Correcting a delegation protocol for grids

Authors:
Benjamin Aziz
Affiliations:
School of Computing, University of Portsmouth, Portsmouth, United Kingdom
Venue:
TrustBus'11 Proceedings of the 8th international conference on Trust, privacy and security in digital business
Year:
2011

Citing 12
Cited 0

Delegation is inheritance

OOPSLA '87 Conference proceedings on Object-oriented programming systems, languages and applications
Proxy signatures, Revisited

ICICS '97 Proceedings of the First International Conference on Information and Communication Security
Framework for role-based delegation models

ACSAC '00 Proceedings of the 16th Annual Computer Security Applications Conference
On the Structure of Delegation Networks

CSFW '98 Proceedings of the 11th IEEE workshop on Computer Security Foundations
The Dolev-Yaho Intruder is the Most Powerful Attacker

LICS '01 Proceedings of the 16th Annual IEEE Symposium on Logic in Computer Science
Provably secure delegation-by-certification proxy signature schemes

InfoSecu '04 Proceedings of the 3rd international conference on Information security
Supporting conditional delegation in secure workflow management systems

Proceedings of the tenth ACM symposium on Access control models and technologies
On the security of public key protocols

SFCS '81 Proceedings of the 22nd Annual Symposium on Foundations of Computer Science
DToken: A Lightweight and Traceable Delegation Architecture for Distributed Systems

SRDS '09 Proceedings of the 2009 28th IEEE International Symposium on Reliable Distributed Systems
DAuth: Fine-Grained Authorization Delegation for Distributed Web Application Consumers

POLICY '10 Proceedings of the 2010 IEEE International Symposium on Policies for Distributed Systems and Networks
Verifying a delegation protocol for grid systems

Future Generation Computer Systems
A Delegation Solution for Universal Identity Management in SOA

IEEE Transactions on Services Computing

Quantified Score

Hi-index	0.00

Visualization

Abstract

Delegation is one important aspect of large-scale distributed systems where many processes and operations run on behalf of system users and clients in order to achieve highly computational and resource intensive tasks. As such, delegation is often synonymous with the concept of trust, in that the delegator would expect some degree of reliability regarding the delegatee's ability and predictability to perform the delegated task. The delegation protocol itself is expected to maintain certain basic properties, such as integrity, traceability, accountability and the ability to determine delegation chains. In this paper, we give an overview of the vulnerabilities that one such delegation protocol exhibits, namely DToken, a lightweight protocol for Grid systems, as interesting examples of design mistakes. We also propose an alternative protocol, DToken II, which fixes such vulnerabilities.