Authentication in distributed systems: theory and practice
ACM Transactions on Computer Systems (TOCS)
A calculus for access control in distributed systems
ACM Transactions on Programming Languages and Systems (TOPLAS)
Role-Based Access Control Models
Computer
Communications of the ACM
The &OHgr; key management service
Journal of Computer Security
Using digital credentials on the World Wide Web
Journal of Computer Security - Special issue on security in the World Wide Web
Role-based access control on the web
ACM Transactions on Information and System Security (TISSEC)
Flexible support for multiple access control policies
ACM Transactions on Database Systems (TODS)
Proposed NIST standard for role-based access control
ACM Transactions on Information and System Security (TISSEC)
Access Control: Policies, Models, and Mechanisms
FOSAD '00 Revised versions of lectures given during the IFIP WG 1.7 International School on Foundations of Security Analysis and Design on Foundations of Security Analysis and Design: Tutorial Lectures
Modelling a Public-Key Infrastructure
ESORICS '96 Proceedings of the 4th European Symposium on Research in Computer Security: Computer Security
CRYPTO '92 Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology
Binding identities and attributes using digitally signed certificates
ACSAC '00 Proceedings of the 16th Annual Computer Security Applications Conference
A Logic-based Knowledge Representation for Authorization with Delegation
CSFW '99 Proceedings of the 12th IEEE workshop on Computer Security Foundations
SESAME V2 public key and authorisation extensions to Kerberos
SNDSS '95 Proceedings of the 1995 Symposium on Network and Distributed System Security (SNDSS'95)
Yaksha: augmenting Kerberos with public key cryptography
SNDSS '95 Proceedings of the 1995 Symposium on Network and Distributed System Security (SNDSS'95)
Decentralized Trust Management
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
A Uniform Model for Authorization and Access Control in Enterprise Information Platform
EDCIS '02 Proceedings of the First International Conference on Engineering and Deployment of Cooperative Information Systems
An access control framework for business processes for web services
Proceedings of the 2003 ACM workshop on XML security
A systematic approach for encryption and authentication with fault tolerance
Computer Networks: The International Journal of Computer and Telecommunications Networking
Security in grid computing: A review and synthesis
Decision Support Systems
Audit and backup procedures for hardware security modules
Proceedings of the 7th symposium on Identity and trust on the Internet
Ensuring privacy in smartcard-based payment systems: a case study of public metro transit systems
CMS'06 Proceedings of the 10th IFIP TC-6 TC-11 international conference on Communications and Multimedia Security
| Hi-index | 0.00 |
Public key management has received considerable attention from both the research and commercial communities as a useful primitive for secure electronic commerce and secure communication. While the mechanics of certifying and revoking public keys and escrowing and recovering private keys have been widely explored, less attention has been paid to access control frameworks for regulating access to stored keys by different parties. In this article we propose such a framework for a key management service that supports public key registration, lookup, and revocation, and private key escrow, protected use (e.g., to decrypt selected messages), and recovery. We propose an access control model using a policy based on principal, ownership, and authority relationships on keys. The model allows owners to grant to others (and revoke) privileges to execute various actions on their keys. The simple authorization language is very expressive, enabling the specification of authorizations for composite subjects that can be fully specified (ground) or partially specified, thus making the authorizations applicable to all subjects satisfying some conditions. We illustrate how the access control policy and the authorizations can easily be expressed through a simple and restricted, hence efficiently computable, form of logic language.