A Lightweight Security Model for WBEM

  • Giuseppe Cattaneo
  • Luigi Catuogno
  • Umberto Ferraro Petrillo
  • Ivan Visconti
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2889)

Abstract

Web-Based Enterprise Management (WBEM) is an emerging standard solution for remote management of heterogeneous devices. It allows to remotely operate and administer a group of hardware and software devices while preserving some security features. The aim of this paper is two-fold: 1) We raise concerns regarding security weaknesses of the architecture of WBEM. 2) We propose a lightweight security model for WBEM based on the concept of Attribute Authority and show its effectiveness in preserving both the security and the performance of the system. Moreover, we address the concept of accountability and present guidelines for an implementation of our model.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Blaze, M., Feigenbaum, J., Lacy, J.: Decentralized Trust Management. In: Proc. of the 17th Symposium on Security and Privacy, Oakland, CA, May 1996, pp. 164–173. IEEE Computer Society Press, Los Alamitos (1996)Google Scholar
  2. 2.
    Desktop Management Task Force: User and Security Model White Paper (June 2003), http://www.dmtf.org/standards/documents/CIM/DSP0139.pdf
  3. 3.
    Desktop Management Task Force: Web-based Enterprise Management, http://www.dmtf.org
  4. 4.
    Desktop Management Task Force: CIM Schema version 2.5, http://www.dmtf.org
  5. 5.
    Khurana, H., Gligor, V.D., Linn, J.: Reasoning about Joint Administration of Access Policies for Coalition Resources. In: Proc. of the 22nd International Conference on Distributed Computing Systems (ICDCS 2002), Vienna, Austria, July 2-5, pp. 429–440. IEEE Computer Society Press, Los Alamitos (2002)CrossRefGoogle Scholar
  6. 6.
    Dierks, T., Allen, C.: The TLS Protocol, version 1.0. Network Working Group, IETF RFC 2246 (1999)Google Scholar
  7. 7.
    OpenSSL group: The OpenSSL Package, http://www.openssl.org
  8. 8.
    Housley, R., Ford, W., Polk, W., Solo, D.: Internet X509 Public Key Infrastructure: Certificate and CRL Profile. IETF RFC 3280 (April 2002)Google Scholar
  9. 9.
    Aura, T.: Distributed Access-Rights Management with Delegation Certificates. In: Vitek, J. (ed.) Secure Internet Programming. LNCS, vol. 1603, pp. 211–236. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  10. 10.
    Engert, D., Thompson, M., Tuecke, S.: Internet X.509 Public Key Infrastructure: Restricted Delegation Certificate Profile. Internet Draft (July 2001)Google Scholar
  11. 11.
    Engert, D., Thompson, M., Tuecke, S.: Internet X.509 Public Key Infrastructure: Impersonation Certificate Profile. Internet Draft (July 2001)Google Scholar
  12. 12.
    Ellison, C.: SPKI Requirements. IETF RFC 2693Google Scholar
  13. 13.
    Rivest, R., Lampson, B.: A Simple Distributed Security Infrastructure (April 1996)Google Scholar
  14. 14.
    Sun Microsystems, Inc.: Solaris WBEM Services Administrator’s Guide, http://docs.sun.com/db/doc/806-6468
  15. 15.
    Open Group: Open Pegasus, http://www.openpegasus.org
  16. 16.
    Sun Microsystems, Inc.: Solaris WBEM Services, http://wwws.sun.com/software/solaris/wbem
  17. 17.
    Microsoft Corporation: Learning about Windows Management Instrumentation (WMI) (July 1999), http://msdn.microsoft.com
  18. 18.
    Wahl, M., Howes, T., Kille, S.: Lightweight Directory Access Protocol (v3). IETF RFC 2251 (December 1997)Google Scholar
  19. 19.
    Farrell, S.: TLS extensions for AttributeCertificate based authorization. Internet draft (August 1998)Google Scholar
  20. 20.
    Thompson, M., Johnston, W., Mudumbai, S., Hoo, G., Jackson, K.: Certificate- Based Access Control for Widely Distributed Resources. In: Proc. of the 8th USENIX Security Symposium (SECURITY 1999), August 23-26, pp. 215–228. Usenix Association (1999)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Giuseppe Cattaneo
    • 1
  • Luigi Catuogno
    • 1
  • Umberto Ferraro Petrillo
    • 1
  • Ivan Visconti
    • 1
  1. 1.Dipartimento di Informatica ed ApplicazioniUniversità di SalernoBaronissiITALY

Personalised recommendations