Skip to main content Accessibility help

We use cookies to distinguish you from other users and to provide you with a better experience on our websites. Close this message to accept cookies or find out how to manage your cookie settings.

Close cookie message
×
Hostname: page-component-745bb68f8f-l4dxg Total loading time: 0 Render date: 2025-02-06T05:10:01.370Z Has data issue: false hasContentIssue false

6 - Trust management in communication networks

from II - E-system and network security tools

Published online by Cambridge University Press:  11 September 2009

Mohammad Obaidat  and
Noureddine Boudriga
Mohammad Obaidat
Affiliation:
Monmouth University, New Jersey
Noureddine Boudriga
Affiliation:
Université du 7 Novembre à Carthage, Tunis
Get access

Summary

Trust management is a major component in the security of e-services. Issues in trust management include: (a) expressing security policies and security credentials; (b) ascertaining whether a given set of credentials conforms to the relevant policies; and (c) delegating trust to third parties under relevant conditions. Various trust management systems have been developed to support security of networked applications. Unfortunately, these systems address only limited issues of the trust management activity, and often provide their services in a way that is appropriate to only special applications. In this chapter, we present a comprehensive approach to trust management, consider the major techniques and functionalities of a trust management system, and describe three well-known trust management systems.

Introduction

Recent advances in Internet computing, paired with the increase in network resources and end-node processing capabilities, have led to the growing need of organizations and administrations to use large Intranets to connect their offices, branches, and information systems. They also pushed for the development of e-services for the need of their customers. All the emerging applications and e-services have different notions of the concept of resource. They share one thing in common: the need to grant or restrict access to their resources according to the security policy appropriate to that e-service.

Resources handled by e-services are of different types. While a clinical information system considers that a resource is a patient's record, a banking payment system considers accounts and money as the major resources to manage (Guemara-ElFatmi et al., 2004).

Type
Chapter
Information
Security of e-Systems and Computer Networks , pp. 119 - 142
Publisher: Cambridge University Press
Print publication year: 2007

Access options

Get access to the full version of this content by using one of the access options below. (Log in options will check for institutional or personal access. Content may require purchase if you do not have access.)

References

Anderson, R. (1994). Liability and Computer Security: nine principles. In Proceedings of the Third European Symposium on Research in Computer Security (ESORICS 94), Springer- Verlag, pp. 231–45.Google Scholar
Bellare, M., Garay, J., Hauser, R., Herzberg, A., Krawczyk, H., Steiner, M., Tsudik, G., Van, E. Herreweghen, and Waidner, M. (2000). Design, implementation and deployment of the iKP secure electronic payment system. IEEE Journal on Selected Areas in Communication. Vol. 18(4), 1–20.CrossRefGoogle Scholar
Blaze, M., Feigenbaum, J., and Lacy, J. (1996). Decentralized trust management. In Proceedings of the 17th Symp. on Security and Privacy, IEEE Computer Press, pp. 164–73.Google Scholar
BlazeFeigenbaum, M. J., Ioannidis, J., and Keromytis, A. D. (1999a). The Role of Trust Management in Distributed Systems Security. In Secure Internet Programming, 1603 LNCS, Springer-Verlag, pp. 185–210.Google Scholar
Blaze, M., Feigenbaum, J., Ioannidis, J., and Keromytis, A. (1999b). The KeyNote Trust-Management System Version 2, RFC2704.Google Scholar
Boudriga, N. and , M. S. (2003). SPKI-based trust management systems in communication networks. Proc. 2003 Intern. Symp. On Perform. Evaluation of Comp. and Telecomm. Systems (SPECST'03), pp. 719–726, Montreal, Canada, July 20–24, 2003.Google Scholar
Chun, B. N. and Bavier, A. C. (2004). Decentralized trust management and accountability in federated systems, HICSS 2004, Jan. 5–8, 2004, Hawaii.CrossRefGoogle Scholar
Damianou, N., N. Dulay, E. Lupu, and M. Salomon (2001). The Ponder specification language, in Proc. Workshop on Policies for Distributed Systems and Networks (Policy 2001), HP Labs Bristol UK, 29–31 Jan 2001, Springer-Verlag LNCS 1995, pp. 18–39.
Ellison, C. (1999a). SPKI certification theory. IETF, RFC 2692.Google Scholar
Ellison, C., Franz, B., Lampson, B., Rivest, R. L., Thomas, B. M., and Ylonen, T. (1999b). SPKI requirements, IETF, RFC 2693.CrossRefGoogle Scholar
Grandison, T. and Sloman, M. (2000). A survey of trust in Internet applications. IEEE Communications Surveys and Tutorials, Vol. 3, No. 4, 2–16.CrossRefGoogle Scholar
Guemara-ElFatmi, S., Boudriga, N., and Obaidat, M. S. (2004). Relational-based calculus for trust management in networked services, Computer Communications Journal, 27, 1206–19.CrossRefGoogle Scholar
Ioannidis, S., Keromytis, A. D., Bellovin, S. M., and Smith, J. M. (2000). Implementing a distributed firewall. In Proceedings of the 7th ACM Conference on Computer and Communications Security, ACM, pp. 190–9.
Kagal, L., T., Finin, and Y., Peng (2001). A Delegation Based Model for Distributed Trust. Proceedings of the IJCAI-01 Workshop on Autonomy, Delegation, and Control: Interacting with Autonomous Agents, pp 73–80, Seattle, August 6, 2001.Google Scholar
Keromytis, A. D. and Smith, J. M. (2002). Requirements for Scalable Access Control and Security Management Architecture, Technical report CUCS-013–02.Google Scholar
Li, N., Grosof, B. N., and Feigenbaum, J. (2000). A practical implementable and tractable delegation logic, Proc. IEEE Symp. on Sec. and Priv., IEEE Comp. Press, pp. 27–42.Google Scholar
McKnight, D. H. and Chervany, N. L. (1996). The Meanings of Trust, Technical Report no:94–04, Carlson School of Management, University of Minnesota.Google Scholar
Mont, M. C. and Brown, R. (2002). Active Digital Credentials: Provision and Profile Information, HP-Laboratories, Technical Report HPL-2002–50.Google Scholar
Nikander, P. and Metso, L. (2000). Policy and Trust in Open Multi-Operator Networks. SMARTNET 2000: 419–436.Google Scholar

Save book to Kindle

To save this book to your Kindle, first ensure [email protected] is added to your Approved Personal Document E-mail List under your Personal Document Settings on the Manage Your Content and Devices page of your Amazon account. Then enter the ‘name’ part of your Kindle email address below. Find out more about saving to your Kindle.

Note you can select to save to either the @free.kindle.com or @kindle.com variations. ‘@free.kindle.com’ emails are free but can only be saved to your device when it is connected to wi-fi. ‘@kindle.com’ emails can be delivered even when you are not connected to wi-fi, but note that service fees apply.

Find out more about the Kindle Personal Document Service.

Available formats
×

Save book to Dropbox

To save content items to your account, please confirm that you agree to abide by our usage policies. If this is the first time you use this feature, you will be asked to authorise Cambridge Core to connect with your account. Find out more about saving content to Dropbox.

Available formats
×

Save book to Google Drive

To save content items to your account, please confirm that you agree to abide by our usage policies. If this is the first time you use this feature, you will be asked to authorise Cambridge Core to connect with your account. Find out more about saving content to Google Drive.

Available formats
×