Intrusion-tolerant fine-grained authorization for Internet applications

Authors:
V. Nicomette;D. Powell;Y. Deswarte;N. Abghour;C. Zanon
Affiliations:
CNRS, LAAS, 7 Avenue du Colonel Roche, F-31077 Toulouse, France and Université/ de Toulouse/ UPS, INSA, INP, ISAE/ LAAS/ F-31077 Toulouse, France;CNRS, LAAS, 7 Avenue du Colonel Roche, F-31077 Toulouse, France and Université/ de Toulouse/ UPS, INSA, INP, ISAE/ LAAS/ F-31077 Toulouse, France;CNRS, LAAS, 7 Avenue du Colonel Roche, F-31077 Toulouse, France and Université/ de Toulouse/ UPS, INSA, INP, ISAE/ LAAS/ F-31077 Toulouse, France;Université/ Hassan II Faculté/ des Sciences An Chock, Dé/partement de Mathé/matiques et Informatique, BP 5366 Maarif Casablanca 20100, Morocco;CNRS, LAAS, 7 Avenue du Colonel Roche, F-31077 Toulouse, France and Université/ de Toulouse/ UPS, INSA, INP, ISAE/ LAAS/ F-31077 Toulouse, France
Venue:
Journal of Systems Architecture: the EUROMICRO Journal
Year:
2011

Citing 15
Cited 0

Security without identification: transaction systems to make big brother obsolete

Communications of the ACM
Random oracles in constantipole: practical asynchronous Byzantine agreement using cryptography (extended abstract)

Proceedings of the nineteenth annual ACM symposium on Principles of distributed computing
Distributed access-rights management with delegation certificates

Secure Internet programming
Symbolic Rights and Vouchers for Access Control in Distributed Object Systems

ASIAN '96 Proceedings of the Second Asian Computing Science Conference on Concurrency and Parallelism, Programming, Networking, and Security
An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation

EUROCRYPT '01 Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology
Delegation of Responsibility (Position Paper)

Proceedings of the 6th International Workshop on Security Protocols
Secure Intrusion-tolerant Replication on the Internet

DSN '02 Proceedings of the 2002 International Conference on Dependable Systems and Networks
PBDM: a flexible delegation model in RBAC

Proceedings of the eighth ACM symposium on Access control models and technologies
Delegation Protocols for Electronic Commerce

ISCC '01 Proceedings of the Sixth IEEE Symposium on Computers and Communications
An Authorization Scheme For Distributed Object Systems

SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
A taxonomy of DDoS attack and DDoS defense mechanisms

ACM SIGCOMM Computer Communication Review
A fine-grained, controllable, user-to-user delegation method in RBAC

Proceedings of the tenth ACM symposium on Access control models and technologies
Intrusion-Tolerant Middleware: The Road to Automatic Security

IEEE Security and Privacy
Zyzzyva: speculative byzantine fault tolerance

Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
A Distributed Secure System

Computer

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper presents the architecture of an authorization service proposed for composite operations involving many Internet partners. The main contributions of this paper are: (1) a scheme for access control systematically applied at the fine-grained level of each elementary operation, (2) a novel proof of authorization concept and flexible authorization delegation technique, and (3) the design and proof-of-concept implementation of an intrusion-tolerant prototype of the authorization architecture. The architecture is based on two component types: an authorization server and a set of reference monitors. The authorization server is in charge of distributing proofs of authorization for composite operations in the system. On each site involved in the execution of the composite operation, a local reference monitor is in charge of checking the validity of the proofs of authorization used for each elementary operation. The paper presents the overall design of the authorization service. It also includes a brief description of the prototype that was developed as well as performance measures.