A Revocation, Validation and Authentication Protocol for SPKI Based Delegation Systems
نویسندگان
چکیده
In distributed systems, the access control mechanism is often modeled after stand-alone solutions, such as ACLs. Such arrangement, however, is not ideal as the system may be mirrored around the world and maintaining the ACLs becomes a problem. A new approach to this problem is using authorisation certificates to control access to resources. This diminishes management overhead, but introduces problems with revocation. A related problem is enforcing quotas in distributed systems. Traditionally, authorisation certificates just limit the usage interval, but not the volume. In this paper, we discuss these problems in SPKI based delegation systems and propose some refinements to the SPKI specification. In particular, we address the problem of limiting the usage of resources to which a certificate grants access. Finally, we develop a protocol for solving these problems using online revocation and validation.
منابع مشابه
A Security Scheme for Mobile Agent Platforms in Large-Scale Systems
Mobile agents have recently started being deployed in largescale distributed systems. However, this new technology brings some security concerns of its own. In this work, we propose a security scheme for protecting mobile agent platforms in large-scale systems. This scheme comprises a mutual authentication protocol for the platforms involved, a mobile agent authenticator, and a method for gener...
متن کاملSecurity Mechanisms for Mobile Agent Platforms Based on SPKI/SDSI Chains of Trust
This work defines a security scheme, based on SPKI/SDSI chains of trust, for protecting mobile agent platforms in large-scale distributed systems. The scheme is composed by a protocol of mutual authentication, a mobile agent authenticator and a mechanism for the generation of protection domain. Due to the flexibility of the SPKI/SDSI certificate delegation infrastructures used, the proposed sch...
متن کاملReducing the Dependence of Trust-Management Systems on PKI
Trust-management systems address the authorization problem in distributed systems by defining a formal language for expressing authorization and access-control policies, and relying on an algorithm to determine when a specific request can be granted. For authorization in distributed systems, trustmanagement systems offer several advantages over other approaches, such as support for delegation a...
متن کاملReducing the Dependence of SPKI/SDSI on PKI
Trust-management systems address the authorization problem in distributed systems. They offer several advantages over other approaches, such as support for delegation and making authorization decisions in a decentralized manner. Nonetheless, trust-management systems such as KeyNote and SPKI/SDSI have seen limited deployment in the real world. One reason for this is that both systems require a p...
متن کاملDoS-Resistant Attribute-Based Encryption in Mobile Cloud Computing with Revocation
Security and privacy are very important challenges for outsourced private data over cloud storages. By taking Attribute-Based Encryption (ABE) for Access Control (AC) purpose we use fine-grained AC over cloud storage. In this paper, we extend previous Ciphertext Policy ABE (CP-ABE) schemes especially for mobile and resource-constrained devices in a cloud computing environment in two aspects, a ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2000