Feb 09, 1997
The use of public-key cryptography on a mass-market scale requires sophisticated mechanisms for managing trust. For example, any network service that receives a signed request for action is forced to answer the central question ``Is the key used to sign this request authorized to take this action?'' In certain services, this question reduces to ``Does this key belong to this person?'' In others, the authorization question is considerably more complicated, and resolving it requires techniques for formulating security policies and security credentials, determining whether particular sets of credentials satisfy the relevant policies, and deferring trust to third parties.
In this talk, I will flesh out the ``trust management problem'' and show how its relevance extends beyond cryptography into all network services that require deferral of trust. I will present in detail a particular trust management tool, called ``PolicyMaker'' (developed with AT&T colleagues Matt Blaze and Jack Lacy), and the general approach to the problem that is embodied in this tool. Finally, I will pose some general trust management research problems, both theoretical and experimental, now under investigation AT&T and elsewhere.
About the Speaker
Joan Feigenbaum received a BA in Mathematics from Harvard and a PhD in Computer Science from Stanford. She is currently a Principal Member of Research Staff at AT&T Labs in Murray Hill, NJ. Her interests are in security and cryptology, computational complexity theory, and algorithmic techniques for massive data sets. Within the security area, she is now working on systems to manage trust relationships in large, heterogeneous electronic marketplaces. She is on the editorial board of the SIAM Journal on Computing and recently became the Editor-in-Chief of the Journal of Cryptology.
Unless otherwise noted, the security seminar is held on Wednesdays at 4:30P.M.
STEW G52 (Suite 050B), West Lafayette Campus. More information...