Abstract
Any security architecture for a wide area network system spanning multiple administrative domains will require support for policy delegation and certificate distribution across the network. Practical solutions will support local autonomy requirements of participating domains by allowing local policies to vary but imposing restrictions to ensure overall coherence of the system. This paper describes the design of a such a system to control access to experiments on the ABone active network testbed. This is done through a special-purpose language extending the Query Certificate Manager (QCM) system to include protocols for secure mirroring. Our approach allows significant local autonomy while ensuring global security of the system by integrating verification with retrieval. This enables transparent support for a variety of certificate distribution protocols. We analyze requirements of the ABONE application, describe the design of a security infrastructure for it, and discuss steps toward implementation, testing and deployment of the system.
This work was carried out while Trevor Jim was at the University of Pennsylvania.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
D. Eastlake 3rd and C. Kaufman. Domain name system security extensions. IETF Proposed Standard RFC 2065 (Updates RFC 1034 and RFC 1035), January 1997. 278
Steve Berson, Bob Braden, and Livio Ricciulli. Introduction to the ABONE. http://www.isi.edu/abone/DOCMUMENTS/ABoneIntro.ps, March 2000. 277, 278
Matt Blaze, Joan Feigenbaum, John Ioannidis, and Angelos Keromytis. The role of trust management in distributed systems security. In Secure Internet Programming: Issues in Distributed and Mobile Object Systems, 1999. 278
Matt Blaze, Joan Feigenbaum, and Jack Lacy. Decentralized trust management. In Proceedings of the 17th Symposium on Security and Privacy, pages 164–173. IEEE Computer Society Press, 1996. 278
Carl M. Ellison, Bill Frantz, Ron Rivest, and Brian M. Thomas. SPKI certificate documentation. http://www.clark.net/pub/cme/html/spki.html. 278
Carl A. Gunter and Trevor Jim. Generalized certificate revocation. In Thomas Reps, editor, Conference Record of POPL '00: The 27th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pages 316–329, Boston, MA, January 2000. ACM. 288, 293
Carl A. Gunter and Trevor Jim. Policy directed certificate retrieval, June 2000. To appear in Software Practice and Experience. 278, 288
Michael Hicks. PLAN system security. Technical Report MS-CIS-98-25, Department of Computer and Information Science, University of Pennsylvania, April 1998. 293
Michael Hicks and Angelos D. Keromytis. A secure PLAN. In Stefan Covaci, editor, Proceedings of the First International Workshop on Active Networks, volume 1653 of Lecture Notes in Computer Science, pages 307–314. Springer-Verlag, June 1999. Extended version at http://www.cis.upenn.edu/~switchware/papers/secureplan.ps. 293
Mike Hicks, Pankaj Kakkar, Jonathan T. Moore, Carl A. Gunter, and Scott Nettles. PLAN: A packet language for active networks. In Proceedings of the Third ACM SIGPLAN International Conference on Functional Programming Languages, pages 86–93, Baltimore, Maryland, September 1998. ACM Press. 293
R. Housley, W. Ford, W. Polk, and D. Solo. Internet X.509 Public Key Infrastructure: Certificate and CRL Profile. IETF RFC 2459, January 1999. 278
Timothy A. Howes, Mark C. Smith, and Gordon S. Good. Understanding and Deplying LDAP Directory Services. Network Architecture and Development Series. Macmillan, 1999. 278
ISO/IEC 9594-1. Information technology―Open Systems Interconnection―The Directory: Overview of concepts, models and services, 1997. Equivalent to ITU-T Rec. X.500, 1997. 278
ISO/IEC 9794-8. Information technology―Open Systems Interconnection―The Directory: Authentication framework, 1997. Equivalent to ITU-T Rec. X.509, 1997. 278
ISO/IEC 9798-3. Information technology-Security techniques-Entity authentication-Part 3: Mechanisms using digital signature techniques, October 1998. 285
Butler Lampson and Ron Rivest. SDSI―a simple distributed security infrastructure. http://theory.lcs.mit.edu/~cis/sdsi.html. 278, 288
C. Liu and P. Albitz. DNS and BIND. O'Reilly & Associates, 1992. 278
Patrick McDaniel and Sigih Jamin. Windowed revocation. In Raphael Rom and Henning Shulzrinne, editors, Proceedings of the Nineteenth IEEE Computer and Communication Society Infocom Conference, Tel Aviv, Isreal, March 2000. 287
P. Mockapetris and K. Dunlap. Development of the domain name. ACM Computing Reviews, 18(4):123–133, 1988. Also in Proceedings ACM SIGCOMM '88 Symposium, August 1988. 278
Livio Ricciulli. Service configuration and management in adaptable networks. In Tenth Annual IFIP/IEEE International Workshop on Distributed Systems: Operations and Management, 1999. 278
Livio Ricciulli and Phillip A. Porras. An Adaptable Network COntrol and Reporting System (ANCORS). In Integrated Network Management, Boston, 1999. 278
W. Yeong, T. 0Howes, and S. Kille. Lightweight Directory Access Protocol. IETF RFC 1777, 1995. 278
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2000 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kakkar, P., McDougall, M., Gunter, C.A., Jim, T. (2000). Certificate Distribution with Local Autonomy. In: Yasuda, H. (eds) Active Networks. IWAN 2000. Lecture Notes in Computer Science, vol 1942. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-40057-5_21
Download citation
DOI: https://doi.org/10.1007/3-540-40057-5_21
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-41179-6
Online ISBN: 978-3-540-40057-8
eBook Packages: Springer Book Archive