Abstract
Extranets are tools that enable an organization to share part of its information system and infrastructure with other parties. Reaching this goal requires shielding from intruders while at the same time dynamically opening intranet resources. This article discusses how should such an extranet be designed. A solution that automates access control definition and enforcement is presented, which also addresses wide scale user management using a capability-based model. A prototype using the SPKI infrastructure is described that offers strong authentication thanks to smart cards.
The original version of this chapter was revised: The copyright line was incorrect. This has been corrected. The Erratum to this chapter is available at DOI: 10.1007/978-0-387-35612-9_23
Chapter PDF
Similar content being viewed by others
References
F. Bellifemine, A. Poggi, G. Rimassa, and P. Turci. An Object Oriented Framework to Realize Agent Systems. in Proc. of WOA 2000 Workshop, Parma, May 2000, pp. 52–57
B. Cheswick and S. Bellovin. Firewalls and Internet Security: Repelling the Wily Hacker. Addison Wesley, 1994, ISBN 0–201–63357–4
David Curry, Hervé Debar. Intrusion Detection Message Exchange Format Data Model and Extensible Markup Language (XML) Document Type Definition - draft-ietfidwg-idmef-xml-06.txt. December 2001
http://www.permeotechnologies.com/technology/wpapers.htm. Permeo Technologies. e-Border white papers.
C. M. Ellison, B. Frantz, B. Lampson, R. Rivest, B. M. Thomas, and T. Ylönen. Simple Public Key Certificate, Internet draft draft-ietf-spki-cert-structure-05.txt, March 1998.
C. M. Ellison, B. Frantz, B. Lampson, R. Rivest, B. M. Thomas, and T. Ylönen. SPKI Examples, Internet draft draft-ietf-spki-cert-examples-01.txt, March 1998
C. M. Ellison, B. Frantz, B. Lampson, R. Rivest, B. M. Thomas, and T. Ylönen. SPKI Certificate Theory, RFC 2693, September 1999.
S. Kent, R. Atkinson. IP Authentication Header (RFC 2402). November 1998
S. Kent, R. Atkinson. IP Encapsulating Security Payload (ESP) (RFC 2406). November 1998.
M. Leech, M. Ganis, Y. Lee, R. Kuris, D. Koblas, L. Jones. RFC 1928. SOCKS Protocol Version 5. March 1996
A. Macaire. An Open Terminal Infrastructure for Personal Services. TOOLS Europe 2000, 5–8 June 2000, Le Mont-St-Michel, France
Martin Roesch. Snort - Lightweight Intrusion Detection for Networks -http://www.snort.org/docs/lisapaper.txt
R. S. Sandhu, P. Samarati. Authentication, Access Controls, and Intrusion Detection, in The Computer Science and Engineering Handbook, pp 1929–1948, 1997
SEVA project home page - http://www.eurecom.fr/—nsteam/SEVA
Texar. S-Peer. http://www.s-peer.com/
S.X. Sun, S. Reilly, L. Lannom. Handle System Namespace and Service Definition. IETF Draft. May 2001.
SUN Microsystems. SunScreen Secure Net 3.1, Technical Whitepaper
FWTK.ORG unofficial page on TIS firewall toolkit - http://www.fwtk.org/main.html
IBM. Electronic Trading paner Agreement for E-Commerce. ebXML proposed specification, version 1.06.
World Wide Web Consortium. Extensible Markup Language (XML) 1.0. W3C Recommandation. http://www.w3.org/TR/2000/REC-xml-20001006
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 IFIP International Federation for Information Processing
About this chapter
Cite this chapter
Roudier, Y., Fouache, O., Vannel, P., Molva, R. (2002). Enabling Adaptive and Secure Extranets. In: Jerman-Blažič, B., Klobučar, T. (eds) Advanced Communications and Multimedia Security. IFIP — The International Federation for Information Processing, vol 100. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-35612-9_10
Download citation
DOI: https://doi.org/10.1007/978-0-387-35612-9_10
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4757-4405-7
Online ISBN: 978-0-387-35612-9
eBook Packages: Springer Book Archive