted
 
Beware the Firewall My Son: The Workshop
Beware the Firewall My Son: The WorkshopBeware the Firewall My Son: The Workshop
Beware the Firewall My Son: The Workshop
 
Software Defined Networking in the ATMOSPHERE project
Software Defined Networking in the ATMOSPHERE projectSoftware Defined Networking in the ATMOSPHERE project
Software Defined Networking in the ATMOSPHERE project
 
3 Reasons Why the Cloud is More Secure than Your Server
3 Reasons Why the Cloud is More Secure than Your Server3 Reasons Why the Cloud is More Secure than Your Server
3 Reasons Why the Cloud is More Secure than Your Server
 
Don’t Just Trust Cloud Providers - How To Audit Cloud Providers
Don’t Just Trust Cloud Providers - How To Audit Cloud ProvidersDon’t Just Trust Cloud Providers - How To Audit Cloud Providers
Don’t Just Trust Cloud Providers - How To Audit Cloud Providers
 
Cyber review-guide
Cyber review-guideCyber review-guide
Cyber review-guide
 
Building Trust in Blockchain: How Blockchain Will Revolutionize Businesses in...
Building Trust in Blockchain: How Blockchain Will Revolutionize Businesses in...Building Trust in Blockchain: How Blockchain Will Revolutionize Businesses in...
Building Trust in Blockchain: How Blockchain Will Revolutionize Businesses in...
 
IEEE 1609.2 and Connected Vehicle Security: Standards Making in a Pocket Univ...
IEEE 1609.2 and Connected Vehicle Security: Standards Making in a Pocket Univ...IEEE 1609.2 and Connected Vehicle Security: Standards Making in a Pocket Univ...
IEEE 1609.2 and Connected Vehicle Security: Standards Making in a Pocket Univ...
 

Mehr von Tyrone Grandison

Global Scientific Research as a Tool to Unlock and Engage Talent and Expand t...
Global Scientific Research as a Tool to Unlock and Engage Talent and Expand t...Global Scientific Research as a Tool to Unlock and Engage Talent and Expand t...
Global Scientific Research as a Tool to Unlock and Engage Talent and Expand t...Tyrone Grandison
 
Learning From the COViD-19 Global Pandemic
Learning From the COViD-19 Global PandemicLearning From the COViD-19 Global Pandemic
Learning From the COViD-19 Global PandemicTyrone Grandison
 
Systemic Barriers in Technology: Striving for Equity and Access
Systemic Barriers in Technology: Striving for Equity and AccessSystemic Barriers in Technology: Striving for Equity and Access
Systemic Barriers in Technology: Striving for Equity and AccessTyrone Grandison
 
Are There Ethical Limits to What Science Can Achieve or Should Pursue?
Are There Ethical Limits to What Science Can Achieve or Should Pursue?Are There Ethical Limits to What Science Can Achieve or Should Pursue?
Are There Ethical Limits to What Science Can Achieve or Should Pursue?Tyrone Grandison
 
Using Data and Computing for the Greater Good
Using Data and Computing for the Greater GoodUsing Data and Computing for the Greater Good
Using Data and Computing for the Greater GoodTyrone Grandison
 
How to effectively collaborate with your IT Departments to Develop Secure IA ...
How to effectively collaborate with your IT Departments to Develop Secure IA ...How to effectively collaborate with your IT Departments to Develop Secure IA ...
How to effectively collaborate with your IT Departments to Develop Secure IA ...Tyrone Grandison
 
DOES innovation Lab Launch
DOES innovation Lab LaunchDOES innovation Lab Launch
DOES innovation Lab LaunchTyrone Grandison
 
Creating Chandler's IT Strategic Plan
Creating Chandler's IT Strategic PlanCreating Chandler's IT Strategic Plan
Creating Chandler's IT Strategic PlanTyrone Grandison
 
Inventing with Purpose, Intention and Focus
Inventing with Purpose, Intention and FocusInventing with Purpose, Intention and Focus
Inventing with Purpose, Intention and FocusTyrone Grandison
 
Becoming a Nation of Innovation
Becoming a Nation of InnovationBecoming a Nation of Innovation
Becoming a Nation of InnovationTyrone Grandison
 
Running Mixed Workloads on Kubernetes at IHME
Running Mixed Workloads on Kubernetes at IHMERunning Mixed Workloads on Kubernetes at IHME
Running Mixed Workloads on Kubernetes at IHMETyrone Grandison
 
ISPAB Presentation - The Commerce Data Service
ISPAB Presentation - The Commerce Data ServiceISPAB Presentation - The Commerce Data Service
ISPAB Presentation - The Commerce Data ServiceTyrone Grandison
 
Building APIs in Government for Social Good
Building APIs in Government for Social GoodBuilding APIs in Government for Social Good
Building APIs in Government for Social GoodTyrone Grandison
 
Strategies and Tactics for Accelerating IT Modernization
Strategies and Tactics for Accelerating IT ModernizationStrategies and Tactics for Accelerating IT Modernization
Strategies and Tactics for Accelerating IT ModernizationTyrone Grandison
 
The Creative Economy within the United States of America
The Creative Economy within the United States of AmericaThe Creative Economy within the United States of America
The Creative Economy within the United States of AmericaTyrone Grandison
 
Enabling Data-Driven Private-Public Collaborations
Enabling Data-Driven Private-Public CollaborationsEnabling Data-Driven Private-Public Collaborations
Enabling Data-Driven Private-Public CollaborationsTyrone Grandison
 
Creating a Data-Driven Government: Big Data With Purpose
Creating a Data-Driven Government: Big Data With PurposeCreating a Data-Driven Government: Big Data With Purpose
Creating a Data-Driven Government: Big Data With PurposeTyrone Grandison
 
Security and Privacy in Healthcare
Security and Privacy in HealthcareSecurity and Privacy in Healthcare
Security and Privacy in HealthcareTyrone Grandison
 

Mehr von Tyrone Grandison (20)

Global Scientific Research as a Tool to Unlock and Engage Talent and Expand t...
Global Scientific Research as a Tool to Unlock and Engage Talent and Expand t...Global Scientific Research as a Tool to Unlock and Engage Talent and Expand t...
Global Scientific Research as a Tool to Unlock and Engage Talent and Expand t...
 
Learning From the COViD-19 Global Pandemic
Learning From the COViD-19 Global PandemicLearning From the COViD-19 Global Pandemic
Learning From the COViD-19 Global Pandemic
 
Systemic Barriers in Technology: Striving for Equity and Access
Systemic Barriers in Technology: Striving for Equity and AccessSystemic Barriers in Technology: Striving for Equity and Access
Systemic Barriers in Technology: Striving for Equity and Access
 
COVID and the Ederly
COVID and the EderlyCOVID and the Ederly
COVID and the Ederly
 
Are There Ethical Limits to What Science Can Achieve or Should Pursue?
Are There Ethical Limits to What Science Can Achieve or Should Pursue?Are There Ethical Limits to What Science Can Achieve or Should Pursue?
Are There Ethical Limits to What Science Can Achieve or Should Pursue?
 
Using Data and Computing for the Greater Good
Using Data and Computing for the Greater GoodUsing Data and Computing for the Greater Good
Using Data and Computing for the Greater Good
 
How to effectively collaborate with your IT Departments to Develop Secure IA ...
How to effectively collaborate with your IT Departments to Develop Secure IA ...How to effectively collaborate with your IT Departments to Develop Secure IA ...
How to effectively collaborate with your IT Departments to Develop Secure IA ...
 
DOES innovation Lab Launch
DOES innovation Lab LaunchDOES innovation Lab Launch
DOES innovation Lab Launch
 
Creating Chandler's IT Strategic Plan
Creating Chandler's IT Strategic PlanCreating Chandler's IT Strategic Plan
Creating Chandler's IT Strategic Plan
 
Inventing with Purpose, Intention and Focus
Inventing with Purpose, Intention and FocusInventing with Purpose, Intention and Focus
Inventing with Purpose, Intention and Focus
 
Becoming a Nation of Innovation
Becoming a Nation of InnovationBecoming a Nation of Innovation
Becoming a Nation of Innovation
 
Running Mixed Workloads on Kubernetes at IHME
Running Mixed Workloads on Kubernetes at IHMERunning Mixed Workloads on Kubernetes at IHME
Running Mixed Workloads on Kubernetes at IHME
 
The Power Of Open
The Power Of OpenThe Power Of Open
The Power Of Open
 
ISPAB Presentation - The Commerce Data Service
ISPAB Presentation - The Commerce Data ServiceISPAB Presentation - The Commerce Data Service
ISPAB Presentation - The Commerce Data Service
 
Building APIs in Government for Social Good
Building APIs in Government for Social GoodBuilding APIs in Government for Social Good
Building APIs in Government for Social Good
 
Strategies and Tactics for Accelerating IT Modernization
Strategies and Tactics for Accelerating IT ModernizationStrategies and Tactics for Accelerating IT Modernization
Strategies and Tactics for Accelerating IT Modernization
 
The Creative Economy within the United States of America
The Creative Economy within the United States of AmericaThe Creative Economy within the United States of America
The Creative Economy within the United States of America
 
Enabling Data-Driven Private-Public Collaborations
Enabling Data-Driven Private-Public CollaborationsEnabling Data-Driven Private-Public Collaborations
Enabling Data-Driven Private-Public Collaborations
 
Creating a Data-Driven Government: Big Data With Purpose
Creating a Data-Driven Government: Big Data With PurposeCreating a Data-Driven Government: Big Data With Purpose
Creating a Data-Driven Government: Big Data With Purpose
 
Security and Privacy in Healthcare
Security and Privacy in HealthcareSecurity and Privacy in Healthcare
Security and Privacy in Healthcare
 

Kürzlich hochgeladen

DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 

Kürzlich hochgeladen (20)

DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 

Trust in Distributed Systems

  • 1. 1 Trust in Distributed Systems - Tyrone W. A. Grandison Supervisors: Prof Morris Sloman and Dr Naranker Dulay Outline Definition Motivation Properties of trust and trust relationships Trust classification Trust management solutions Future work
  • 2. 2 Definition The contemporary approach My Definition “The firm belief in the reliability, truth and competence of an entity and its transmissions” - Reliable, dependable, honest, secure, competent and timely Attributes that relate to trust: What are trustors and trustees? Motivation The need for a universal way to specify and monitor trust. Remove trust complexity from application layer. Enable E-Commerce. Risk. Domain Navigation.
  • 3. 3 Properties Constraints on trusted actions. I believe that you will find a way to bridge this gap Properties Trust levels. I have to admit that I do trust the manual system more
  • 4. 4 The issue of transitivity. Not symmetrical. A trust relationship can be: Properties One-to-One TR TE Many-to-One TR TE One-to-Many TR TE Many-to-Many TR TE Trust Classification Access to Trustor Resources Tom is trusted to install NT on Server B “The trustor trusts a trustee to use resources that he owns or controls” Resources may be anything from trustor’s services to trustor software environment. Resource Access Trust can be refined into authorisation policies.
  • 5. 5 Trust Classification Provision of Service by the Trustee “The trustor trusts the trustee to provide a service that does not involve access to the trustor’s resources” Forms of Service Provision Trust: Confidence, Competence & Reliability Tom trusts news.com Trust Classification Certification “The trustor trusts the trustee based on certification from a third party about the trustee’s trustworthiness” ME YOU CA Certification is actually a special form of service provision trust.
  • 6. 6 Trust Classification Delegation “The trustor trusts the trustee to make decision(s) on its behalf, with respect to a resource or service that the trustor owns or controls” Micky delegates all decisions concerning his investments to his financial advisor Delegation is also a special form of service provision trust - a trust decision-making service. Trust Classification Infrastructure Trust “The trustor’s trust in its infrastructure” I hope this tight rope holds
  • 7. 7 Trust Management Solutions Current Solutions include: – Public Key Certificates – PICS (Platform for Internet Content Selection) – IBM Trust Establishment Framework – PolicyMaker and KeyNote – REFEREE The problem with current solutions N-Time Solutions - i.e. run once or at the coder’s discretion, do not learn, believe calling applications unconditionally, suggestion-oriented, no monitoring. Trust Management Solutions Public Key Certificates “Who is the owner of this public key? ” A third party vouches for key-name validity.
  • 8. 8 Trust Management Solutions Public Key Certificates Address authentication (public-key-to-name binding), but leaves determination of access rights to application. Two more popular certificate frameworks: PGP and X.509 PGP’s informality is good for email, but not E- Commerce, X.509 may lead to unnatural alliances. Both suffer from expiry problems. Trust Management Solutions PICS A solution to the problem of protecting children from pornography, without compromising freedom of speech. Developed by MIT WWW Consortium. PICS defines standards for format and distribution of labels. PICS doesn’t stipulate a label vocabulary nor state which labels are important. It merely defines standards for stating ratings services and rating systems. There is an associated policy language, PICSRules.
  • 9. 9 Trust Management Solutions A Very Simple PICSRules StatementA PICS Label A PICS Rating Service (PicsRule-1.1 ( Policy (RejectByURL ( “http://*@www.doc.ic.ac.uk*/*” “http://*@www.yahoo.com*/s*” ) ) Policy (AcceptIf “otherwise) ) ) ( (PICS-version1.1) “http://www.doc.worldwide.com/descrip.html” labels on “1998.11.05T08:15-0500” until “1999.09.30T23:34-0000” for “http://www-dse.doc.ic.ac.uk/~per/index.html” by “Tom Green” ratings (rc “a lot”) ) ( category (transmit-as rc) (name “Research Content”) (label (name “very little”) (value 0) (icon “icons/little.gif”) ) (label (name “a lot”) (value 1) (icon “icons/lots.gif”) ) ) ) ( (PICS-version1.1) (rating-system “http://www.doc.worldwide.com/ratings/”) (rating-service “http://www.doc.worldwide.com/descrip.html”) (icon “icons/good.gif”) (name “The Computing Department Rating System”) (description “All about the rating of the pages offered by computing departments all over the world”) PICS Trust Management Solutions PolicyMaker Seeks to solve a problem with public key certificates. “What is a public key authorised to do?” PolicyMaker is a query engine. It accepts local policy, a set of credentials and an action string from a calling application. Policies and credentials are assertions. An assertion is of the form: Source ASSERTS AuthorityStruct WHERE Filter
  • 10. 10 Trust Management Solutions PolicyMaker Examples of assertions: policy ASSERTS doctor_key WHERE filter that allows check-up if the field is not plastic surgery BMA_key ASSERTS “0x12345” WHERE filter that returns “not a plastic surgeon”, if the field is not plastic surgery Policymaker has no standard assertion language. Filters are interpreted programs. Filter language is external to PolicyMaker. Trust Management Solutions PolicyMaker The format of a PolicyMaker query is: key1, key2, key3, ……… REQUESTS ActionString Action strings are application-specific. Example of a query: “0x12345” REQUESTS “do check-up” PolicyMaker tries to prove that the credentials contain a proof that the requested actions(s) compiles with the policy.
  • 11. 11 Future Work Composing Trust Classes Conflict Detection and Resolution resulting from Trust Class Composition Formulation of a generic trust establishment framework Trust Enforcement, Monitoring and Management Implementing a Trust Specification Language Implementing a Trust Management System