Optimality of multi-domain protocols
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
Endorsements, licensing, and insurance for distributed system services
CCS '94 Proceedings of the 2nd ACM Conference on Computer and communications security
Path independence for authentication in large-scale systems
Proceedings of the 4th ACM conference on Computer and communications security
Resilient Authentication Using Path Independence
IEEE Transactions on Computers
Authentication metric analysis and design
ACM Transactions on Information and System Security (TISSEC)
Towards a theory of trust in networks of humans and computers
SP'11 Proceedings of the 19th international conference on Security Protocols
Hi-index | 0.00 |
In this paper we define and rationalize a policy for propagation of authentication trust across realm boundaries. This policy helps limit global security exposures that ensue whenever an authentication service is compromised. It is based on a hierarchical model of inter-realm authentication, and can be supported by both public-key and secret-key systems. As an example, we present a simple protocol which selects inter-realm authentication paths that satisfy the policy. The protocol is part of a design which provides application transparency for inter-realm, authentication-path selection and acceptance as the default mode of opera lion. The design can be integrated with the security services of existing systems; e.g., of theOpen Software Foundation's Distributed Computing Environment (DCE). DCE implementation issues are also discussed.