Policy-directed certificate retrieval

Gunter, Carl A.; Jim, Trevor

doi:10.1002/1097-024x(200012)30:15<1609::aid-spe334>3.0.co;2-5

Cited by 32 publications

(8 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Trust management [Blaze et al 1996[Blaze et al , 1999a[Blaze et al , 1999bRivest and Lampson 1996;Ellison et al 1999;Clarke et al 2001;Gunter and Jim 2000;Jim 2001;Li et al , 2002Li andMitchell 2003a, 2003b;Weeks 2001] is an approach to access control in decentralized distributed systems with access control decisions based on policy statements made by multiple principals. In trust management systems, statements that are maintained in a distributed manner are often digitally signed to ensure their authenticity and integrity; such statements are called credentials or certificates.…”

Section: Introductionmentioning

confidence: 99%

Beyond proof-of-compliance: security analysis in trust management

Mitchell

Winsborough

2005

J. ACM

138

146

View full text Add to dashboard Cite

Trust management is a form of distributed access control that allows one principal to delegate some access decisions to other principals. While the use of delegation greatly enhances flexibility and scalability, it may also reduce the control that a principal has over the resources it owns. Security analysis asks whether safety, availability, and other properties can be maintained while delegating to partially trusted principals. We show that in contrast to the undecidability of classical Harrison-RuzzoUllman safety properties, our primary security properties are decidable. In particular, most security properties we study are decidable in polynomial time. The computational complexity of containment analysis, the most complicated security property we study, varies according to the expressive power of the trust management language.A preliminary version of this article appeared in

show abstract

Section: Introductionmentioning

confidence: 99%

Beyond proof-of-compliance: security analysis in trust management

Mitchell

Winsborough

2005

J. ACM

138

146

View full text Add to dashboard Cite

show abstract

“…Also, QCM [17], SD3 [18], and Cassandra [19] provide ways to refer locations where credentials can be found. In the case of RT, issuers or subjects of credentials are assumed to store credentials according to the storage type of credentials.…”

Section: Related Workmentioning

confidence: 99%

Discovering credentials in the content centric network

Song

Son

et al. 2011

The International Conference on Information Networking 2011 (ICOIN2011)

View full text Add to dashboard Cite

Many trust management systems implicitly assume that the required credentials can be obtained without difficulty. In consequence, it is necessary to have a convenient way to discover desired credentials in the network for successful deployment of trust management systems. Obviously, in distributed environments, this assumption may not be easy to achieve due to failure of different components. In this paper, based on a content centric network architecture, we show that a simple naming convention can help to provide scalability, reliability and availability in retrieving desired credentials. Especially, our scheme utilizes the routing protocol provided by the content centric network, without constructing an overlay network as in Peer-to-Peer systems.

show abstract

“…Rather than merely answering "no" outright in case an authorization goal cannot be reached, the system might identify credentials that are missing and attempt to collect them. This functionality is sometimes called distributed certificate chain discovery or policy directed certificate retrieval [Gunter and Jim 2000b]. Whatever the specifics, it is clear that this functionality makes for a more flexible system in terms of certificate distribution and storage, but presents a significant challenge to system designers.…”

Section: :7mentioning

confidence: 99%

“…Of course, given the potentially enormous number of certificates on the network, it is necessary to define some means of selectively retrieving only certificates that might pertain to a particular authorization decision. This problem is sometimes called distributed certificate chain discovery or policy directed certificate retrieval [Gunter and Jim 2000b]. In both of these approaches the process of obtaining certificates is formally well founded and not left to ad hoc techniques.…”

Section: Threshold and Separation Of Duty Policiesmentioning

confidence: 99%

Authorization in trust management

2008

View full text Add to dashboard Cite

Trust management systems are frameworks for authorization in modern distributed systems, allowing remotely accessible resources to be protected by providers. By allowing providers to specify policy, and access requesters to possess certain access rights, trust management automates the process of determining whether access should be allowed on the basis of policy, rights, and an authorization semantics. In this paper we survey modern state-of-the-art in trust management authorization, focusing on features of policy and rights languages that provide the necessary expressiveness for modern practice. We characterize systems in light of a generic structure that takes into account components of practical implementations. We emphasize systems that have a formal foundation, since security properties of them can be rigorously guaranteed. Underlying formalisms are reviewed to provide necessary background.

show abstract

Policy-directed certificate retrieval

Cited by 32 publications

References 10 publications

Beyond proof-of-compliance: security analysis in trust management

Beyond proof-of-compliance: security analysis in trust management

Discovering credentials in the content centric network

Authorization in trust management

Contact Info

Product

Resources

About