Computer Laboratory

Technical reports

Trust management for widely distributed systems

Walt Yao

November 2004, 191 pages

This technical report is based on a dissertation submitted February 2003 by the author for the degree of Doctor of Philosophy to the University of Cambridge, Jesus College.


In recent years, we have witnessed the evolutionary development of a new breed of distributed systems. Systems of this type share a number of characteristics – highly decentralized, of Internet-grade scalability, and autonomous within their administrative domains. Most importantly, they are expected to operate collaboratively across both known and unknown domains. Prime examples include peer-to-peer applications and open web services. Typically, authorization in distributed systems is identity-based, e.g. access control lists. However, approaches based on predefined identities are unsuitable for the new breed of distributed systems because of the need to deal with unknown users, i.e. strangers, and the need to manage a potentially large number of users and/or resources. Furthermore, effective administration and management of authorization in such systems requires: (1) natural mapping of organizational policies into security policies; (2) managing collaboration of independently administered domains/organizations; (3) decentralization of security policies and policy enforcement.

This thesis describes Fidelis, a trust management framework designed to address the authorization needs for the next-generation distributed systems. A trust management system is a term coined to refer to a unified framework for the specification of security policies, the representation of credentials, and the evaluation and enforcement of policy compliances. Based on the concept of trust conveyance and a generic abstraction for trusted information as trust statements, Fidelis provides a generic platform for building secure, trust-aware distributed applications. At the heart of the Fidelis framework is a language for the specification of security policies, the Fidelis Policy Language (FPL), and the inference model for evaluating policies expressed in FPL. With the policy language and its inference model, Fidelis is able to model recommendation-style policies and policies with arbitrarily complex chains of trust propagation.

Web services have rapidly been gaining significance both in industry and research as a ubiquitous, next-generation middleware platform. The second half of the thesis describes the design and implementation of the Fidelis framework for the standard web service platform. The goal of this work is twofold: first, to demonstrate the practical feasibility of Fidelis, and second, to investigate the use of a policy-driven trust management framework for Internet-scale open systems. An important requirement in such systems is trust negotiation that allows unfamiliar principals to establish mutual trust and interact with confidence. Addressing this requirement, a trust negotiation framework built on top of Fidelis is developed.

This thesis examines the application of Fidelis in three distinctive domains: implementing generic role-based access control, trust management in the World Wide Web, and an electronic marketplace comprising unfamiliar and untrusted but collaborative organizations.

Full text

PDF (1.5 MB)

BibTeX record

  author =	 {Yao, Walt},
  title = 	 {{Trust management for widely distributed systems}},
  year = 	 2004,
  month = 	 nov,
  url = 	 {},
  institution =  {University of Cambridge, Computer Laboratory},
  number = 	 {UCAM-CL-TR-608}