Avoiding Delegation Subterfuge Using Linked Local Permission Names
نویسندگان
چکیده
Trust Management systems are typically explicit in their assumption that principals are uniquely identifiable. However, the literature has not been as prescriptive concerning the uniqueness of the permissions delegated by principals. Delegation subterfuge may arise when there is ambiguity concerning the uniqueness and interpretation of a permission. As a consequence, delegation chains that are used by principals to prove authorization may not actually reflect the original intention of all of the participants in the chain. This paper describes an extension to SPKI/SDSI that uses the notion of linked local permissions to eliminate ambiguity concerning the interpretation of a permission and thereby avoid subterfuge attacks.
منابع مشابه
A Logic for Analysing Subterfuge in Delegation Chains
Trust Management is an approach to construct and interpret the trust relationships among public-keys that are used to mediate security-critical actions. Cryptographic credentials are used to specify delegation of authorisation among public keys. Existing trust management schemes are operational in nature, defining security in terms of specific controls such as delegation chains, threshold schem...
متن کاملAuthorisation Subterfuge by Delegation in Decentralised Networks
Trust Management [1, 4, 10] is an approach to constructing and interpreting the trust relationships among public-keys that are used to mediate security-critical actions. Cryptographic credentials are used to specify delegation of authorisation among public keys. Existing trust management schemes are operational in nature, defining security in terms of specific controls such as delegation chains...
متن کاملPermission Re-Delegation: Attacks and Defenses
Modern browsers and smartphone operating systems treat applications as mutually untrusting, potentially malicious principals. Applications are (1) isolated except for explicit IPC or inter-application communication channels and (2) unprivileged by default, requiring user permission for additional privileges. Although inter-application communication supports useful collaboration, it also introdu...
متن کاملManaging Revocation in Role Based Access Control Models Using Delegation Licences
The paper presents revocation schemes in role-based access control models. We are particularly interested in two key issues: how to perform the revocation and how to manage the revocation policy. We show how to deal with these two aspects in our delegation model based on the OrBAC formalism and its administration licence concept. This model provides means to manage several types of of delegatio...
متن کاملOn the Evolution of Adversary Models in Security Protocols (or Know Your Friend and Foe Alike)
Discussion p. 60 PIN (and Chip) or Signature: Beating the Cheating? p. 69 Discussion p. 76 Insecure Real-World Authentication Protocols (or Why Phishing Is So Profitable) p. 82 Discussion p. 89 Authorisation Subterfuge by Delegation in Decentralised Networks p. 97 Discussion p. 103 Multi-channel Protocols p. 112 Discussion p. 128 Combining Crypto with Biometrics: A New Human-Security Interface ...
متن کامل