Skip to main content
Top

1999 | OriginalPaper | Chapter

The Role of Trust Management in Distributed Systems Security

Authors : Matt Blaze, Joan Feigenbaum, John Ioannidis, Angelos D. Keromytis

Published in: Secure Internet Programming

Publisher: Springer Berlin Heidelberg

Activate our intelligent search to find suitable subject content or patents.

search-config
loading …

Existing authorization mechanisms fail to provide powerful and robust tools for handling security at the scale necessary for today’s Internet. These mechanisms are coming under increasing strain from the development and deployment of systems that increase the programmability of the Internet. Moreover, this “increased flexibility through programmability” trend seems to be accelerating with the advent of proposals such as Active Networking and Mobile Agents.The trust-management approach to distributed-system security was developed as an answer to the inadequacy of traditional authorization mechanisms. Trust-management engines avoid the need to resolve “identities” in an authorization decision. Instead, they express privileges and restrictions in a programming language. This allows for increased flexibility and expressibility, as well as standardization of modern, scalable security mechanisms. Further advantages of the trust-management approach include proofs that requested transactions comply with local policies and system architectures that encourage developers and administrators to consider an application’s security policy carefully and specify it explicitly.In this paper, we examine existing authorization mechanisms and their inadequacies. We introduce the concept of trust management, explain its basic principles, and describe some existing trust-management engines, including PolicyMaker and KeyNote. We also report on our experience using trust-management engines in several distributed-system applications.

Metadata
Title
The Role of Trust Management in Distributed Systems Security
Authors
Matt Blaze
Joan Feigenbaum
John Ioannidis
Angelos D. Keromytis
Copyright Year
1999
Publisher
Springer Berlin Heidelberg
DOI
https://doi.org/10.1007/3-540-48749-2_8

Premium Partner