Development of the domain name system
SIGCOMM '88 Symposium proceedings on Communications architectures and protocols
PLAN: a packet language for active networks
ICFP '98 Proceedings of the third ACM SIGPLAN international conference on Functional programming
Generalized certificate revocation
Proceedings of the 27th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Policy-directed certificate retrieval
Software—Practice & Experience
The role of trust management in distributed systems security
Secure Internet programming
DNS and BIND
Service Configuration and Management in Adaptable Networks
DSOM '99 Proceedings of the 10th IFIP/IEEE International Workshop on Distributed Systems: Operations and Management: Active Technologies for Network and Service Management
IWAN '99 Proceedings of the First International Working Conference on Active Networks
Decentralized Trust Management
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
| Hi-index | 0.00 |
Any security architecture for a wide area network system spanning multiple administrative domains will require support for policy delegation and certificate distribution across the network. Practical solutions will support local autonomy requirements of participating domains by allowing local policies to vary but imposing restrictions to ensure overall coherence of the system. This paper describes the design of a such a system to control access to experiments on the ABone active network testbed. This is done through a special-purpose language extending the Query Certificate Manager (QCM) system to include protocols for secure mirroring. Our approach allows significant local autonomy while ensuring global security of the system by integrating verification with retrieval. This enables transparent support for a variety of certificate distribution protocols. We analyze requirements of the ABONE application, describe the design of a security infrastructure for it, and discuss steps toward implementation, testing and deployment of the system.