CERIAS - Center for Education and Research in Information Assurance and Security

Skip Navigation
Purdue University - Discovery Park
Center for Education and Research in Information Assurance and Security

Trust Management

Joan Feigenbaum - AT&T Laboratories

Feb 09, 1997


The use of public-key cryptography on a mass-market scale requires sophisticated mechanisms for managing trust. For example, any network service that receives a signed request for action is forced to answer the central question ``Is the key used to sign this request authorized to take this action?'' In certain services, this question reduces to ``Does this key belong to this person?'' In others, the authorization question is considerably more complicated, and resolving it requires techniques for formulating security policies and security credentials, determining whether particular sets of credentials satisfy the relevant policies, and deferring trust to third parties.

In this talk, I will flesh out the ``trust management problem'' and show how its relevance extends beyond cryptography into all network services that require deferral of trust. I will present in detail a particular trust management tool, called ``PolicyMaker'' (developed with AT&T colleagues Matt Blaze and Jack Lacy), and the general approach to the problem that is embodied in this tool. Finally, I will pose some general trust management research problems, both theoretical and experimental, now under investigation AT&T and elsewhere.

About the Speaker

Joan Feigenbaum received a BA in Mathematics from Harvard and a PhD in Computer Science from Stanford. She is currently a Principal Member of Research Staff at AT&T Labs in Murray Hill, NJ. Her interests are in security and cryptology, computational complexity theory, and algorithmic techniques for massive data sets. Within the security area, she is now working on systems to manage trust relationships in large, heterogeneous electronic marketplaces. She is on the editorial board of the SIAM Journal on Computing and recently became the Editor-in-Chief of the Journal of Cryptology.

Unless otherwise noted, the security seminar is held on Wednesdays at 4:30P.M. STEW G52, West Lafayette Campus. More information...


The views, opinions and assumptions expressed in these videos are those of the presenter and do not necessarily reflect the official policy or position of CERIAS or Purdue University. All content included in these videos, are the property of Purdue University, the presenter and/or the presenter’s organization, and protected by U.S. and international copyright laws. The collection, arrangement and assembly of all content in these videos and on the hosting website exclusive property of Purdue University. You may not copy, reproduce, distribute, publish, display, perform, modify, create derivative works, transmit, or in any other way exploit any part of copyrighted material without permission from CERIAS, Purdue University.