1 Using Certified Policies to Regulate E-Commerce Transactions Victoria Ungureanu Rutgers...
-
date post
20-Dec-2015 -
Category
Documents
-
view
216 -
download
2
Transcript of 1 Using Certified Policies to Regulate E-Commerce Transactions Victoria Ungureanu Rutgers...
![Page 1: 1 Using Certified Policies to Regulate E-Commerce Transactions Victoria Ungureanu Rutgers University.](https://reader034.fdocuments.in/reader034/viewer/2022051516/56649d4b5503460f94a28ffc/html5/thumbnails/1.jpg)
1
Using Certified Policies to Regulate E-Commerce Transactions
Victoria UngureanuRutgers University
![Page 2: 1 Using Certified Policies to Regulate E-Commerce Transactions Victoria Ungureanu Rutgers University.](https://reader034.fdocuments.in/reader034/viewer/2022051516/56649d4b5503460f94a28ffc/html5/thumbnails/2.jpg)
2
The Problem
Ensuring that actions of agents involved in e-commerce conform with a-priori established
contracts. A contract example:
An airline company, say FlyAway, agrees to sell discounted tickets to a travel company, say TravelRUS, subject to the following provisions:
The purchases are to be made between January 1 2005 and June 30 2005;
The price of each ticket is discounted by 10%; Only agents duly certified as travel agents may buy
tickets at discounted prices.
![Page 3: 1 Using Certified Policies to Regulate E-Commerce Transactions Victoria Ungureanu Rutgers University.](https://reader034.fdocuments.in/reader034/viewer/2022051516/56649d4b5503460f94a28ffc/html5/thumbnails/3.jpg)
3
The Problem (cont.)
An enterprise is bound by a potentially large number of disparate contracts: Ex: Wall-Mart, Ford, Daimler-Chrysler, GM have in
excess of 20,000 suppliers operating under different contracts;
New contracts are continuously being established, and previously established contracts end.
A contract has a limited, predefined validity period.
![Page 4: 1 Using Certified Policies to Regulate E-Commerce Transactions Victoria Ungureanu Rutgers University.](https://reader034.fdocuments.in/reader034/viewer/2022051516/56649d4b5503460f94a28ffc/html5/thumbnails/4.jpg)
4
The Problem (cont.)
Contracts may be annulled for various reasons For example: the travel agency is bankrupt.
Contracts may be revised For example: the travel agency establishes a new certifying
authority which issues certificates for sale representatives;
Contracts may be stateful: Examples of stateful contract provisions:
Only a limited number of tickets, say 100, may be purchased at the discounted price.
FlyAway accepts reservations. A PO for a reserved ticket is honored only if made within 24 hours from the reservation.
![Page 5: 1 Using Certified Policies to Regulate E-Commerce Transactions Victoria Ungureanu Rutgers University.](https://reader034.fdocuments.in/reader034/viewer/2022051516/56649d4b5503460f94a28ffc/html5/thumbnails/5.jpg)
5
The Problem (cont.)
Need to support a large set of autonomous, evolving and stateful contracts.
Current access control mechanisms deal mostly with monolithic, relatively stable, stateless policies.
![Page 6: 1 Using Certified Policies to Regulate E-Commerce Transactions Victoria Ungureanu Rutgers University.](https://reader034.fdocuments.in/reader034/viewer/2022051516/56649d4b5503460f94a28ffc/html5/thumbnails/6.jpg)
6
Traditional Approaches
Have a dedicated server for each contract: Problematic, if the number of contracts is large
Combine all contracts in a super policy: The super policy is difficult to construct if the
number of contracts is large; The super policy needs to change every time a new
contract is established, or a contract ends; The super policy needs to change when a contract is
anulled or revised.
![Page 7: 1 Using Certified Policies to Regulate E-Commerce Transactions Victoria Ungureanu Rutgers University.](https://reader034.fdocuments.in/reader034/viewer/2022051516/56649d4b5503460f94a28ffc/html5/thumbnails/7.jpg)
7
Overview
Motivation Certificates Certified policies The enforcement mechanism Conclusion
![Page 8: 1 Using Certified Policies to Regulate E-Commerce Transactions Victoria Ungureanu Rutgers University.](https://reader034.fdocuments.in/reader034/viewer/2022051516/56649d4b5503460f94a28ffc/html5/thumbnails/8.jpg)
8
A Necessary Parenthesis: Certificates
Are used to prove certain attributes regarding the owner: Ex: the owner is John Doe, and he is employed by
TravelRus, and he is a travel agent;
Are signed by a certification authority; Are presented by the owner to gain certain
rights Are valid for a limited time period; May be revoked for various reasons;
![Page 9: 1 Using Certified Policies to Regulate E-Commerce Transactions Victoria Ungureanu Rutgers University.](https://reader034.fdocuments.in/reader034/viewer/2022051516/56649d4b5503460f94a28ffc/html5/thumbnails/9.jpg)
9
Certificate-based Authorization
server
requestcertificatesgranted
denied
Policy
Alice
request
certificat
es
Eve
![Page 10: 1 Using Certified Policies to Regulate E-Commerce Transactions Victoria Ungureanu Rutgers University.](https://reader034.fdocuments.in/reader034/viewer/2022051516/56649d4b5503460f94a28ffc/html5/thumbnails/10.jpg)
10
Contract Enforcement Idea: a client presents the policy embedding
contract terms together with other credentials.
server
granted
deniedreque
st
certificatesPolicy
certificates
requestPolicy
![Page 11: 1 Using Certified Policies to Regulate E-Commerce Transactions Victoria Ungureanu Rutgers University.](https://reader034.fdocuments.in/reader034/viewer/2022051516/56649d4b5503460f94a28ffc/html5/thumbnails/11.jpg)
11
Certified Policies (CPs)
Are obtained by:
expressing contract terms in a formal, interpretable language;
certifying the contract terms, by signing them by an authority, trusted by the parties involved in the contract.
Advantages: no need for composing a super policy, nor for
establishing a dedicated server for each contract;
![Page 12: 1 Using Certified Policies to Regulate E-Commerce Transactions Victoria Ungureanu Rutgers University.](https://reader034.fdocuments.in/reader034/viewer/2022051516/56649d4b5503460f94a28ffc/html5/thumbnails/12.jpg)
12
The Elements of a Certified Policy
Id Validity period Revocation server Version number Repository Initial control state State server Rules formalizing contract terms
regarding access and control regulations
![Page 13: 1 Using Certified Policies to Regulate E-Commerce Transactions Victoria Ungureanu Rutgers University.](https://reader034.fdocuments.in/reader034/viewer/2022051516/56649d4b5503460f94a28ffc/html5/thumbnails/13.jpg)
13
Deployment of Certified Policies
Traditional certificates are maintained by repositories;
Similarly, an enterprise can: Express the contracts it is involved in as
certified policies; Store certified policies on designated
repositories, from where agents may retrieve them as needed.
![Page 14: 1 Using Certified Policies to Regulate E-Commerce Transactions Victoria Ungureanu Rutgers University.](https://reader034.fdocuments.in/reader034/viewer/2022051516/56649d4b5503460f94a28ffc/html5/thumbnails/14.jpg)
14
Contract Annulment and Revision
If a contract is annulled, the corresponding CP should be invalidated
CP invalidation may be modeled by certificate revocation;
If contract terms need to be revised this can be achieved simply by: revoking the obsolete version of the corresponding
CP, deploying the new version of the CP on a repository
![Page 15: 1 Using Certified Policies to Regulate E-Commerce Transactions Victoria Ungureanu Rutgers University.](https://reader034.fdocuments.in/reader034/viewer/2022051516/56649d4b5503460f94a28ffc/html5/thumbnails/15.jpg)
15
System Architecture
Assumes the following trusted entities: Repositories: provide persistent storage for CPs Revocation servers: maintain and disseminate
revocation information; Application servers:
Each server has an associated policy engine, called observer;
Observers verify certificates and interpret and carry out the rules of a CP;
A server is trusted to serve only requests sanctioned by its associated observer.
State servers: maintain the current value of contract states.
![Page 16: 1 Using Certified Policies to Regulate E-Commerce Transactions Victoria Ungureanu Rutgers University.](https://reader034.fdocuments.in/reader034/viewer/2022051516/56649d4b5503460f94a28ffc/html5/thumbnails/16.jpg)
16
Enforcement of Certified Policies
application serverrevocation server
observer
request, subject-certificate(s), CP
repository
state server
![Page 17: 1 Using Certified Policies to Regulate E-Commerce Transactions Victoria Ungureanu Rutgers University.](https://reader034.fdocuments.in/reader034/viewer/2022051516/56649d4b5503460f94a28ffc/html5/thumbnails/17.jpg)
17
Cluster-based Application Servers
Application servers often use cluster architectures in order to handle effectively high volume traffic.
Cluster-based servers consists of a dispatcher and several back-end servers;
dispatcher
back-endserver
back-endserver
back-endserver
![Page 18: 1 Using Certified Policies to Regulate E-Commerce Transactions Victoria Ungureanu Rutgers University.](https://reader034.fdocuments.in/reader034/viewer/2022051516/56649d4b5503460f94a28ffc/html5/thumbnails/18.jpg)
18
Effective Assignment Policies for Cluster-based Servers
The problem: short waiting periods for clients. A (first) solution: the TDA (Type Dependent
Assignment) policy
In broad outline, under TDA: A back-end server acts as state server for a
set of CPs; The dispatcher assigns:
a request governed by a stateful CP to the back-end server that maintains the state of the CP.
a request governed by a stateless CP to the least loaded back-end server.
![Page 19: 1 Using Certified Policies to Regulate E-Commerce Transactions Victoria Ungureanu Rutgers University.](https://reader034.fdocuments.in/reader034/viewer/2022051516/56649d4b5503460f94a28ffc/html5/thumbnails/19.jpg)
19
TDA’s Performance Gauged by running a
simulation study driven by empirical data:
compares TDA with Least-Connected policy;
performance metric used by the study is waiting time.
The simulation models: 4 back-end servers 100 contracts uses a trace containing
~170,000 requests arriving over 200 second
considers that 80% of requests are governed by stateful contracts
TDA outperforms Least-Connected by a factor of 4!
![Page 20: 1 Using Certified Policies to Regulate E-Commerce Transactions Victoria Ungureanu Rutgers University.](https://reader034.fdocuments.in/reader034/viewer/2022051516/56649d4b5503460f94a28ffc/html5/thumbnails/20.jpg)
20
Conclusion
Policy management operations are easy to perform: Deployment: simply store CPs on appropriate
repositories. Annulment: revoke the corresponding CP; Update: revoke the previous version and deploy the
new one
Easy to deploy: Uses an infrastructure already in place Requires no modifications to the infrastructure, and
only minimal modifications to application servers;
Efficient enforcement.
![Page 21: 1 Using Certified Policies to Regulate E-Commerce Transactions Victoria Ungureanu Rutgers University.](https://reader034.fdocuments.in/reader034/viewer/2022051516/56649d4b5503460f94a28ffc/html5/thumbnails/21.jpg)
21
The papers discussing some of these topics appeared in: IEEE Cluster, December 2003; ACM Transactions on Internet
Technologies, February 2005. These papers can be found at:
research.rutgers.edu/~ungurean/
Thanks!
![Page 22: 1 Using Certified Policies to Regulate E-Commerce Transactions Victoria Ungureanu Rutgers University.](https://reader034.fdocuments.in/reader034/viewer/2022051516/56649d4b5503460f94a28ffc/html5/thumbnails/22.jpg)
22
Certificate-based Authorization
server
requestcertificatesgranted
denied
request
certificat
es
Policy
Alice
Eve
![Page 23: 1 Using Certified Policies to Regulate E-Commerce Transactions Victoria Ungureanu Rutgers University.](https://reader034.fdocuments.in/reader034/viewer/2022051516/56649d4b5503460f94a28ffc/html5/thumbnails/23.jpg)
23
Contract Enforcement
Idea: a client presents the policy embedding contract terms together with other credentials.
server
granted
deniedreque
st
certificates
Policy
certificates
requestPolicy