Research On Credential-Based Trust Management

With the rapid development of information technology, internet environment has evolved from static, particular organization-oriented closed network to dynamic, public-accessed, mass user-oriented open network. Hence, various services are required to make authorization judgments in the envioronment. As a typical large-scale distributed network, internet has more entities than the previous centralized network. Those entities don't understand each other before, and there is not a unified authority which all of the entities can trust. Therefore, many traditional systems that support security in network application, such as X.509 and PGP, can't satisfy the requirement. Presented by M. Blaze, J. Feignbaum and J. Lacy in 1997, trust management is independent of any particular application or service. Policies, credentials and trust relationships are expressed and explained by the same way. Unlike other access control mechanisms, trust management makes decisions based on credentials rather than the requestor's identity.The models of trust management can be classified into two categories, credential-based and evidence-based. Trust relationship is mainly achieved by credentials in the former, whereas it is evaluated according to the interactive experience of the past in the latter. This dissertation focuses on credential-based trust management, and the main contributions are as follows.(1) Compliance-checking is a core problem in trust management. A reasonable distributed credentials storage scheme is proposed in this dissertation. Each credential is stored in one place and all the credentials are subject-traces-all. Based on this scheme, distributed credential chain discovery in SPKI/SDSI2.0 is put forward. Unlike other algorithms, it needn't reduce credentials and compute the name-reduction closure of a set of credentials. The algorithm searches all the name credentials for one entity, and looks for subsequently the authorization credentials to all those name credentials. Finally, the algorithm uses depth-first search to determine whether there exists a chain from Self to the requestor. The algorithm is goal-directed, and it could automatically gather relevant name and authorization credentials which are needed. Moreover, it could resolve the problem of delegation depth elegantly.(2) SPKI/SDSI2.0 is a popular trust management system at present, and each entity in it can issue policy statements. A set of SPKI/SDSI2.0 credentials forms a state of system. In a given state, many important properties need to be known and analyzed, for example, to a specific right, who are granted in the system. When the number of credentials becomes huge, a special algorithm is required to answer those questions. However, previous algorithms only investigate the problems about authorization and neglect the policy analysis involved names. Moreover, the efficiency of those algorithms is not high. In this dissertation, an efficient policy analysis algorithm for SPKI/SDSI2.0 is presented. Expanding the area of policy analysis essentially, it can analyze not only properties about authorization and name but also about the integrated properties. We get logic programs based on translating each policy statement into some Datalog clauses. The minimal Herbrand model of Datalog program is used as the program's semantics and it can be evaluated in polynomial time. In addition, the soundness of the semantics is proved.(3) The safety analysis model for SPKI/SDSI2.0 is defined, which is based on logic method. Through synthetically analyzing the security properties in SPKI/SDSI2.0, We conclude that simple safety can be decidable in polynomial time and the safety of SPKI/SDSI2.0 only relies on trusted entities. Specifically, a compliance-checking mechanism of SPKI/SDSI2.0 with constraint checking is presented to enhance the degree of control over the resource for the owner. This mechanism, which is simple, flexible and easy to implement, can greatly improve the security property of the distributed access control.(4) In role-based trust management framework (RT), entities may be authorized according to their properties, so it is an effective way to build trust relationships dynamically for the unfamiliar in large open distributed environment. However, when making authorization decision RT only considers the properties of entities while ignores the states of platforms on which entities are operating. An "irresponsible" platform may pose threat to the system security obviously. To address the problem, this dissertation presents a role-based trust management system on the trusted computing platform. The credentials, security policy and compliance-checking are discussed, and the usage of the system is illustrated through a typical example.