Compliance checking in the PolicyMaker trust management system

  • Matt Blaze
  • Joan Feigenbaum
  • Martin Strauss
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1465)


Emerging electronic commerce services that use public-key cryptography on a mass-market scale require sophisticated mechanisms for managing trust. For example, any service that receives a signed request for action is forced to answer the central question “Is the key used to sign this request authorized to take this action?” In some services, this question reduces to “Does this key belong to this person?” In others, the authorization question is more complicated, and resolving it requires techniques for formulating security policies and security credentials, determining whether particular sets of credentials satisfy the relevant policies, and deferring trust to third parties. Blaze, Feigenbaum, and Lacy [1] identified this trust management problem as a distinct and important component of network services and described a general tool for addressing it, the PolicyMaker trust management system.

At the heart of a trust management system is an algorithm for compliance checking. The inputs to the compliance checker are a request, a policy, and a set of credentials. The compliance checker returns yes or no, depending on whether the credentials constitute a proof that the request complies with the policy. Thus a central challenge in trust management is to find an appropriate notion of “proof” and an efficient algorithm for checking proofs of compliance.

In this paper, we present the notion of proof that is used in the current version of the PolicyMaker trust management system. We show that this notion of proof leads to a compliance-checking problem that is undecidable in its most general form and is NP-hard even if restricted in several natural ways. We identify a special case of the problem that is solvable in polynomial time and is widely applicable. The algorithm that we give for this special case has been implemented and is used in the current version of the PolicyMaker system.


Transition Rule Trust Relationship Trust Management Action String Compliance Checker 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    M. Blaze, J. Feigenbaum, and J. Lacy, Decentralized Trust Management, in Proceedings of the Symposium on Security and Privacy, IEEE Computer Society Press, Los Alamitos, 1996, pp. 164–173.Google Scholar
  2. 2.
    M. Blaze, J. Feigenbaum, P. Resnick, and M. Strauss, Managing Trust in an Information-Labeling System, European Transactions on Telecommunications, 8 (1997), pp. 491–501. (Special issue of selected papers from the 1996 Amalfi Conference on Secure Communication in Networks.)CrossRefGoogle Scholar
  3. 3.
    Y.-H. Chu, J. Feigenbaum, B. LaMacchia, P. Resnick, and M. Strauss, REFEREE: Trust Management for Web Applications, World Wide Web Journal, 2 (1997), pp. 127–139. (Reprinted from Proceedings of the 6th International World Wide Web Conference, World Wide Web Consortium, Cambridge, 1997, pp. 227–238.)Google Scholar
  4. 4.
    D. Denning, Cryptography and Data Security, Addison-Wesley, Reading, 1982.zbMATHGoogle Scholar
  5. 5.
    S. Even, A. Selman, and Y. Yacobi, The Complexity of Promise Problems with Applications to Public-Key Cryptography, Information and Control, 61 (1984), pp. 159–174.zbMATHMathSciNetCrossRefGoogle Scholar
  6. 6.
    M. Garey and D. Johnson, Computers and Intractability: A Guide to the Theory of NP-Completeness, Freeman, San Fancisco, 1979.zbMATHGoogle Scholar
  7. 7.
    M. A. Harrison, W. L. Ruzzo, and J. D. Ullman, Protection in Operating Systems, Communications of the ACM, 19 (1976), pp. 461–471.zbMATHMathSciNetCrossRefGoogle Scholar
  8. 8.
    A. K. Jones, R. J. Lipton, and L. Snyder, A Linear Time Algorithm for Deciding Security, in Proceedings of the Symposium on Foundations of Computer Science, IEEE Computer Society Press, Los Alamitos, 1976, pp. 33–41.Google Scholar
  9. 9.
    J. Lacy, D. P. Maher, and J. H. Snyder, Music on the Internet and the Intellectual Property Protection Problem, in Proceedings of the International Symposium on Industrial Electronics, IEEE Press, New York, 1997, pp. SS77–SS83.Google Scholar
  10. 10.
    R. Levien, L. McCarthy, and M. Blaze, Transparent Internet E-mail Security, Scholar
  11. 11.
    E. Tardos, The Gap Between Monotone and Non-monotone Circuit Complexity is Exponential, Combinatorica, 8 (1988), pp. 141–142.zbMATHMathSciNetCrossRefGoogle Scholar
  12. 12.
    T. Y. C. Woo and S. S. Lam, Authorization in Distributed Systems: A New Approach, Journal of Computer Security, 2 (1993), pp. 107–36.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1998

Authors and Affiliations

  • Matt Blaze
    • 1
  • Joan Feigenbaum
    • 1
  • Martin Strauss
    • 1
  1. 1.AT&T Labs - ResearchFlorham ParkUSA

Personalised recommendations