Attack Resistant Trust Metrics

This dissertation characterizes the space of trust metrics, under both the scalar assumption where each assertion is evaluated independently, and the group assumption where a group of assertions are evaluated in tandem. We present a quantitative framework for evaluating the attack resistance of trust metrics, and give examples of trust metrics that are within a small factor of optimum compared to theoretical upper bounds. We discuss experiences with a realworld deployment of a group trust metric, the Advogato website. Finally, we explore possible applications of attack resistant trust metrics, including using it as to build a distributed name server, verifying metadata in peer-to-peer networks such as music sharing systems, and a proposal for highly spam resistant e-mail delivery

Attack-Resistant Trust Metrics for Public Key Certification

This paper investigates the role of trust metrics in attack-resistant public key certification. We present an analytical framework for understanding the effectiveness of trust metrics in resisting attacks, including a characterization of the space of possible attacks. Within this framework, we establish the theoretical best case for a trust metric. Finally, we present a practical trust metric based on network flow that meets this theoretical bound

Transparent Internet E-mail Security

This paper describes the design and prototype implementation of a comprehensive system for securing Internet e-mail transparently, so that the only user intervention required is the initial setup and specification of a trust policy. Our system uses the PolicyMaker trust management engine for evaluating the trustworthiness of keys, in particular whether the given binding between key and name is valid. In this approach, user policies and credentials are written as predicates in a safe programming language. These predicates can examine the graph of trust relationships among all the credentials presented. Thus, credentials can express higher-order policies that depend upon global properties of the trust graph or that impose specific conditions under which keys are considered trusted. "Standard" certificates, such as pgp and X.509, are automatically translated into simple PolicyMaker credentials that indicate that the certifier trusts a binding between a key and a name and address..

Better Static Memory Management: Improving Region-Based Analysis of Higher-Order Languages

Static memory management replaces runtime garbage collection with compile-time annotations that make all memory allocation and deallocation explicit in a program. We improve upon the Tofte/Talpin region-based scheme for compile-time memory management [TT94]. In the Tofte/Talpin approach, all values, including closures, are stored in regions. Region lifetimes coincide with lexical scope, thus forming a runtime stack of regions and eliminating the need for garbage collection. We relax the requirement that region lifetimes be lexical. Rather, regions are allocated late and deallocated as early as possible by explicit memory operations. The placement of allocation and deallocation annotations is determined by solving a system of constraints that expresses all possible annotations. Experiments show that our approach reduces memory requirements significantly, in some cases asymptotically. 1 Introduction In a recent paper, Tofte and Talpin propose a novel method for memory management in type..

Better Static Memory Management: Improving Region-Based Analysis of Higher-Order Languages (Extended Abstract)

) Alexander Aiken Manuel F ahndrich Raph Levien y Computer Science Division University of California, Berkeley z Abstract Static memory management replaces runtime garbage collection with compile-time annotations that make all memory allocation and deallocation explicit in a program. We improve upon the Tofte/Talpin region-based scheme for compile-time memory management [TT94]. In the Tofte/Talpin approach, all values, including closures, are stored in regions. Region lifetimes coincide with lexical scope, thus forming a runtime stack of regions and eliminating the need for garbage collection. We relax the requirement that region lifetimes be lexical. Rather, regions are allocated late and deallocated as early as possible by explicit memory operations. The placement of allocation and deallocation annotations is determined by solving a system of constraints that expresses all possible annotations. Experiments show that our approach reduces memory requirements significantly, in som..