Trust infrastructure for policy based messaging in open environments

摘要

Policy-based messaging (PBM) aims at carrying security policies with messages, which will be enforced at recipient systems to provide security features. PBM promotes a distributed mechanism for secure messaging. The openness of computing environments challenges the PBM model due to the varying trust relations between the different systems and their different behaviour. This paper present a design of a trust infrastructure which is developed based on a public key infrastructure. The trust infrastructure publishes policy enforcement information about the messaging systems, and engenders trust through consistent and mandatory policy enforcement by the systems. It incorporates policy-based management mechanisms to provide flexible and customised messaging services. Secure messaging is achieved by defining security related policies and confining messaging systems' behaviour to defined security constraints. The process of PBM is also described, including publishing certificates, sending messages, accessing messages, and enforcing policies.