Abstract
This paper addresses the issues of authorization and trust in a federated distributed environment. We describe some of design principles involved in the development of authorization service for practical large scale distributed systems. We present the design of web services authorization architecture and discuss its implementation within the .NET framework. Then we discuss the notion of trusted computing and presented our approach and architecture to enhancing the distributed authorization service using trusted platforms technologies.
Keywords
- Policy Language
- Trusted Platform Module
- Access Control Model
- Access Control Mechanism
- Authorization Policy
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Rescorla, E.: SSL and TLS: Designing and Building Secure Systems. Addison Wesley, Reading (2001)
Kent, S., Atkinson, R.: Security architecture for the Internet Protocol, RFC 2401 (1998), http://www.ietf.org/rfc/rfc2401.txt
World Wide Web Consortium, XML-Signature Syntax and Processing XML Encryption Syntax and Processing /TR/xmlenc-core (2002), http://www.w3.org/TR/xmldsig-core/ , http://www.w3.org/TR/xmldsig-core/
World Wide Web Consortium, SOAP v1.2 Web Services Description Language (WSDL) v1.1 (2002), http://www.w3.org/TR/soap12-part1/ , http://www.w3.org/TR/soap12-part1/
Ash, D., Dillaway, B., Eastlake, D., Elley, Y., Epstein, J., Farrell, S., et al.: XML Key Management Specification, XKMS 2.0 (2004 April 05), http://www.w3.org/TR/xkms2/
Jajodia, S., Samarati, P., Subrahmanian, V.S.: A Logical Language for Expressing Authorizations. In: Proceedings of the IEEE Symposium on Security and Privacy, USA (1997)
Bai, Y., Varadharajan, V.: A Logic for State Transformations in Authorization Policies. In: Proceedings of the IEEE Computer Security Foundations Workshop, USA (1997)
Varadharajan, V., Crall, C., Pato, J.: Authorization for Enterprise wide Distributed Systems. In: Proceedings of the IEEE Computer Security Applications Conference, ACSAC 1998, USA (1998)
Damianou, N., Dulay, N., Lupu, E., Sloman, M.: The Ponder Policy Specification Language. In: Proceedings of International Workshop on Policies for Distributed Systems and Networks, UK, pp. 18–38 (2001)
Hitchens, M., Varadharajan, V.: Tower: A Language for Role Based Access Control. In: Proceedings of International Workshop on Policies for Distributed Systems and Networks, UK, pp. 88–106 (2001)
Indrakanti, S., Varadharajan, V., Hitchens, M., Kumar, R.: Secure Authorization for Web Services. In: Proceedings of the 17th IFIP Conference on Data and Applications Security, USA (2003)
Sandhu, R., et al.: Role based access control models. IEEE Computer 29(2), 38–47 (1996)
Varadharajan, V., Allen, P., Black, S.: An Analysis of the Proxy Problem in Distributed Systems. In: Proceedings of the IEEE Symposium on Security and Privacy, USA (1991)
Brewer, D., Nash, M.: The Chinese Wall Security Policy. In: Proceedings of the IEEE Symposium on Security and Privacy, USA, pp. 206–214 (1989)
Varadharajan, V., Allen, P.: Joint Action based Authorization Schemes. ACM Operating Systems Review Journal 30(3), 32–45
Varadharajan, V.: “Distributed Authorization: Principles and Applications”, Book Chapter, Coding, Cryptography. Singapore University Press (2001)
Hitchens, M., Varadharajan, V.: Design and Specification of Role based Access Control Policies. In: IEE Proceedings – Software, UK (August 2000)
Indrakanti, S., Varadharajan, V., Hitchens, M.: Authorization Service for Web Services and its Application in a Healthcare Domain. accepted for publication in the International Journal for Web Services Research, Idea Group Publishing (March 2005)
Indrakanti, S., Varadharajan, V.: An Authorization Architecture for Web Services. In: Proceedings of the 19th Annual IFIP WG 11.3 Working Conference on Data and Applications Security, USA (2005)
Microsoft Corporation, NET Framework (2005), http://msdn.microsoft.com/netframework/
Dept of Defense, Trusted Computer System Evaluation Criteria (TCSEC), DoD5200.28 STD (December 1985)
TCPA, “Trusted Computing Platform Alliance”, Building a Foundation of Trust in the PC (now known as Trusted Computing Group ) (January 2000), http://www.trustedcomputing.org , http://www.trustedcomputing.org
Balacheff, B., et al.: Trusted Computing Platforms: TCPA Technology in Context. Prentice-Hall, Englewood Cliffs (2003)
Varadharajan, V.: Trust Enhanced Authorization and its Application. Preparation (2005)
Zhao, W., Varadharajan, V., Bryan, G.: “Modelling Trust Relationships in Distributed Environments. In: International Conference on Trust and Privacy in Digital Business, TrustBus04 (in conjunction with DEXA2004), Spain (2004)
Lin, C., Varadharajan, V., Wang, Y., Pruthi, V.: Trust Enhanced Security for Mobile Agents. In: 2005 IEEE International Conference on E-commerce Technology (IEEE CEC 2005), Germany, pp. 231–238 (2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Varadharajan, V. (2005). Authorization and Trust Enhanced Security for Distributed Applications. In: Jajodia, S., Mazumdar, C. (eds) Information Systems Security. ICISS 2005. Lecture Notes in Computer Science, vol 3803. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11593980_1
Download citation
DOI: https://doi.org/10.1007/11593980_1
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-30706-8
Online ISBN: 978-3-540-32422-5
eBook Packages: Computer ScienceComputer Science (R0)