1 using certified policies to regulate e-commerce transactions victoria ungureanu rutgers university
Post on 20-Dec-2015
216 views
TRANSCRIPT
1
Using Certified Policies to Regulate E-Commerce Transactions
Victoria UngureanuRutgers University
2
The Problem
Ensuring that actions of agents involved in e-commerce conform with a-priori established
contracts. A contract example:
An airline company, say FlyAway, agrees to sell discounted tickets to a travel company, say TravelRUS, subject to the following provisions:
The purchases are to be made between January 1 2005 and June 30 2005;
The price of each ticket is discounted by 10%; Only agents duly certified as travel agents may buy
tickets at discounted prices.
3
The Problem (cont.)
An enterprise is bound by a potentially large number of disparate contracts: Ex: Wall-Mart, Ford, Daimler-Chrysler, GM have in
excess of 20,000 suppliers operating under different contracts;
New contracts are continuously being established, and previously established contracts end.
A contract has a limited, predefined validity period.
4
The Problem (cont.)
Contracts may be annulled for various reasons For example: the travel agency is bankrupt.
Contracts may be revised For example: the travel agency establishes a new certifying
authority which issues certificates for sale representatives;
Contracts may be stateful: Examples of stateful contract provisions:
Only a limited number of tickets, say 100, may be purchased at the discounted price.
FlyAway accepts reservations. A PO for a reserved ticket is honored only if made within 24 hours from the reservation.
5
The Problem (cont.)
Need to support a large set of autonomous, evolving and stateful contracts.
Current access control mechanisms deal mostly with monolithic, relatively stable, stateless policies.
6
Traditional Approaches
Have a dedicated server for each contract: Problematic, if the number of contracts is large
Combine all contracts in a super policy: The super policy is difficult to construct if the
number of contracts is large; The super policy needs to change every time a new
contract is established, or a contract ends; The super policy needs to change when a contract is
anulled or revised.
7
Overview
Motivation Certificates Certified policies The enforcement mechanism Conclusion
8
A Necessary Parenthesis: Certificates
Are used to prove certain attributes regarding the owner: Ex: the owner is John Doe, and he is employed by
TravelRus, and he is a travel agent;
Are signed by a certification authority; Are presented by the owner to gain certain
rights Are valid for a limited time period; May be revoked for various reasons;
9
Certificate-based Authorization
server
requestcertificatesgranted
denied
Policy
Alice
request
certificat
es
Eve
10
Contract Enforcement Idea: a client presents the policy embedding
contract terms together with other credentials.
server
granted
deniedreque
st
certificatesPolicy
certificates
requestPolicy
11
Certified Policies (CPs)
Are obtained by:
expressing contract terms in a formal, interpretable language;
certifying the contract terms, by signing them by an authority, trusted by the parties involved in the contract.
Advantages: no need for composing a super policy, nor for
establishing a dedicated server for each contract;
12
The Elements of a Certified Policy
Id Validity period Revocation server Version number Repository Initial control state State server Rules formalizing contract terms
regarding access and control regulations
13
Deployment of Certified Policies
Traditional certificates are maintained by repositories;
Similarly, an enterprise can: Express the contracts it is involved in as
certified policies; Store certified policies on designated
repositories, from where agents may retrieve them as needed.
14
Contract Annulment and Revision
If a contract is annulled, the corresponding CP should be invalidated
CP invalidation may be modeled by certificate revocation;
If contract terms need to be revised this can be achieved simply by: revoking the obsolete version of the corresponding
CP, deploying the new version of the CP on a repository
15
System Architecture
Assumes the following trusted entities: Repositories: provide persistent storage for CPs Revocation servers: maintain and disseminate
revocation information; Application servers:
Each server has an associated policy engine, called observer;
Observers verify certificates and interpret and carry out the rules of a CP;
A server is trusted to serve only requests sanctioned by its associated observer.
State servers: maintain the current value of contract states.
16
Enforcement of Certified Policies
application serverrevocation server
observer
request, subject-certificate(s), CP
repository
state server
17
Cluster-based Application Servers
Application servers often use cluster architectures in order to handle effectively high volume traffic.
Cluster-based servers consists of a dispatcher and several back-end servers;
dispatcher
back-endserver
back-endserver
back-endserver
18
Effective Assignment Policies for Cluster-based Servers
The problem: short waiting periods for clients. A (first) solution: the TDA (Type Dependent
Assignment) policy
In broad outline, under TDA: A back-end server acts as state server for a
set of CPs; The dispatcher assigns:
a request governed by a stateful CP to the back-end server that maintains the state of the CP.
a request governed by a stateless CP to the least loaded back-end server.
19
TDA’s Performance Gauged by running a
simulation study driven by empirical data:
compares TDA with Least-Connected policy;
performance metric used by the study is waiting time.
The simulation models: 4 back-end servers 100 contracts uses a trace containing
~170,000 requests arriving over 200 second
considers that 80% of requests are governed by stateful contracts
TDA outperforms Least-Connected by a factor of 4!
20
Conclusion
Policy management operations are easy to perform: Deployment: simply store CPs on appropriate
repositories. Annulment: revoke the corresponding CP; Update: revoke the previous version and deploy the
new one
Easy to deploy: Uses an infrastructure already in place Requires no modifications to the infrastructure, and
only minimal modifications to application servers;
Efficient enforcement.
21
The papers discussing some of these topics appeared in: IEEE Cluster, December 2003; ACM Transactions on Internet
Technologies, February 2005. These papers can be found at:
research.rutgers.edu/~ungurean/
Thanks!
22
Certificate-based Authorization
server
requestcertificatesgranted
denied
request
certificat
es
Policy
Alice
Eve
23
Contract Enforcement
Idea: a client presents the policy embedding contract terms together with other credentials.
server
granted
deniedreque
st
certificates
Policy
certificates
requestPolicy