Secure access control in distributed environment
نویسنده
چکیده
This paper presents the designed concept to improve the public key infrastructure deployability in the mobile adhoc networks routed by B.A.T.M.A.N. Advanced. We have extended the B.A.T.M.A.N. Advanced routing protocol with authentication and authorization of routing updates based on X.509 certificates. Furthermore we have determined several levels of node’s trustworthiness and two levels of interoperability between trusted authorities in the network. To mitigate extra load caused by renewing of certificates, we have identified critical factors affecting it and designed the computation formula for optimal amount of cross certificates issued by trusted authority. To further improve the service reachablity in highly mobile networks in earlier stages of PKI deplaoyment, we have designed the Cluster Glue. The Cluster Glue helps to connect groups of nodes from different parts of network which owns the certificates issued by the same authority. Thanks to these modifications we are able to mitigate various security risks and provide the more secure route for messages transmitting through the network. Preliminary results were verified by simulations.
منابع مشابه
Access Control in a Workstation-Based Distributed Computing Environment
This paper describes the mechanisms employed to control access to system services on the IFS project. We base our distributed computing environment on systems that we trust, and run those systems in physically secure rooms. From that base, we add services, modifying them to interoperate with existing access control mechanisms. Some weaknesses remain in our environment; we conclude with a descri...
متن کاملAccess control in ultra-large-scale systems using a data-centric middleware
The primary characteristic of an Ultra-Large-Scale (ULS) system is ultra-large size on any related dimension. A ULS system is generally considered as a system-of-systems with heterogeneous nodes and autonomous domains. As the size of a system-of-systems grows, and interoperability demand between sub-systems is increased, achieving more scalable and dynamic access control system becomes an im...
متن کاملAuthorization models for secure information sharing: a survey and research agenda
This article presents a survey of authorization models and considers their 'fitness-for-purpose' in facilitating information sharing. Network-supported information sharing is an important technical capability that underpins collaboration in support of dynamic and unpredictable activities such as emergency response, national security, infrastructure protection, supply chain integration and emerg...
متن کاملSecurity Enforcement in the DOK Federated Database System
The Distributed Object Kernel (DOK) is a federated database system currently under development at the Royal Melbourne Institute of Technology. One of the issues currently under study is the development of a federated access control, as well a secure logical architecture allowing the DOK system to enforce federated security policies in the context of autonomous, distributed and heterogeneous dat...
متن کاملA Secure Mobile Agents Platform
Mobile Agents is a new paradigm for distributed computing where security is very essential to the acceptance of this paradigm in a large scale distributed environment. In this paper, we propose protection mechanisms for mobile agents. In these mechanisms, the authentication of mobile agents and the access control to the system resources are controlled by the mobile-agents platform. Each agent d...
متن کاملThe Ariel Distributed Programming Project: Secure Execution of Mobile Programs
1 1. Overview 2 2. Results 3 2.1 Enforcement of access control policy 3 2.2 Safety 4 2.3 Resource allocation 4 2.4 Active Composition 5 2.4.1 Dynamic Java Virtual Machine 6 2.4.2 Dynamic Access Control 7 2.5 Distributed Programming Environment 7 3. Software systems produced 8 4. Technology Transfer 8 5. Publications 8
متن کامل