Compliance checking in the PolicyMaker trust management system
Emerging electronic commerce services that use public-key cryptography on a mass-market scale require sophisticated mechanisms for managing trust. For example, any service that receives a signed request for action is forced to answer the central question “Is the key used to sign this request authorized to take this action?” In some services, this question reduces to “Does this key belong to this person?” In others, the authorization question is more complicated, and resolving it requires techniques for formulating security policies and security credentials, determining whether particular sets of credentials satisfy the relevant policies, and deferring trust to third parties. Blaze, Feigenbaum, and Lacy  identified this trust management problem as a distinct and important component of network services and described a general tool for addressing it, the PolicyMaker trust management system.
At the heart of a trust management system is an algorithm for compliance checking. The inputs to the compliance checker are a request, a policy, and a set of credentials. The compliance checker returns yes or no, depending on whether the credentials constitute a proof that the request complies with the policy. Thus a central challenge in trust management is to find an appropriate notion of “proof” and an efficient algorithm for checking proofs of compliance.
In this paper, we present the notion of proof that is used in the current version of the PolicyMaker trust management system. We show that this notion of proof leads to a compliance-checking problem that is undecidable in its most general form and is NP-hard even if restricted in several natural ways. We identify a special case of the problem that is solvable in polynomial time and is widely applicable. The algorithm that we give for this special case has been implemented and is used in the current version of the PolicyMaker system.
KeywordsTransition Rule Trust Relationship Trust Management Action String Compliance Checker
Unable to display preview. Download preview PDF.
- 1.M. Blaze, J. Feigenbaum, and J. Lacy, Decentralized Trust Management, in Proceedings of the Symposium on Security and Privacy, IEEE Computer Society Press, Los Alamitos, 1996, pp. 164–173.Google Scholar
- 3.Y.-H. Chu, J. Feigenbaum, B. LaMacchia, P. Resnick, and M. Strauss, REFEREE: Trust Management for Web Applications, World Wide Web Journal, 2 (1997), pp. 127–139. (Reprinted from Proceedings of the 6th International World Wide Web Conference, World Wide Web Consortium, Cambridge, 1997, pp. 227–238.)Google Scholar
- 8.A. K. Jones, R. J. Lipton, and L. Snyder, A Linear Time Algorithm for Deciding Security, in Proceedings of the Symposium on Foundations of Computer Science, IEEE Computer Society Press, Los Alamitos, 1976, pp. 33–41.Google Scholar
- 9.J. Lacy, D. P. Maher, and J. H. Snyder, Music on the Internet and the Intellectual Property Protection Problem, in Proceedings of the International Symposium on Industrial Electronics, IEEE Press, New York, 1997, pp. SS77–SS83.Google Scholar
- 10.R. Levien, L. McCarthy, and M. Blaze, Transparent Internet E-mail Security, http://www.cs.umass.edu/~lmccarth/crypto/papers/email.psGoogle Scholar
- 12.T. Y. C. Woo and S. S. Lam, Authorization in Distributed Systems: A New Approach, Journal of Computer Security, 2 (1993), pp. 107–36.Google Scholar