Scalable Trust of Next Generation Management (STRONGMAN)

Goals | Activities | People | Papers | Links


Goals

Mechanisms such as IPsec allow cryptographically secured communication among nodes and network elements on the IP Internet. Furthermore, the role of firewalls as access control and policy enforcement points in such an infrastructure becomes even more profound. Building a secure next generation information infrastructure demands automated management of keys and policy, for reasons of both risk management (in the small) and automatic configuration of boundary controllers (as the information infrastructure is scaled to an environment with many millions of nodes).

By automated management, we mean the translation of a high-level security policy into actions which support that policy at every relevant level of the information infrastructure. Thus, security policy must be reflected in decisions about trust of sources of information, for example in the acceptance of a remote invocation. Our belief is that the investigation of scalable automated trust management will lead to a huge leap forward in the ability of an organization to deploy an auditable error-free realization of network infrastructure meeting security policy goals.

The basis of our approach is the KeyNote trust management system being investigated at the University of Pennsylvania and AT&T Labs -- Research. KeyNote is a compact simplified representation of trust relationships based on the ideas of the AT&T PolicyMaker system; trust relationships are specified in terms of a symbolic language which when executed results in exchanges of cryptographic credentials which map the trust relationships into allowed and disallowed actions. In the proposed effort, KeyNote will be integrated with IPsec and a firewall package to allow automatic configuration of groups of IP routers under control of a specified security policy. The novelty of this approach is that a high-level security policy can be expressed in a ``meta-KeyNote'' which generates KeyNote expressions (perhaps millions on a large information infrastructure) which are in turn mapped to specific secure exchanges to control actions at, among other locations, boundary controllers.

Activities

People

Papers

Useful Links