[go: up one dir, main page]
More Web Proxy on the site http://driver.im/ skip to main content
article

Authorization with security attributes and privilege delegation

Published: 01 July 1997 Publication History

Abstract

This paper focuses on authorization in distributed environments; the typical authorization scheme employs access control lists, however, the scheme has problems when it is applied to a large-scale network. We introduce a new authorization scheme, compare it with the old scheme, and present an implementation of an information server which adopts the new scheme. As a part of authorization, delegation of privileges is important, however, current delegation mechanisms have problems when the delegation crosses a boundary of security domains. We propose a solution which refers to security information of other security domains through a directory service.

References

[1]
J. Kohl, B. Neuman, The Kerberos Network Authentication Service (V5), Internet Requests for Comments 1510 (September 1993).
[2]
C. Kaufman, DASS-Distributed Authentication Security Service, Internet Requests for Comments 1507 (September 1993).
[3]
B. Kahle, Wide Area Information Concepts, Version 4, Draft (November 1989) (included in the freewais-0.3, ftp://ftp.iij.ad.jp/pub/network/freewais/freewais-0.3.tar.gz).
[4]
M.D. Abrams, M.V. Joyce, Extending the ISO access control framework for multiple policies, in: Proceedings of the IFIP TC11 9th International Conference on Information Security, IFIP/Sec'93, Toronto, Canada, 1993, pp. 343-358.
[5]
Open Systems Interconnection-Security Frameworks in Open Systems-Part 3: Access Control, Draft International Standard, DIS-10181-3, ISO/IEC, 1994.
[6]
D. Miller, Access control by Boolean expression evaluation, in: Proceedings of the 5th Annual Computer Security Applications Conference, Tucson, AZ, 1989.
[7]
C. McCollum, J.R. Messing and L. Notargiacomo, Beyond the pale of MAC and DAC-defining new forms of access control, in: Proceedings of the 1990 IEEE Symposium on Research in Security and Privacy, Oakland, CA, 1990.
[8]
P. Kaijser, T. Parker and D. Pinkas, SESAME: The solution to security for open distributed systems, Computer Communications 17 (7) (1994) 501-518.
[9]
Security in Open Systems-Data Elements and Service Definitions, Standard ECMA-138, European Computer Manufacturers Association, Geneva, Switzerland, December 1989.
[10]
M. Gasser, E. McDermott, An architecture for practical delegation in a distribution system, in: Proceedings of the 1990 IEEE Symposium on Research in Security and Privacy, Oakland, CA, 1990.
[11]
C. Neuman, Proxy-based authorization and accounting for distributed systems, in: Proceedings of the 13th International Conference on Distributed Computing Systems, Pittsburgh, PA, 1993, pp. 283-291.
[12]
T. Berners-Lee, R. Cailliau, N. Pellow and A. Secret, The world-wide web initiative, in: Proceedings of INET'93, San Diego, CA, 1993.
[13]
F. Anklesaria et al., The Internet Gopher Protocol, a distributed document search and retrieval protocol, Internet Request for Comments 1436 (March 1993).
[14]
P. Marshall, WAIS: The Wide Area Information Server or Anonymous What???, 1992.
[15]
E. Rescorla, A. Schiffman, The secure hypertext transfer protocol, Internet Draft (July 1995).
[16]
K. Hickman, T. Elgamal, The SSL protocol, Internet Draft (June 1995).
[17]
D. Pinkas, T. Parker and P. Kaijser, Secure European System for Applications in a Multivendor Environment-an Introduction, Issue 1.2, 1993.
[18]
Authentication and Privilege Attribute Security Application with Related Key Distribution Functions-Part 3: Service Definitions, Working Draft, ISO/EEC JTC 1/SC 21, 1993.
[19]
Information Processing-Open Systems Interconnection-The Directory-Authentication Framework, IS-9594-8, ISO, 1988.
[20]
D. Davis, R. Swick, Network security via private-key certificates, Operating Systems Review 24 (4) (1990) 64-67.
[21]
Information Technology-Open Systems Interconnection-The Directory: Authentication Framework, Amendment 1: Certificate Extensions, Proposed Draft Amendment 1 to ITU X.509, ISO/IEC JTC 1/SC 21/WG 4 and ITU-T Q15/7, 1995.
[22]
Information Processing-Open Systems Interconnection-The Directory-Abstract Service Definition, IS-9594-3, ISO, 1988.
[23]
Public-Key Cryptography Standards #1: RSA Encryption Standard, RSA Data Security, Redwood City, CA, 1993.
[24]
Stable Implementation Agreements for Open Systems Interconnection Protocols: Part 12-OS Security, Open Systems Environment Implementors' Workshop, 1994.
[25]
R. Rivest, The MD5 message-digest algorithm, Internet Request for Comments 1321 (April 1992).

Cited By

View all
  • (2024)Leakage of Authorization-Data in IoT Device Sharing: New Attacks and CountermeasureIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2023.332371321:4(3196-3210)Online publication date: 1-Jul-2024
  • (2020)Shattered chain of trustProceedings of the 29th USENIX Conference on Security Symposium10.5555/3489212.3489279(1183-1200)Online publication date: 12-Aug-2020
  1. Authorization with security attributes and privilege delegation

      Recommendations

      Comments

      Please enable JavaScript to view thecomments powered by Disqus.

      Information & Contributors

      Information

      Published In

      cover image Computer Communications
      Computer Communications  Volume 20, Issue 5
      July, 1997
      93 pages

      Publisher

      Elsevier Science Publishers B. V.

      Netherlands

      Publication History

      Published: 01 July 1997

      Author Tags

      1. Access control decision function
      2. Authorization
      3. Delegation
      4. Privilege
      5. Privilege attribute certificate

      Qualifiers

      • Article

      Contributors

      Other Metrics

      Bibliometrics & Citations

      Bibliometrics

      Article Metrics

      • Downloads (Last 12 months)0
      • Downloads (Last 6 weeks)0
      Reflects downloads up to 14 Feb 2025

      Other Metrics

      Citations

      Cited By

      View all
      • (2024)Leakage of Authorization-Data in IoT Device Sharing: New Attacks and CountermeasureIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2023.332371321:4(3196-3210)Online publication date: 1-Jul-2024
      • (2020)Shattered chain of trustProceedings of the 29th USENIX Conference on Security Symposium10.5555/3489212.3489279(1183-1200)Online publication date: 12-Aug-2020

      View Options

      View options

      Figures

      Tables

      Media

      Share

      Share

      Share this Publication link

      Share on social media