Trust ManagementA Tutorial：信任管理教程.ppt

Top Technical and Funding PrioritiesFederal Cyber Security and Information Assurance RD Federal Plan for Cyber Security and Information Assurance Research and Development. A Report by the National Science and Technology Council’s Interagency Working Group on Cyber Security and Information Assurance, April 2006. Authentication, authorization, and trust management and Access control and privilege management are 2 of the 5 research areas identified as both a top technical priority and a top funding priority. /pubs/csia/FederalPlan_CSIA_RnD.pdf Outline Introduction and Motivation Traditional policy frameworks Policy frameworks for decentralized systems Trust management Design Issues and Features Trust Management Frameworks Sample Application Domains Research Directions Traditional Frameworks: Access Control Lists ACL: a list of pairs principal, allowed operations associated with a resource. Example: File permissions in most operating systems ACLs do not scale to large systems Redundancy: users working on the same project have many of the same permissions Administrative cost: updating the policy for a new user requires changing many ACLs Easy to make mistakes, giving too many or too few permissions Traditional Frameworks:Role-Based Access Control (RBAC) Role: an abstraction associated with a set of permissions, typically associated with a function or position in an organization. Examples: doctor, nurse, patient, receptionist RBAC policy specifies: the roles that each user may adopt the permissions associated with each role. Permission = [operation, resource] Operation may be resource-specific, not limited to read/write. RBAC A user has a permission if he is a member of some role with that permission. Benefits of RBAC Greatly reduces redundancy: there is a set of permissions for each role, not each user Easy to administer: A new user is added to a few roles. Roles reflect organizational structure and change less frequently. RBAC: Role Activation A user must activate