STRONGMAN: A scalable solution to trust management in networks

Angelos Dennis Keromytis, University of Pennsylvania


The design principle of restricting local autonomy only where necessary for global robustness has led to a scalable Internet. Unfortunately, this scalability and capacity for distributed control has not been achieved in the mechanisms for specifying and enforcing access-control policies. With the increasing size and complexity of networks, management of security is becoming a more serious problem. In particular, as the complexity of a network increases (measured in terms of number of users, protocols, applications, network elements, topological constraints, and functionality expectations), both the management and the enforcement mechanisms fail to provide the necessary flexibility, manageability, and performance. This dissertation addresses the problem of scalable, high-performance distributed access control in very large, multi-application networks. The proposed architecture, named STRONGMAN, demonstrates three new approaches to providing efficient local policy enforcement complying with global security policies. First is the use of local compliance checkers at the enforcement points to provide great local autonomy within the constraints of a global security policy. Second is the ability to compose policy rules into a coherent and enforceable set. These policies may potentially span network layer and application boundaries. Third is the “lazy binding” of policies to reduce resource consumption; this on-demand binding scales because there is significant spatial and temporal locality of reference that can be exploited in access control decisions. To demonstrate the value and feasibility of STRONGMAN, I designed and implemented an access control management system based on the KeyNote trust-management system. The experiments contacted using the resulting system show that the underlying network's performance (in terms of throughput and latency) is largely unaffected, and in some cases improved, by utilizing the concepts of distributed access control and “lazy binding”. As a result, STRONGMAN is the first fully automated access control management system that can scale, both in terms of management and in terms of performance, to arbitrarily large networks. The two-layer approach to management allows for a detachment of the high levels of the system, which mainly impact its manageability, from the lower levels, which affect performance and scalability.

Subject Area

Computer science

Recommended Citation

Keromytis, Angelos Dennis, "STRONGMAN: A scalable solution to trust management in networks" (2001). Dissertations available from ProQuest. AAI3031681.