Skip to main content
SpringerLink
Log in

Experience with the KeyNote Trust Management System: Applications and Future Directions

  • Conference paper
  • First Online:
Trust Management (iTrust 2003)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2692))

Included in the following conference series:

Abstract

Access control in distributed systems has been an area of intense research in recent years. One promising approach has been that of trust management, whereby authentication and authorization decisions are combined in a unified framework for evaluating security policies and credentials. In this paper, we report on our experience of the past seven years using the PolicyMaker and the KeyNote trust management systems in a variety of projects. We start with a brief overview of trust management in general, and KeyNote in particular; we describe several applications of trust management; we then discuss various features we found missing from our initial version of KeyNote, which would have been useful in the various applications it was used. We conclude the paper with our plans for future research.

This work was partly supported by DARPA and the NSF under contracts F39502-99-1-0512-MOD P0001 and CCR-TC-0208972 respectively.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Blaze, M., Feigenbaum, J., Lacy, J.: Decentralized Trust Management. In: Proceedings of the 17th Symposium on Security and Privacy. (1996) 164–173

    Google Scholar 

  2. Blaze, M., Feigenbaum, J., Ioannidis, J., Keromytis, A.: The Role of Trust Management in Distributed Systems Security. In: Secure Internet Programming. Volume 1603 of Lecture Notes in Computer Science. Springer-Verlag Inc., NewYork, NY, USA (1999) 185–210

    Chapter  Google Scholar 

  3. Blaze, M., Feigenbaum, J., Ioannidis, J., Keromytis, A.D.: The KeyNote Trust Management System Version 2. Internet RFC 2704 (1999)

    Google Scholar 

  4. Blaze, M., Feigenbaum, J., Strauss, M.: Compliance Checking in the PolicyMaker Trust-Management System. In: Proceedings of the Financial Cryptography’ 98, Lecture Notes in Computer Science, vol. 1465. (1998) 254–274

    Chapter  Google Scholar 

  5. Blaze, M., Feigenbaum, J., Resnick, P., Strauss, M.: Managing Trust in an Information Labeling System. In: European Transactions on Telecommunications, 8. (1997) 491–501

    Article  Google Scholar 

  6. Lacy, J., Snyder, J., Maher, D.: Music on the Internet and the Intellectual Property Protection Problem. In: Proceedings of the International Symposium on Industrial Electronics, IEEE Press (1997) SS77–83

    Google Scholar 

  7. Levien, R., McCarthy, L., Blaze, M.: Transparent Internet E-mail Security. http://www.cs.-umass.edu/~lmccarth/crypto/papers/email.ps (1996)

  8. Kent, S., Atkinson, R.: Security Architecture for the Internet Protocol. RFC 2401 (1998)

    Google Scholar 

  9. Blaze, M., Ioannidis, J., Keromytis, A.: Trust Management for IPsec. In: Proceedings of Network and Distributed System Security Symposium (NDSS). (2001) 139–151

    Google Scholar 

  10. Blaze, M., Ioannidis, J., Keromytis, A.: Trust Management for IPsec. ACM Transactions on Information and System Security (TISSEC) 32 (2002) 1–24

    Google Scholar 

  11. Hallqvist, N., Keromytis, A.D.: Implementing Internet Key Exchange (IKE). In: Proceedings of the Annual USENIX Technical Conference, Freenix Track. (2000) 201–214

    Google Scholar 

  12. de Raadt, T., Hallqvist, N., Grabowski, A., Keromytis, A.D., Provos, N.: Cryptography in OpenBSD:An Overview. In: Proceedings of the 1999 USENIX Annual Technical Conference, Freenix Track. (1999) 93–101

    Google Scholar 

  13. Bellovin, S.M.: Distributed Firewalls. login: magazine, issue on security (1999) 37–39

    Google Scholar 

  14. Ioannidis, S., Keromytis, A., Bellovin, S., Smith, J.: Implementing a Distributed Firewall. In: Proceedings of Computer and Communications Security (CCS). (2000) 190–199

    Google Scholar 

  15. Keromytis, A.D., Misra, V., Rubenstein, D.: SOS: Secure Overlay Services. In: Proceedings of ACM SIGCOMM. (2002) 61–72

    Google Scholar 

  16. Keromytis, A., Ioannidis, S., Greenwald, M., Smith, J.: The STRONGMANArchitecture. In: Proceedings of DISCEX III. (2003)

    Google Scholar 

  17. Keromytis, A.D.: STRONGMAN: A Scalable Solution To Trust Management In Networks. PhD thesis, University of Pennsylvania, Philadelphia (2001)

    Google Scholar 

  18. Blaze, M., Ioannidis, J., Keromytis, A.D.: Offline Micropayments without Trusted Hardware. In: Proceedings of the 5h International Conference on Financial Cr yptography. (2001) 21–40

    Google Scholar 

  19. Ioannidis, J., Ioannidis, S., Keromytis, A., Prevelakis, V.: Fileteller: Paying and Getting Paid for File Storage. In: Proceedings of the 6th International Conference on Financial Cryptography. (2002)

    Google Scholar 

  20. Miltchev, S., Prevelakis, V., Ioannidis, S., Ioannidis, J., Keromytis, A.D., Smith, J.M.: Secure and Flexible Global File Sharing. In: Proceedings of the USENIX Technical Annual Conference, Freenix Track. (2003)

    Google Scholar 

  21. Alexander, D.S., Arbaugh, W.A., Hicks, M., Kakkar, P., Keromytis, A.D., Moore, J.T., Gunter, C.A., Nettles, S.M., Smith, J.M.: The Switch Ware Active Network Architecture. IEEE Network, special issue on Active and Programmable Networks 12 (1998) 29–36

    Google Scholar 

  22. Alexander, D.S., Arbaugh, W.A., Keromytis, A.D., Smith, J.M.: A Secure Active Network Environment Architecture: Realization in SwitchWare. IEEE Network, special issue on Active and Programmable Networks 12 (1998) 37–45

    Google Scholar 

  23. Alexander, D.S., Arbaugh, W.A., Keromytis, A.D., Muir, S., Smith, J.M.: Secure Quality of Service Handling (SQoSH). IEEE Communications 38 (2000) 106–112

    Article  Google Scholar 

  24. Alexander, D., Menage, P., Keromytis, A., Arbaugh, W., Anagnostakis, K., Smith, J.: The Price of Safety in an Active Network. Journal of Communications (JCN), special issue on programmable switches and routers 3 (2001) 4–18

    Google Scholar 

  25. Anagnostakis, K.G., Ioannidis, S., Miltchev, S., Smith, J.M.: Practical network applications on a lightweight active management environment. In: Proceedings of the 3rd International Working Conference on Active Networks (IWAN). (2001)

    Google Scholar 

  26. Anagnostakis, K.G., Ioannidis, S., Miltchev, S., Ioannidis, J., Greenwald, M.B., Smith, J.M.: Efficient packet monitoring for network management. In: Proceedings of IFIP/IEEE Network Operations and Management Symposium (NOMS) 2002. (2002)

    Google Scholar 

  27. Anagnostakis, K.G., Greenwald, M.B., Ioannidis, S., Miltchev, S.: Open Packet Monitoring on FLAME: Safety, Performance and Applications. In: Proceedings of the 4rd International Working Conference on Active Networks (IWAN). (2002)

    Google Scholar 

  28. Anagnostakis, K.G., Hicks, M.W., Ioannidis, S., Keromytis, A.D., Smith, J.M.: Scalable Resource Control in Active Networks. In: Proceedings of the Second International Working Conference on Active Networks (IWAN). (2000) 343–357

    Google Scholar 

  29. Foley, S., Quillinan, T., Morrison, J., Power, D., Kennedy, J.: Exploiting KeyNote in WebCom: Architecture Neutral Glue for Trust Management. In: Fifth Nordic Workshop on Secure IT Systems. (2001)

    Google Scholar 

  30. Foley, S., Quillinan, T., Morrison, J.: Secure Component Distribution Using WebCom. In: Proceedings of the 17th International Conference on Information Security (IFIP/SEC). (2002)

    Google Scholar 

  31. Morrison, J., Power, D., Kennedy, J.: WebCom: A Web Based Distributed Computation Platform. In: Proceedings of Distributed computing on the Web. (1999)

    Google Scholar 

  32. Foley, S., Quillinan, T.: Using Trust Management to Support MicroPayments. In: Proceedings of the Annual Conference on Information Technology and Telecommunications. (2002)

    Google Scholar 

  33. Foley, S.: Using Trust Management to Support Transferable Hash-Based Micropayments. In: Proceedings of the International Financial Cryptography Conference. (2003)

    Google Scholar 

  34. Foley, S.: Supporting Imprecise Delegation in KeyNote. In: Proceedings of 10th International Security Protocols Workshop. (2002)

    Google Scholar 

  35. Whitehead, E.: World Wide Web Distributed Authoring and Versioning (WebDAV): An Introduction. ACM Standard View 5 (1997) 3–8

    Article  Google Scholar 

  36. McCanne, S., Jacobson, V.: A BSD Packet Filter: A New Architecture for User-level Packet Capture. In: Proceedings of USENIX Winter Technical Conference, Usenix (1993) 259–269

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. AT&T Labs — Research, USA

    Matt Blaze & John Ioannidis

  2. CS Department, Columbia University, Columbia

    Angelos D. Keromytis

Authors
  1. Matt Blaze
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. John Ioannidis
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Angelos D. Keromytis
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer and Information Sciences Livingstone Tower, University of Strathclyde, 26 Richmond Street, Glasgow, G1 1XH, UK

    Paddy Nixon  & Sotirios Terzis  & 

Rights and permissions

Reprints and permissions

Copyright information

© 2003 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Blaze, M., Ioannidis, J., Keromytis, A.D. (2003). Experience with the KeyNote Trust Management System: Applications and Future Directions. In: Nixon, P., Terzis, S. (eds) Trust Management. iTrust 2003. Lecture Notes in Computer Science, vol 2692. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-44875-6_21

Download citation

  • DOI: https://doi.org/10.1007/3-540-44875-6_21

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-40224-4

  • Online ISBN: 978-3-540-44875-4

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation