Trust Extension Device: Providing Mobility and Portability of Trust in Cooperative Information Systems
One method for establishing a trust relationship between a server and its clients in a co-operative information system is to use a digital certificate. The use of digital certificates bound to a particular machine works well under the assumption that the
- PDF / 748,314 Bytes
- 19 Pages / 430 x 660 pts Page_size
- 108 Downloads / 160 Views
Abstract. One method for establishing a trust relationship between a server and its clients in a co-operative information system is to use a digital certificate. The use of digital certificates bound to a particular machine works well under the assumption that the underlying computing and networking infrastructure is managed by a single enterprise. Furthermore, managed infrastructures are assumed to have a controlled operational environment, including execution of a standard set of applications and operating system. These assumptions are also valid for recent proposals on establishing trust using hardware-supported systems based on a Trusted Computing Module (TPM) cryptographic microcontroller. However, these assumptions do not hold in today’s cooperative information systems. Clients are mobile and work using network connections that go beyond the administrative boundaries of the enterprise. In this paper, we propose a novel technology, called Trust Extension Device (TED), which enables mobility and portability of trust in cooperative information systems that works in a heterogeneous environment. The paper provides an overview of the technology by describing its design, a conceptual implementation and its use in an application scenario.
1 Introduction Traditional cooperative information systems enable interactions between clients and servers within a controlled computing and networking infrastructure belonging to a single enterprise. However, it is now possible to develop such systems that go beyond a single enterprise’s administrative domain due to the availability of new architectural approaches and software technologies (Web Services and Service Oriented Architecture), networking (Internet) and mobile computing devices (e.g. laptops, PDAs). As a result, we have seen a growing number of cooperative information systems developed to run in heterogeneous, open and hostile environments. Though such systems provide greater flexibility, they present a new set of challenges on three critical issues of information systems: trust, security and privacy. Though these issues are equally important, and related to each other, our focus in this paper is primarily on trust-enhanced security. In emerging internet-scale cooperative information systems, agents (or clients) on behalf of their enterprises may connect to the enterprise system to access information using a range of devices from personal digital assistant (PDA) to desktop computers R. Meersman and Z. Tari et al. (Eds.): OTM 2007, Part I, LNCS 4803, pp. 253–271, 2007. © Springer-Verlag Berlin Heidelberg 2007
254
S. Nepal et al.
operating under a variety of platform configurations via the Internet. It is important to ensure that the agents are genuine before the enterprise releases information held at its controlled, managed environments. Without having a proper method in place for establishing trust, some attackers may spoof “real” agents and perform certain actions, that fool enterprise systems into believing that genuine agents/clients have performed these actions
Data Loading...
