Abstract
The term ‘principal’ has roots both in computer security and in communications security. We will show that in those two areas principals serve quite different purposes. We also note that the term principal is overloaded in computer security and propose a separation into three different aspects: origin of message, access control rule, and accountable entity. Furthermore, we will defend the merits of extensional security specifications and show that it is not fruitful to expect that security mechanisms can only have one ‘correct’ interpretation.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Martín Abadi. On SDSI’s linked local name spaces. Journal of Computer Security, 6:3–21, 1998.
Andrew D. Birrell, Butler W. Lampson, Roger M. Needham, and Michael D. Schroeder. A global authentication service without global trust. In Proceedings of the 1986 IEEE Symposium on Research in Security and Privacy, pages 223–230, 1986.
Michael Burrows, Martín Abadi, and Roger Needham. Authentication: A practical study in belief and action. In M. Y. Vardi, editor, Theoretical Aspects of Reasoning About Knowledge, pages 325–342, 1988.
Michael Burrows, Martín Abadi, and Roger Needham. A logic of authentication. DEC Systems Research Center, Report 39, revised February 22 1990.
Joan Feigenbaum. Overview of the AT&T Labs trust-management project. In Security Protocols, LNCS 1550, pages 45–50. Springer Verlag, 1998.
M. Gasser. The role of naming in secure distributed systems. In Proceedings of the CS’90 Symposium on Computer Security, pages 97–109, Rome, Italy, November 1990.
M. Gasser, A. Goldstein, C. Kaufman, and B. Lampson. The digital distributed system security architecture. In Proceedings of the 1989 National Computer Security Conference, 1989.
Dieter Gollmann. On the verification of cryptographic protocols-a tale of two committees. In S. Schneider, editor, ENTCS Proceedings of the DERA/RHBNC workshops on Secure Architectures and Information Flow, 1999. Elsevier, 2000. http://www.elsevier.nl/locate/entcs/volume32.html.
Dieter Gollmann. Whither authentication. In M. Roe, editor, Proceedings of the 1999 Cambridge Security Protocols Workshop. Springer Verlag, to appear.
Li Gong. Inside Java 2 Platform Security. Addison-Wesley, Reading, MA, 1999.
J. Y. Halpern and R. van der Meyden. A logic for SDSI linked local name spaces. In Proceedings of the 12th IEEE Computer Security Foundations Workshop, pages 111–122, 1999.
Himanshu Khurana and Virgil D. Gligor. Review and revocation of access privileges distributed with PKI certificates. In this proceedings.
J. T. Kohl. The evolution of the kerberos authentication service. In Spring 1991 EurOpen Conference, Tromsø, Norway, 1991.
Butler Lampson, Martín Abadi, Michael Burrows, and Edward Wobber. Authentication in distributed systems: Theory and practice. ACM Transactions on Computer Systems, 10(4):265–310, November 1992.
S. P. Miller, B. C. Neuman, J. I. Schiller, and J. H. Saltzer. Section E.2.1: Kerberos authentication and authorization system. Technical report, MIT Project Athena, Cambridge, MA, 1987.
Ron Rivest and Butler Lampson. SDSI-a simple distributed security infrastructure. Technical report, 1996. http://theory.lcs.mit.edu/~cis/sdsi.html.
A. W. Roscoe. Intensional specifications of security protocols. In Proceedings of the 9th IEEE Computer Security Foundations Workshop, pages 28–38, 1996.
J. J. Tardo and K. Alagappan. SPX-global authentication using public-key certificates. In Proceedings of the 1991 IEEE Symposium on Research in Security and Privacy, pages 232–244, 1991.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2001 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Gollmann, D. (2001). Mergers and Principals. In: Christianson, B., Malcolm, J.A., Crispo, B., Roe, M. (eds) Security Protocols. Security Protocols 2000. Lecture Notes in Computer Science, vol 2133. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-44810-1_2
Download citation
DOI: https://doi.org/10.1007/3-540-44810-1_2
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-42566-3
Online ISBN: 978-3-540-44810-5
eBook Packages: Springer Book Archive