Browsing by Subject "distributed trust"
Now showing 1 - 4 of 4
Results Per Page
ItemA Delegation Based Model for Distributed Trust(2001-08-01) Kagal, Lalana; Finin, Timothy; Peng, YunIn this paper we outline an infrastructure that facilitates security and trust management in a multi-agent system. Our model eases the problem of authorization in a network of heterogeneous agents and also contains mechanisms for delegation of authorization information. The framework allows agents to exchange trust information using a series of Interaction Protocols based on FIPA (Foundation for Intelligent Physical Agents) Interaction Protocols (FIPA 1998). It decentralizes security decisions, enabling more than one agent to be responsible for the validation of requests or for the delegation of permissions. It is very flexible and encourages mobility because the process of requesting services and granting access is divided into two independent steps. This allows an agent to disconnect after the first step and reconnect elsewhere to continue the process of securing the service. The model also uses a policy based approach, to specify rules for authorization and delegation, and a distributed knowledge base, that contains information about the interacting agents. We describe an implemented system that incorporates our framework using X.509 certificates and a Prolog knowledge base. ItemA Framework for Distributed Trust Management(2001) Kagal, Lalana; Cost, Scott; Finin, Timothy; Peng, YunThis paper discusses our infrastructure for handling distributed security and trust. It outlines a method for access control across domains that handles complex inter domain trust relationships. We have developed a flexible representation of trust information in Prolog, that can model permissions and delegations. We are currently working on modeling obligations, entitlements, and prohibitions as well. This paper describes a scheme for restricting re-delegation without using a specific delegation depth. Using examples, this paper explains the internal working of our system and the trust information that flows within it. ItemA Secure Infrastructure for Service Discovery and Access in Pervasive Computing(2001-08-12) Cedilnik, Andrej; Kagal, Lalana; Perich, Filip; Undercoffer, Jeffrey; Joshi, AnupamSecurity is paramount to the success of pervasive computing environments. The system presented in this paper provides a communications and security infrastructure that goes far in advancing the goal of anywhere - anytime computing. Our work securely enables clients to access and utilize services in heterogeneous networks. We provide a service registration and discovery mechanism implemented through a hierarchy of service management. The system is built upon a simplified Public Key Infrastructure that provides for authentication, non-repudiation, anti-playback, and access control. Smartcards are used as secure containers for digital certi cates. The system is implemented in Java and we use Extensible Markup Language as the sole medium for communications and data exchange. Currently, we are solely dependent on a base set of access rights for our distributed trust model however, we are expanding the model to include the delegation of rights based upon a predefined policy. In our proposed expansion, instead of exclusively relying on predefined access rights, we have developed a flexible representation of trust information, in Prolog, that can model permissions, obligations, entitlements, and prohibitions. In this paper, we present the implementation of our system and describe the modifications to the design that are required to further enhance distributed trust. Our implementation is applicable to any distributed service infrastructure, whether the infrastructure is wired, mobile, or ad-hoc. ItemVigil: Providing Trust for Enhanced Security in Pervasive Systems(2002-08-12) Kagal, Lalana; Undercoffer, Jeffrey; Perich, Filip; Joshi, Anupam; Finin, Tim; Yesha, YelenaComputing today is moving away from the desktop, becoming diffused into our surroundings and onto our personal digital devices. Moreover, ad-hoc networks such as Bluetooth provide for spontaneous connectivity between computationally enabled devices within proximity to each other. In such pervasive computing environments, users expect to access resources and services at any time from anywhere. This expectation results in serious security issues, since devices are constantly interacting with others outside of their "home" environments. We describe the security challenges in pervasive computing, explaining why traditional security mechanisms fail to meet the demands of these environments. We use an agent-oriented paradigm to model the interactions between computationally enabled entities in such dynamic environments, and present an infrastructure that combines existing authentication features like Simple Public Key Infrastructure (SPKI) with notions of policy driven interaction and distributed trust, in order to provide a highly flexible approach for enforcing security policies in pervasive computing environments. We present an implementation of the system on a variety of handheld/laptop devices using Bluetooth/802.11, and include an ontology to describe principals, credentials and policies.