Skip to main content
SpringerLink
Log in

Distributed Access-Rights Management with Delegation Certificates

  • Chapter
Secure Internet Programming

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 1603))

Abstract

New key-oriented discretionary access control systems are based on delegation of access rights with public-key certificates. This paper explains the basic idea of delegation certificates in abstract terms and discusses their advantages and limitations. We emphasize decentralization of authority and operations. The discussion is based mostly on the SPKI certificates but we avoid touching implementation details. We also describe how threshold and conditional certificates can add flexibility to the system. Examples are given of access control between intelligent networks services.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Martín Abadi. On SDSI’s linked local name spaces. In Proc. 10th IEEE Computer Security Foundations Workshop, pages 98–108, Rockport, MA, June 1997. IEEE Computer Society Press.

    Google Scholar 

  2. Martín Abadi, Michael Burrows, Butler Lampson, and Gordon Plotkin. A calculus for access control in distributed systems. ACM Transactions on Programming Languages and Systems, 15(4):706–734, September 1993.

    Article  Google Scholar 

  3. Tuomas Aura. Fast access control decisions from delegation certificate databases. In Proc. 3rd Australasian Conference on Information Security and Privacy ACISP’ 98, volume 1438 of LNCS, pages 284–295, Brisbane, Australia, July 1998. Springer Verlag.

    Google Scholar 

  4. Tuomas Aura. On the structure of delegation networks. In Proc. 11th IEEE Computer Security Foundations Workshop, pages 14–26, Rockport, MA, June 1998. IEEE Computer Society Press.

    Google Scholar 

  5. Tuomas Aura and Dieter Gollmann. Software license management with smart cards. In Proc. USENIX Workshop on Smartcard Technology, Chicago, May 1999. USENIX Association.

    Google Scholar 

  6. Tuomas Aura, Petteri Koponen, and Juhana Räsänen. Delegation-based access control for intelligent network services. In Proc. ECOOP Workshop on Distributed Object Security, Brussels, Belgium, July 1998.

    Google Scholar 

  7. D. Elliott Bell and Leonard. J. LaPadula. Secure computer systems: Unified exposition and Multics interpretation. Technical Report ESD-TR-75-306, The Mitre Corporation, Bedford MA, USA, March 1976.

    Google Scholar 

  8. Matt Blaze, Joan Feigenbaum, John Ioannidis, and Angelos D. Keromytis. The role of trust management in distributed systems security. In J. Vitek and C. Jensen, editors, Secure Internet Programming: Security Issues for Distributed and Mobile Objects, LNCS. Springer-Verlag Inc, New York, NY, USA, 1999.

    Google Scholar 

  9. Matt Blaze, Joan Feigenbaum, and Jack Lacy. Decentralized trust management. In Proc. 1996 IEEE Symposium on Security and Privacy, pages 164–173, Oakland, CA, May 1996. IEEE Computer Society Press.

    Google Scholar 

  10. Matt Blaze, Joan Feigenbaum, and Martin Strauss. Compliance checking in the PolicyMaker trust management system. In Proc. Financial Cryptography 98, volume 1465 of LNCS, pages 254–271, Anguilla, February 1998. Springer.

    Chapter  Google Scholar 

  11. David F. Brewer and Michael J. Nash. The Chinese wall security policy. In Proc. IEEE Symposium on Research in Security and Privacy, pages 206–214, Oakland, CA, May 1989. IEEE Computer Society Press.

    Google Scholar 

  12. Recommendation X.509, The Directory-Authentication Framework, volume VIII of CCITT Blue Book, pages 48–81. CCITT, 1988.

    Google Scholar 

  13. Carl M. Ellison. Establishing identity without certification authorities. In Proc. 6th USENIX Security Symposium, pages 67–76, San Jose, CA, July 1996. USENIX Association.

    Google Scholar 

  14. Carl M. Ellison, Bill Franz, Butler Lampson, Ron Rivest, Brian M. Thomas, and Tatu Ylönen. SPKI certificate theory, Simple public key certificate, SPKI examples. Internet draft, IETF SPKI Working Group, November 1997.

    Google Scholar 

  15. Carl M. Ellison, Bill Franz, Butler Lampson, Ron Rivest, Brian M. Thomas, and Tatu Ylönen. SPKI certificate theory. Internet draft, IETF SPKI Working Group, October 1998.

    Google Scholar 

  16. M. Gasser, A. Goldstein, C. Kaufman, and B. Lampson. The digital distributed system security architecture. In Proc. National computer security conference, pages 305–319, Baltimore, MD, USA, October 1989.

    Google Scholar 

  17. Li Gong. A secure identity-based capability system. In Proc. 1989 IEEE Symposium on Research in Security and Privacy, pages 56–63, Oakland, CA, May 1989. IEEE, IEEE Computer Society Press.

    Google Scholar 

  18. J. Kohl and C. Neuman. The Kerberos network authentication service (V5). RFC 1510, IETF Network Working Group, September 1993.

    Google Scholar 

  19. Petteri Koponen, Juhana Räsänen, and Olli Martikainen. Calypso service architecture for broadband networks. In Proc. IFIP TC6 WG6.7 International Conference on Intelligent Networks and Intelligence in Networks. Chapman & Hall, September 1997.

    Google Scholar 

  20. Ilari Lehti and Pekka Nikander. Certifying trust. In Proc. First International Workshop on Practice and Theory in Public Key Cryptography PKC’98, volume 1431 of LNCS, Yokohama, Japan, February 1998. Springer.

    Google Scholar 

  21. Nataraj Nagaratnam and Doug Lea. Secure delegation for distributed object environments. In Proc. 4th USENIX Conference on Object-Oriented Technologies and Systems (COOTS), pages 101–115, Santa Fe, NM, April 1998. USENIX Association.

    Google Scholar 

  22. A guide to understanding discretionary access control in trusted systems. Technical Report NCSC-TG-003 version-1, National Computer Security Center, September 1987.

    Google Scholar 

  23. Pekka Nikander and Lea Viljanen. Storing and retrieving Internet certificates. In Proc. 3rd Nordic Workshop on Secure IT Systems NORDSEC’98, Trondheim, Norway, November 1998.

    Google Scholar 

  24. Ronald L. Rivest and Butler Lampson. SDSI — A simple distributed security infrastucture. Technical report, April 1996.

    Google Scholar 

  25. Edward P. Wobber, Martín Abadi, Michael Burrows, and Butler Lampson. Authentication in the Taos operating system. ACM Transactions on Computer Systems, 12(1):3–32, February 1994.

    Article  Google Scholar 

  26. Philip Zimmermann. The Official PGP User’s Guide. MIT Press, June 1995.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Laboratory for Theoretical Computer Science, Helsinki University of Technology, P.O. Box 1100, FIN-02015 HUT, Finland

    Tuomas Aura

Authors
  1. Tuomas Aura
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Object Systems Group, University of Geneva, CH-1211, Geneva 4, Switzerland

    Jan Vitek

  2. Department of Computer Science, O’Reilly Institute, Trinity College Dublin, Dublin 2, Ireland

    Christian D. Jensen

Rights and permissions

Reprints and permissions

Copyright information

© 1999 Springer-Verlag Berlin Heidelberg

About this chapter

Cite this chapter

Aura, T. (1999). Distributed Access-Rights Management with Delegation Certificates. In: Vitek, J., Jensen, C.D. (eds) Secure Internet Programming. Lecture Notes in Computer Science, vol 1603. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-48749-2_9

Download citation

  • DOI: https://doi.org/10.1007/3-540-48749-2_9

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-66130-6

  • Online ISBN: 978-3-540-48749-4

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation