Security without identification: transaction systems to make big brother obsolete
Communications of the ACM
Proceedings of the nineteenth annual ACM symposium on Principles of distributed computing
Distributed access-rights management with delegation certificates
Secure Internet programming
Symbolic Rights and Vouchers for Access Control in Distributed Object Systems
ASIAN '96 Proceedings of the Second Asian Computing Science Conference on Concurrency and Parallelism, Programming, Networking, and Security
An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation
EUROCRYPT '01 Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology
Delegation of Responsibility (Position Paper)
Proceedings of the 6th International Workshop on Security Protocols
Secure Intrusion-tolerant Replication on the Internet
DSN '02 Proceedings of the 2002 International Conference on Dependable Systems and Networks
PBDM: a flexible delegation model in RBAC
Proceedings of the eighth ACM symposium on Access control models and technologies
Delegation Protocols for Electronic Commerce
ISCC '01 Proceedings of the Sixth IEEE Symposium on Computers and Communications
An Authorization Scheme For Distributed Object Systems
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
A taxonomy of DDoS attack and DDoS defense mechanisms
ACM SIGCOMM Computer Communication Review
A fine-grained, controllable, user-to-user delegation method in RBAC
Proceedings of the tenth ACM symposium on Access control models and technologies
Intrusion-Tolerant Middleware: The Road to Automatic Security
IEEE Security and Privacy
Zyzzyva: speculative byzantine fault tolerance
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
Computer
Hi-index | 0.00 |
This paper presents the architecture of an authorization service proposed for composite operations involving many Internet partners. The main contributions of this paper are: (1) a scheme for access control systematically applied at the fine-grained level of each elementary operation, (2) a novel proof of authorization concept and flexible authorization delegation technique, and (3) the design and proof-of-concept implementation of an intrusion-tolerant prototype of the authorization architecture. The architecture is based on two component types: an authorization server and a set of reference monitors. The authorization server is in charge of distributing proofs of authorization for composite operations in the system. On each site involved in the execution of the composite operation, a local reference monitor is in charge of checking the validity of the proofs of authorization used for each elementary operation. The paper presents the overall design of the authorization service. It also includes a brief description of the prototype that was developed as well as performance measures.