Document Sample
archi Powered By Docstoc
					                    First Internal iTrust Workshop
                          On Trust Management
                       In Dynamic Open Systems
                            September 2-4, 2002-07-17

                     University of Strathclyde, Glasgow, UK

                   Session on Architectures for Trust
 1.    E. Bertino, U. Milano
 2.    J. Bicarregui, CLRC
 3.    S. Cerri, LIRMM
 4.    E. Crespo, SGI
 5.    D. Chadwick, U. Salford
 6.    T. Dimitrakos, CLRC
 7.    N. Dulay, Imperial College (?)
 8.    P. Herrmann, U. Dortdmund
 9.    V. Issarny (Leader), INRIA
 10.   C. Jensen, Trinity College
 11.   P. Kearney, BT
 12.   G. Klyne, Nine by Nine
 13.   E. Lupu, Imperial College
 14.   M. Marazakis (Rapporteur), Plefsis
 15.   B. Matthews, CLRC
 16.   G. Navarro, U. Autonoma de Barcelona
 17.   D. Raptis, INTRACOM
 18.   B. Ritchie, CLRC
 19.   S. Robles, U. Autonoma de Barcelona
 20.   B. Sadighi, SICS
 21.   S. Shiu, HP Labs
 22.   M. Sloman, Imperial College
 23.   S. Terzis, U. Strathclyde

The session is organized into 6 sub-sessions where for each sub-session: 2 to 3 talks of
10’ each and general discussion/questions with the contributors of 15’.
Session 1 – Monday, September 2nd, 13:30-16:35

      Introduction (5’), V. Issarny
      Specification (45’: 3x10’ talks + 15’ discussion)
          o The Ponder policy specification language, N. Dulay or E. Lupu
          o Trust and the Semantic Web, B. Matthews
          o Secure and selective dissemination of XML data in the Author-X system,
              E. Bertino
      Analysis (45’: 3x10’ talks + 15’ discussion)
          o Specifying and analysing trust for Internet Applications, M. Sloman
          o A framework for decentralised privilege management, B. Sadighi
          o Using simulation to explore trust life-cycle issues, S. Terzis
      Certification (45’: 3x10’ talks + 15’ discussion)
          o Issues in public key infrastructures for e-Business, D. Raptis
          o Open points and relational troubles of trusted third parties, E. Crespo
          o Trust services: a multi-disciplinary research program, S. Shiu
      Components for Trust-based Architectures (45’: 3x10’ talks + 15’ discussion)
          o Components of trust-based architectures, D. Chadwick,
          o Standardizing a trust framework, G. Klyne
          o Trust-based security policy enforcement of software components, P.

Session 2 – Tuesday, September 3rd, 11:15-12:30
      Agent-based architectures (30’: 2x10’ talks + 10’ discussion)
          o MARISM-A: bringing trust and mobile agents together, S. Robles
          o When in doubt, neither think or compute, just ask: agent’s interaction on
              the Web, S. Cerri
      Applications (30’: 2x10’ talks + 10’ discussion)
          o B2B trust service provider: concept demonstrator, P. Kearney
          o Building trust on the grid: trust issues underpinning large dynamic virtual
              organisations, T. Dimitrakos
      Closing (15’), V. Issarny

The Ponder Policy Specification Language
Naranker Dulay, Emil Lupu, Morris Sloman
Department of Computing, Imperial College
      Abstract. The Ponder language provides a common means of specifying security
      policies that map onto various access control implementation mechanisms for
      firewalls, operating systems, databases and Java. It supports obligation policies
      that are event triggered condition-action rules for policy based management of
       networks and distributed systems. Ponder can also be used for security
       management activities such as registration of users or logging and auditing events
       for dealing with access to critical resources or security violations. Key concepts of
       the language include roles to group policies relating to a position in an
       organisation, relationships to define interactions between roles and management
       structures to define a configuration of roles and relationships pertaining to an
       organisational unit such as a department. These reusable composite policy
       specifications cater for the complexity of large enterprise information systems.
       Ponder is declarative, strongly-typed and object-oriented which makes the
       language flexible, extensible and adaptable to a wide range of management

Trust and the Semantic Web
Brian Matthews
      Abstract: The Semantic Web initiative of the World-Wide Web Consortium
      (W3C) aims to augment the existing Web architecture by adding communicable
      information about resources which can then be processed by automated agents.
      While this initiative has attracted much interest in the last few years, practical
      applications have as yet been slow to appear. In this talk I shall introduce a new
      European project: Semantic Web Advanced Development in Europe (SWAD-
      Europe). This project aims to provide practical examples of where real value can
      be added to the Web through the semantic web. A class of information which can
      be added to resources on the web is trust information; indeed this is a key area
      where the Semantic Web can add real value. A part of the SWAD-Europe project
      is concerned with the use of the Semantic Web to express, interchange and
      process trust statements. I shall discuss the initial aims and ideas on how the
      Semantic Web could be used to express and implement trust statements, policies
      and their implementation.

Secure and Selective Dissemination of XML Data in the Author-X
Elisa Bertino
       Abstract: XML has emerged as a relevant standard for data representation and
       exchange on the Web. It is often the case that XML data contain information of
       different sensitivity degrees which must be selectively shared by (possibly large)
       user communities. There is thus the need for models and mechanisms enabling the
       specification and enforcement of access control policies for XML. Mechanisms
       are also required enabling a secure and selective dissemination of documents to
       users, according to the authorizations that these users have, as well as mechanisms
       for secure cooperative updates. In this talk, we will describe solutions adopted by
       the Author-X system to the those issues and outline current rsearch directions.
Specifying and Analysing Trust for Internet Applications
Tyrone Grandison, Morris Sloman
Department of Computing, Imperial College
      Abstract:      The Internet is now being used for commercial, social and
      educational interactions, which previously relied on direct face-to-face contact in
      order to establish trust relationships. Thus, there is a need to be able to establish
      and evaluate trust relationships relying only on electronic interactions over the
      Internet. A trust framework for Internet applications should incorporate concepts
      such as experience, reputation and trusting propensity in order to specify and
      evaluate trust. SULTAN (Simple Universal Logic-oriented Trust Analysis
      Notation) is an abstract, logic-oriented notation designed to facilitate the
      specification and analysis of trust relationships. SULTAN seeks to address all the
      above issues, although this paper focuses on our initial work on trust specification
      and analysis.

A Framework for Decentralised Privilege Management
Babak Sadighi
      Abstract: We present our research on mechanisms for decentralised privielge
      management for dynamic organisations. We present a semantic framework for
      privileges and certificates and an associated calculus, encoded as a logic program,
      for reasoning about them. The framework distinguishes between the time a
      certificate is issued or revoked and the time for which the associated privilege is
      created. This enables certificates to have prospective and retrospective effects,
      and allows us to reason about privileges and their consequences in the past,
      present, and future. The calculus provides a verification procedure for
      determining, given a set of declaration and revocation certificates, whether a
      certain privilege holds. We present the idea of constrained delegation for
      restricting future delegations and keeping some level of control for distribution of
      privielges. We also present Delegent Authorisation Server developed as a
      specialised deductive database based on this framework.

Using Simulation to Explore Trust Lifecycle Issues
Sotirios Terzis
U. Strathclyde
       Abstract: Simulation is a vital tool in research methods for investigating lifecycle
       issues in critical application areas, such as scenarios involving trust. Our trust
       model is premised on the belief that the ability to form and evolve explicit values
       for trust in other principals in an interaction allows autonomous computational
       entities to make better decisions in situations where only partial information is
       available. In our model we view the trust lifecycle as a three stage process: trust
       formation, trust evolution and trust exploitation. Our framework is based on
       model and will allow us to run a series of experiments, which simulate principals
       collaborating over time for a number of applications. For its design we
       investigated three trust-based application scenarios namely: agent-based file
       sharing, dynamic routing in ad hoc networks and agent-based meeting organiser.
       These applications capture a variety of trust relationships. In this paper, we start
       with a presentation of our initial motivation. We continue with an examination of
       the characteristics of our trust lifecycle model and an overview of our application
       scenarios. We examine in more detail the agent-based file sharing application
       scenario and conclude with a discussion of our experiences and remaining open

Issues in Public Key Infrastructures for e-Business – Theory and
Dimitris Raptis
      Abstract : The talk will address practical issues and problems related to the
      deployment of PKIs, usage of digital certificates, standardisation and
      interoperability consern, and constraints of currently available technology.

Open Points and Relational Troubles of Trusted Third Parties
Enrique Crespo
      Abstract : In every e-community and e-service interaction becomes compulsory
      the witness of the transaction for the so-called “Third Trusted Party”. To this
      Entity we assume fair behavior and technological excellence while performing its
      duty whatever it was. In this entity we anchor the Security of the System, and if
      not so, we should fall in a never-ending loop. The problem is when this Entity has
      to interact with services that require End User presence beyond what this Entity
      can manage. In this point several trust point arise and no clear solution is given at
      this point. Adequate schemes and accurate technology are still loomed.

       From the application point of view several risks do arise while applying Security
       Mechanism in Mobile Communications. In this Position Paper we shall come
       along a brief resume of such risks and current Technological Frame in order to
       better understand how to face and manage actual situation.

Trust Services: A Multi-Disciplinary Research Program
Simon Shiu
HP Laboratories Bristol
      Abstract : Trust services are 3rd party services run by expert organizations that
      take responsibility for performing trust tasks with due diligence. Trust tasks
      include vetting potential trading partners, assuring identities, or credentials,
      storing documents, creating and preserving audit trails and so on, see [1],[2]. Thus
      trust services are wider in scope than Certificate Authorities (CAs) being
      concerned with many more trust processes.
       Research on trust services is a multi disciplinary activity concerning technology,
       legal aspects, business effectiveness and reality, as well as a deep understanding
       of trust. The Trust Services research group at HP makes progress on the
       technology front by envisioning ideal trust services, and then trying to meet the
       technology challenges these pose.

       This paper gives an example of this methodology by examining the problems
       concerning digital evidence. Trust services such as CAs already help with non-
       repudiation, but a lot of complexity and due diligence surrounding private key
       usage is still required by the trading partners. An ideal situation is for a trusted
       third party to actually help control how the keys get used, and moreover manage
       the resulting non-repudiable digital data.

       Such a service introduces many technology challenges, especially concerning how
       the trading partners can trust the service provider. It is not possible to discuss all
       the issues raised but to illustrate the method a hint of the types of technology that
       might help is provided.

       Although the example is technology driven and some of the discussion at quite a
       low level, it should be clear that the approach provides a context for teasing out,
       stretching and highlighting other research aspects. Thus the conclusion is that
       trust services research provides a rich way to think about e-business trust
       problems and multi-disciplinary collaboration is likely to be fruitful.

Components for trust-based architectures
Components of Trust-based Architectures
David Chadwick
U. Salford
       Abstract : This paper describes (some of) the components that are needed within
       an authentication and authorisation trust based infrastructure. It is not meant to be
       exhaustive, but rather is an initial list of the components that are currently seen to
       be needed. It is expected that this list of components will be added to (and
       possibly subtracted from) as research into this subject further develops.

Standardizing a Trust Framework
Graham Klyne
Nine by Nine
      Abstract : To be effective, a framework for establishing trust between parties
      must be based on agreed protocols to exchange information on which trust
      decisions may be based. This in turn calls for broadly accepted standards.
      Obtaining the consensus needed for a technical specification to become a standard
      is very much easier if existing relevant standards work is used to the maximum
      extent possible. This talk will survey and introduce some emerging Internet
      standards work, from W3C and IETF, that may be relevant to deliberations about
       trust based architectures and decision making systems; touching on: MIME,
       XML, RDF, HTTP, BEEP, SOAP, instant messaging protocols, XMLDSIG,
       XMLENC, X.509, XKMS, SAML, XACML, ...

Trust-based Security Policy Enforcement of Software Components
Peter Herrmann
U. Dortdmund
       Abstract : Software component technology supports the cost-effective
       development of e-commerce applications but also introduces special security
       problems. In particular, a malicious component is a threat to any application
       incorporating it. Therefore wrappers are of interest which control the behaviour of
       components at run-time and enforce the application's security policies. The
       wrapper of a component monitors the component behaviour at its interfaces and
       checks its compliance with the security behaviour constraints of the component's
       employment contract. Wrappers, however, lead to a significant runtime overhead.
       To reduce the expense of evaluating components, we use trust management in
       order to consider the experience of other customers with a component. A trust
       information service collects evaluation reports from certification authorities as
       well as from users deploying a component. From these evaluations trust values
       are calculated which can be used to adjust the amount of monitoring the

       This talk mainly focuses on the architecture of the enforcement system consisting
       of the trust information service, the software wrappers, and a trust manager
       component which decides about the monitoring and enforcement strategies based
       on the current trust values

Agent-based architectures
MARISM-A, Bringing Trust and Mobile Agents Together
Sergi Robles
U. Autonoma de Barcelona
       Abstract : In this talk we will introduce the CCD research group through its
       interests in the fields of trust and security. The main project of the group at
       present is MARISM-A, an Architecture for Mobile Agents with Recursive
       Itinerary and Secure Migration. This platform intends to be the intersection of the
       different areas under research at the moment: trust modelling, resource access
       control, itinerary protection mechanisms and distributed intrusion detection
       systems. The platform is being developed in java and provides several novel
       features. We plan to use MARISM-A to develop some secure sea-of-data

When in Doubt, Neither Think or Compute, just Ask: Agent’s Inter-
Action on the Web
Stefano Cerri
LIRMM, U. Montpellier II
       Abstract : To be sent end August

B2B Trust Service Provider: Concept Demonstrator
Paul Kearney
      Abstract: This paper describes a demonstration that was created as part of the
      security theme within EURESCOM project P1106, entitled 'E-commerce Impacts
      on Service and Network Operations and Management'. Eurescom
      ( co-ordinates collaborative research projects for European
      telecommunication companies.

       The project goal is to investigate the impacts of e-commerce. Obviously
       automated trading has a great impact on security mechanisms. The differences
       between electronic and paper based systems mean there are new vulnerabilities
       for unfriendly entities to exploit. The nature of automation means that transactions
       will be processed more quickly and with less human interaction. There will be
       less time to spot attacks and less opportunity to react to them. Furthermore,
       gateways have to be connected to the public Internet giving anyone the potential
       to access them. A demonstrator has been built making use of of-the-shelf
       commercial software applications to help understand how B2B interfaces work in
       the telecommunications market and to test the applicability of the security

       The demonstration is of a secure interaction between telco supply chain trading
       partners using automated business to business (B2B) gateways. It shows the
       execution of security controls during a service negotiation between the trading
       partners. Integral to this scenario is a third party who occupies a trusted position
       between the partners. The common point of trust allows a party to establish a
       trading relationship with an otherwise unknown organisation.

Building Trust on the GRID: Trust Issues Underpinning Large
Dynamic Virtual Organisations
Theo Dimitrakos
      Abstract: GRID computing has emerged as a new approach to a high-
      performance distributed computing infrastructure within the last five years. The
      GRID concept has been generalised to cover a virtual organisation, defined as any
      dynamic collection of individuals and institutions which are required to share
      resources to achieve certain goals. In this talk we highlight some trust issues
      related to GRID computing and provide an overview of ongoing research towards
      building GRID-aware security and trust management solutions.

Shared By: