Abstract
This paper presents an authorization scheme for applications distributed on the Internet with two levels of access control: a global level, implemented through a fault- and intrusion-tolerant authorization server, and a local level implemented as a security kernel located on both the local host Java Virtual Machine (JVM) and on a Java Card connected to this host.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
[Abghour et al. 2001]_N. Abghour, Y. Deswarte, V. Nicomette and D. Powell, Specification of Authorisation Services, MAFTIA Project IST-1999-11583 Contract Report, LAAS-CNRS, N∘01.001, Jan. 2001, http://www.maftia.org/deliverables/D27V13.pdf>.
[Ao et al. 2001]_X. Ao, N. H. Minsky and V. Ungureanu, “Formal Treatment of Certificate Revocation Under Communal Access Control”, in IEEE Symposium on Security and Privacy, (Oakland, CA), pp. 116–127, IEEE Computer Society Press, 2001.
[Au et al. 2000]_R. Au, M. Looi and P. Ashley, “Cross-Domain One-Shot Authorization using Smart Cards”, in 7th ACM Conference on Computer and Communications Security (CCS-2000), (S. Jajodia and P. Samarati, Eds.), (Athens, Greece), pp. 220–226, ACM Press, 2000.
L. Blain and Y. Deswarte, “Intrusion-Tolerant Security Server for Delta-4”, in ESPRIT 90 Conference, (CEC-DG-XIII, Ed.), (Brussels (Belgium)), pp. 355–370, Kluwer Academic Publishers, 1990.
C. Ellison, SPKI Requirements, IETF, RFC 2692, September 1999, pp.
D. Hagimont and J.-J. Vandewalle, “JCCap: Capability-Based Access Control for Java Card”, in 4th IFIP WG8.8 Working Conference on Smart Card Research and Advanced Applications (CARDIS-2000), (J. Domingo-Ferrer, D. Chan and A. Watson, Eds.), (Bristol, UK), pp. 365–388, Kluwer Academic Publishers, 2000.
HP, HP Praesidium Authorization Server 3.1: Increasing Security Requirements in the Extended Enterprise, November 2, 1998, accessible at the following URL: <http://www.hp.com/security/products/authorization_server/papers/whitepaper/>.
B. C. Neuman and T. Tso, “Kerberos: an Authentication Service for Computer Networks”, IEEE Communications, 32(9), 1994.
V. Nicomette, La protection dans les systèmes à objets répartis, Thèse de Doctorat de l’Institut National Polytechnique de Toulouse, LAAS Report 96496, 1996, (in French).
V. Nicomette and Y. Deswarte, “Symbolic Rights and Vouchers for Access Control in Distributed Object Systems”, in Proc. 2nd Asian Computing Science Conference (ASIAN’96), (Singapour), LNCS n∘1179, pp. 193–203, Springer-Verlag, 1996.
V. Nicomette and Y. Deswarte, “An Authorization Scheme for Distributed Object Systems”, in Proc. Int. Symposium on Security and Privacy, (Oakland, CA, USA), pp. 21–30, IEEE Computer Society Press, 1997.
T. Parker, “A Secure European System for Applications in a Multivendor Environment (The SESAME project)”, in 14th National Computer Security Conference, (Washington (DC, USA)), pp. 505–513, NCSC and NIST, 1991.
[Zurko et al. 1999]_M.-E. Zurko, R. Simon and T. Sanfilipo, “A User-Centered, Modular Authorization Service Built on an RBAC Foundation”, in IEEE Symposium on Security and Privacy, (Berkeley (CA, USA)), pp. 57–71, 1999.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2001 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Deswarte, Y., Abghour, N., Nicomette, V., Powell, D. (2001). An Internet Authorization Scheme Using Smart-Card-Based Security Kernels. In: Attali, I., Jensen, T. (eds) Smart Card Programming and Security. E-smart 2001. Lecture Notes in Computer Science, vol 2140. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45418-7_7
Download citation
DOI: https://doi.org/10.1007/3-540-45418-7_7
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-42610-3
Online ISBN: 978-3-540-45418-2
eBook Packages: Springer Book Archive