Trust Management for the World Wide Web

Yüklə 0,79 Mb.

səhifə	1/13
tarix	26.09.2018
ölçüsü	0,79 Mb.
	#70469

1 2 3 4 5 6 7 8 9 ... 13

Trust Management for the World Wide Web

Yang-hua Chu

Submitted to the Department of Electrical Engineering and Computer Science

in Partial Fulfillment of the Requirements for the Degree of

Master of Engineering in Electrical Engineering and Computer Science

at the Massachusetts Institute of Technology

June 13, 1997
Copyright 1997 Yang-hua Chu. All rights reserved.

The author hereby grants to M.I.T. permission to reproduce and

distribute publicly paper and electronic copies of this thesis

and to grant others the rights to do so.

Author________________________________________________________________________________

Department of Electrical Engineering and Computer Science

Certified by____________________________________________________________________________

Dr. Joan Feigenbaum

Technology Consultant, AT&T Labs—Research
Certified by____________________________________________________________________________

Dr. James S. Miller

Thesis Supervisor, Lecturer
Accepted by ___________________________________________________________________________

Professor Arthur C. Smith

Chairman, Department Committee on Graduate Thesis
Trust Management for the World Wide Web

Yang-hua Chu

Submitted to the Department of Electrical Engineering and Computer Science
June 13, 1997
in Partial Fulfillment of the Requirements for the Degree of

Master of Engineering in Electrical Engineering and Computer Science

at the Massachusetts Institute of Technology

ABSTRACT

Digital signatures alone are not sufficient for code signing and other Web applications: Signatures can solve the problems of message integrity and authentication, but they do not adequately address more general notions of security and trust. These applications require not only cryptographic tools for determining authenticity and message integrity but also a robust notion of "security policy" and a way to decide whether a request for action complies with a policy. For example, in a code-signing application, a user's security policy must state the properties that the code is required to have in order to be considered "safe" in the user's environment. Similarly, the entity signing the code must state precisely what properties he claims the code has.

My thesis will identify what trust management is in the context of the World Wide Web and propose a general architecture to close the gap between trust and cryptography. I will describe two specific languages for describing trust policies and a general mechanism for evaluating whether a request for action complies with policy.

Thesis Supervisor	Title	Affiliation
Dr. Joan Feigenbaum	Technology Consultant	AT&T Labs—Research
Dr. James S. Miller	Technology and Society Domain Leader	The World Wide Web Consortium, MIT Laboratory for Computer Science

ACKNOWLEDGEMENTS

First I thank my thesis supervisors, Dr. Joan Feigenbaum and Dr. Jim Miller. They were always ready to give me guidance and support when I encountered problems during my research and thesis writing. They also provided me invaluable opportunities to attend conferences and give presentations.

I was grateful to work with several talented researchers at AT&T Labs—Research, including Brian LaMacchia, Paul Resnick, and Martin Strauss. We co-developed REFEREE, which ultimately became the focus of my research and thesis work. Their enthusiasm and devotion to doing research made them inspiring role models.

Many thanks to the team members at the World Wide Web Consortium, where I spent the past year writing my thesis. Special thanks to the T&S team members Eui-suk Chung, Philip DesAutels, Rohit Khare, and Joseph Reagle. Their presence and encouragement make my daily work on the third floor of LCS fun and worthwhile. Special thanks to Philip, whom I spent a great deal of time with in the Digital Signature Initiative project, and Joseph, who lent me the thesis template.

Finally I have to thank my personal support team: my mom and dad, my brothers Yung-hua, Ching-hua, and Hao-hua, and my girlfriend Wendy. Although land and sea separated us most of the time, we were always connected deep in our hearts. Every bit of caring and encouragement was my most precious source of energy. There are no words that can express my gratitude to them.

Trust Management for the World Wide Web 1

Trust Management for the World Wide Web 3

ABSTRACT 3

ACKNOWLEDGEMENTS 5

Table of Contents 7

List of Figures and Tables 8

1 Introduction 9

2 Trust Management 11

3 Execution Environment 28

4 Policy Language 35

5 REFEREE Reference Implementation 49

6 Conclusion 58

Appendices 59

References 62

List of Figures and Tables

Figure 1 Trust Management Infrastructure 14

Figure 2 Dependency Graph of Trust Management Infrastructure Components 14

Figure 3 PICS in the Trust Management Infrastructure 15

Figure 4 X.509 in the Trust Management Infrastructure 17

Figure 5 PolicyMaker in the Trust Management Infrastructure 18

Figure 6 Authenticode in the Trust Management Infrastructure 20

Figure 7 Authenticode User Permission Interface 21

Figure 8 Configuring a List of Trusted Entities in Authenticode 22

Figure 9 Cool Game Download 23

Figure 10 A Snapshot of the Boston Globe Web Document 25

Figure 11 Flow chart for signing and verifying a digital signature 26

Figure 12 REFEREE External API 29

Figure 13 Sample block diagram of REFEREE internal structure. 30

Figure 14 Required interface for every REFEREE module 31

Figure 15 Sample REFEREE Implementation 34

Figure 16 Jigsaw Proxy Architecture 50

Figure 17 Sample REFEREE Implementation 54

Table 1 A Sample Module Database 33

Table 2 Truth table for the and operator 41

Table 3 Truth Table for the or operator 41

Table 4 Truth Table for the not operator 42

Table 5 Truth Table for the true-if-unknown operator 42

Table 6 Truth Table for the false-if-unknown operator 42

Yüklə 0,79 Mb.

Dostları ilə paylaş:

1 2 3 4 5 6 7 8 9 ... 13