TrustBuilder2 Download Page

Trust Management and Compliance Storage at UIUC

TrustBuilder2 Overview

TrustBuilder2 is a flexible framework for supporting research in the area trust negotiation, designed to allow researchers to quickly prototype and experiment with various approaches to the trust negotiation process. In TrustBuilder2, the primary components of a trust negotiation system are represented using abstract interfaces. These components include:

Strategy modules used to determine the next step to take in a negotiation based upon both the contents of an incoming message (which may contain some number of credentials, policies, and other data items) and the history of the negotiation thus far.
Policy compliance checkers used to determine whether a policy is satisfied by a given set of credentials and, if so, the ways in which this set of credentials satisfies the policy.
Query interfaces used to provide access to resources such as the local entity's credentials and policies, publicly available information repositories, or peer-to-peer query-processing networks.
Credential chain modules used to construct and validate chains of credentials used during the negotiation process.
Audit modules used to monitor the state of a negotiation, record status information, or visualize the negotiation process to enable a human user to easily interpret the process.

Any or all of these component interfaces can be implemented or extended by users of the TrustBuilder2 system, thereby making the system's functionality easily extensible. The TrustBuilder2 configuration files can then be modified to load these custom components in place of the default system components; this facilitates the use of new features without modifications to the underlying runtime system. In our implementation, we provide support for one trust negotiation strategy, a policy compliance checker based on Jess (the Java Expert System Shell), query interfaces enabling access to disk-based credential and policy repositories, a credential chain construction algorithm, two credential chain verification routines, and both graphical and text-based logging facilities. TrustBuilder2 also supports the interposition of user-defined plug-ins at communication points between system components to allow for easy monitoring of system activity or the modification of messages passed between components.

TrustBuilder2 is also agnostic with respect to the formats of credentials and policies used during the negotiation. Support for a new policy language can be added to the system by implementing a derived class of AbstractPolicyBrick, the abstract policy type supported by TrustBuilder2, and providing a compliance checker capable of determining whether a policy specified in this language is satisfied by a given collection of credentials (which are processed at an abstracted level). Similarly, support for new credential types can be added by implementing a derived class of AbstractCredentialBrick, the abstract credential type used by TrustBuilder2, and providing mechanisms for these types of credentials to be loaded by external repositories. The current version of TrustBuilder2 supports the use of an uncertified "credential" type that is useful for testing purposes; support for other credential formats can be added by writing or downloading plug-ins for TrustBuilder2.

The flexibility of TrustBuilder2 enables users not only to rapidly implement support for new features, but also provides a framework within which the trade-offs between various system configurations can be quantitatively analyzed. TrustBuilder2 allows users to keep the majority of system components constant and change only minor portions of the framework between trust negotiations; for example, a user could test the same negotiation using two different policy compliance checkers. This enables comparisons to be made between specific system components without requiring modification to the runtime system itself. The TrustBuilder2 framework provides an environment for researchers to begin considering the issues surrounding the deployment of trust negotiation protocols in production environments.

Download TrustBuilder2

TrustBuilder2 version 0.1 is now available for download as a tarball and a zip archive.

Download tb2-0.1.tar.gz
Download tb2-0.1.zip

Return to top

Documentation

User Manual
Project Javadoc [HTML] [PDF]

Return to top

People

All e-mail addresses are in the cs.uiuc.edu domain.

Principal Investigator: Professor Marianne Winslett (winslett)

Graduate Students:

Adam J. Lee (adamlee)

Collaborators:

Kenneth J. Perano, Ph.D., Sandia National Laboratories

Return to top

Software License

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
Neither the name of the Sandia Corporation nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

Return to top