Abstract
Distributed authorization provides the ability to control access to resources spread over the Internet. Typical authorization systems consider a range of security information like user identities, role identities or even temporal, spatial and contextual information associated with the access requestor. However, the ability to include computing platform related information has been quite limited due to constraints in identification and validation of platforms when distributed. Trusted computing is an exciting technology that can provide new ways to bridge this gap. In this paper, we provide the first steps necessary to achieving distributed authorization using trusted computing platforms. We introduce the notion of a Property Manifest that can be used in the specification of authorization policies. We provide an overview of our authorization architecture, its components and functions. We then illustrate the applicability of our system by implementing it in a Web service oriented architecture.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Blaze, M., Feigenbaum, J., Lacy, J.: Decentralized Trust Management. In: Security and Privacy, pp. 164–173 TY - CONF. (1996)
Blaze, M., Feigenbaum, J., Ioannidis, J., Keromytis, A.: The KeyNote Trust-Management System Version 2 (RFC 2704). Internet Engineering Task Force (September 1999)
DeTreville, J.: Binder, a Logic-Based Security Language. In: SP 2002: Proceedings of the 2002 IEEE Symposium on Security and Privacy, Washington, DC, USA, p. 105. IEEE Computer Society, Los Alamitos (2002)
Chu, Y.-H., Feigenbaum, J., LaMacchia, B., Resnick, P., Strauss, M.: Referee: Trust Management for Web Applications. World Wide Web J. 2(3), 127–139 (1997)
Herzberg, A., Mass, Y., Michaeli, J., Ravid, Y., Naor, D.: Access Control Meets Public Key Infrastructure, Or: Assigning Roles to Strangers. In: SP 2000: Proceedings of the 2000 IEEE Symposium on Security and Privacy, Washington, DC, USA, p. 2. IEEE Computer Society, Los Alamitos (2000)
Trusted Computing Group: TCG TPM Main Specification Version 1.1b (2005)
Poritz, J., Schunter, M., Herreweghen, E.V., Waidner, M.: Property Attestation: Scalable and Privacy-Friendly Security Assessment of Peer Computers. Technical report, IBM Research (May 2004)
Sadeghi, A.R., Stueble, C.: Property-Based Attestation for Computing Platforms: Caring about Properties, not Mechanisms. In: NSPW 2004: Proceedings of the New Security Paradigm Workshop (2004)
Nagarajan, A., Varadharajan, V., Hitchens, M.: Trust Management for Trusted Computing Platforms in Web Services. In: STC 2007: Proceedings of the 2007 ACM workshop on Scalable Trusted Computing, New York, NY, USA, pp. 58–62 (2007)
Yoshihama, S., Ebringer, T., Nakamura, M., Munetoh, S., Maruyama, H.: WS-Attestation: Efficient and Fine-Grained Remote Attestation on Web Services. Technical report, IBM Research (February 2005)
TCG Infrastructure Working Group: Core Integrity Schema Specification (November 2006)
OASIS XACML Technical Committee: eXtensible Access Control Markup Language 3 (XACML) Version 2.0 (February 2005)
Hughes, J., Maler, E.: Technical Overview of the OASIS Security Assertion Markup Language (SAML) V1.1. OASIS (May 2004)
Kudo, M., Hada, S.: XML Document Security Based on Provisional Authorization. In: CCS 2000: Proceedings of the 7th ACM conference on Computer and Communications Security, pp. 87–96. ACM, New York (2000)
OASIS XACML Technical Committee: Web Services Profile of XACML (WS-XACML) Version 1.0 (December 2006)
Chen, L., Landfermann, R., Löhr, H., Rohe, M., Sadeghi, A.R., Stüble, C.: A Protocol for Property-Based Attestation. In: STC 2006: Proceedings of the first ACM workshop on Scalable Trusted Computing, New York, NY, USA, pp. 7–16 (2006)
Balacheff, B., Chen, L., Pearson, S., Plaquin, D., Proudler, G.: Trusted Computing Platforms - TCPA Technology in Context. Hewlett-Packard Books (2003)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 IFIP International Federation for Information Processing
About this paper
Cite this paper
Nagarajan, A., Varadharajan, V., Hitchens, M., Arora, S. (2008). On the Applicability of Trusted Computing in Distributed Authorization Using Web Services. In: Atluri, V. (eds) Data and Applications Security XXII. DBSec 2008. Lecture Notes in Computer Science, vol 5094. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-70567-3_18
Download citation
DOI: https://doi.org/10.1007/978-3-540-70567-3_18
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-70566-6
Online ISBN: 978-3-540-70567-3
eBook Packages: Computer ScienceComputer Science (R0)