Reasoning about joint administration of access policies for coalition resources
Tóm tắt
We argue that joint administration of access policies for a dynamic coalition formed by autonomous domains requires that these domains set up a coalition authority that distributes attribute certificates authorizing access to policy objects (e.g., ACLs). Control over the issuance of such certificates is retained by member domains separately holding shares of the joint coalition authority's private key with which they sign the attribute certificates. Hence, any (proper) subset of the member domains need not be trusted to protect the private key. However, application servers that implement joint administration of access policies based on attribute certificates must trust all the signers of those certificates, namely all member domains of the coalition. To capture these trust relations we extend existing access control logics and show that the extensions are sound. To reason about joint administration of access policies, we illustrate an authorization protocol in our logic for accessing policy objects using threshold attribute certificates.
Từ khóa
#Public key #Web server #Access control #Logic #Access protocols #Resource management #Diseases #Protection #File servers #AuthorizationTài liệu tham khảo
ellison, 1998, SPKI Certificate documentation
gibson, 2001, An Architecture for Flexible, High Assurance, Multi-Security Domain Networks, Proc Symp Network and Distributed System Security
10.1109/SECPRI.2000.848442
housley, 2001, Internet X.509 Public Key Infrastructure: Certificate and CRL Profile, Work in Progress-PKIX Working Group Internet Draft
0, ‘IBM 4758 PCI Cryptographic Coprocessor-CCA Basic Services Reference and Guide’, 4758
10.1007/3-540-44810-1_15
khurana, 2001, Enforcing the Dependency Between PKI Certificate in ad-hoc Networks, Proceedings of the IEEE International Conference on Telecommunications
10.1109/ICDCS.2002.1022281
10.1145/138873.138874
li, 2000, A Practical Implementable and Tractable Delegation Logic, Proceedings of the IEEE Symposium on Security and Privacy
10.1109/CSFW.1998.683151
wu, 1999, Building Intrusion Tolerant Applications, Proceedings of the 8th USENIX Security Symposium, 79
anderson, 1997, Low Cost Attacks on Tamper Resistant Devices, Security Protocols 5th Int l Workshop, 1361, 125, 10.1007/BFb0028165
blaze, 1999, The Keynote Trust Management System, Version 2 RFC-2704 IETF
10.1109/SECPRI.1996.502679
boneh, 1997, Efficient Generation of Shared RSA Keys, Advances in Cryptology - Crypto'97 Lecture Notes in Computer Science, 1233, 425, 10.1007/BFb0052253
bond, 2001, Attacks on Cryptoprocessor Transaction Sets, Proceedings of the CHES 2001 Workshop, 220
anderson, 2000, The Correctness of Crypto Transaction Sets, Proc 8th Int l Workshop Security Protocols, 2133, 125, 10.1007/3-540-44810-1_17
10.1007/3-540-46766-1_37
10.1145/155183.155225
10.1145/319171.319183
seamons, 2001, Limiting the Disclosure of Access Control Policies during Automated Trust Negotiation, Proc Internet Society Symp Network and Distributed System Security
malkin, 1999, Experimenting with Shared Generation of RSA keys, Proc Internet Society Symp Network and Distributed System Security, 43
shoup, 2000, Practical Threshold Signatures, Advances in Cryptology-EUROCRYPT 2000, 207, 10.1007/3-540-45539-6_15
shands, 2000, Secure Virtual Enclaves: Supporting Coalition Use of Distributed Application Technologies, Proc Symp Network and Distributed System Security
winsborough, 2000, Automated Trust Negotiation, DARPA Information Survivability Conference and Exposition
10.1145/238168.238195