Abstract
Access controlin modern computing environments is different from access controlin the traditional setting of operating systems. For distributed computing systems, specification and enforcement of permissions can be based on a public key infrastructure which deals with public keys for asymmetric cryptography. Previous approaches and their implementations for applying a public key infrastructure are classified as based either on trusted authorities with licencing or on owners with delegations. We present the architecture and main features of a trust management infrastructure based on a hybrid model which unifies and extends the previous public key infrastructure approaches. The trust management infrastructure constitutes a flexible framework for experimenting with the applications of different trust models.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
The Apache XML project. http://xml.apache.org/.
ITU-T recommendation X.509: The directory-public-key and attribute certificate frameworks, 2000.
Dueling theologies. In 1st Annual PKI Research Workshop, Gaithersburg, Maryland, USA, Apr. 2002.
IBM XML Security Suite. http://alphaworks.ibm.com/tech/xmlsecuritysuite/, Apr. 2002.
C. Altenschmidt, J. Biskup, U. Flegel, and Y. Karabulut. Secure mediation: Requirements, design and architecture. Journal of Computer Security. To appear.
C. Altenschmidt, J. Biskup, J. Freitag, and B. Sprick. Weakly constraining multimedia types based on a type embedding ordering. In Proceedings of the 4th International Workshop on Multimedia Information Systems, pages 121–129, Istanbul, Turkey, Sept. 1998.
J. Biskup and Y. Karabulut. A hybrid PKI model with an application for secure mediation. In 16th Annual IFIP WG 11.3 Working Conference on Data and Application Security, Cambridge, England, July 2002. To appear.
J. Biskup and Y. Karabulut. Mediating between strangers: A trust management based approach. In 2nd Annual PKI Research Workshop, Gaithersburg, USA, Apr. 2003. To appear.
M. Blaze, J. Feigenbaum, and A. Keromytis. The KeyNote trust management system version 2. RFC 2704, IETF, Sept. 1999.
P. Bonatti and P. Samarati. Regulating service access and information release on the web. In Proceedings of the 7th ACM Conference on Computer and Communication Security, pages 134–143, Athens, Greece, Nov. 2000.
D. Clarke, J.-E. Elien, C. Ellison, M. Fredette, A. Morcos, and R. L. Rivest. Certificate chain discovery in SPKI/SDSI. Journal of Computer Security, 9(4):285–322, 2001.
D. Eastlake, J. Reagle, and D. Solo. XML signature core syntax and processing. http://www.ietf.org/rfc/rfc3275.txt, work in progress, RFC 3275, Internet Engineering Task Force, Mar. 2002.
C. Ellison. SPKI/SDSI certificates. http://world.std.com/~cme/html/spki.html, Aug. 2001.
C. M. Ellison, B. Frantz, B. Lampson, R. Rivest, B. M. Thomas, and T. Ylonen. Simple public key certification. Internet draft, work in progress. http://www.ietf.org/ids.by.wg/spki.html, June 1999.
T. Finin, Y. Labrou, and J. Mayfield. KQML as an agent communication language. In J. M. Bradshaw, editor, Software Agents. MIT Press, Cambridge, 1997. http://www.cs.umbc.edu/kqml/papers/.
Q. He, K. P. Sycara, and T. Finin. PersonalSecurit y Agent: KQML-Based PKI. In Proceedings of the 2nd International Conference on Autonomous Agents, pages 377–384. ACM Press, 1998.
A. Herzberg and Y. Mass. Relying party credentials framework. In D. Naccache, editor, Topics in Cryptology-CT-RSA 2001, The Cryptographer’s Track at RSA Conference, LNCS 2020, pages 328–343, San Francisco, CA, 2001.
P. Hildebrand. Design and implementation of a KQML-based hybrid PKI for secure mediation. Master’s thesis, Department of Computer Science, University of Dortmund, Apr. 2002.
IETF X.509 Working Group. Public-key infrastructure (X.509). http://www.ietf.org/html.charters/pkix-charter.html, 1998.
Y. Karabulut. Secure Mediation Between Strangers in Cyberspace. PhD thesis, University of Dortmund, 2002.
C. Kröger. Integration of access control systems into a credential-based security environment. Master’s thesis, Department of Computer Science, University of Dortmund, Sept. 2000.
P. Lehmann. Design and implementation of a credential manager. Master’s thesis, Department of Computer Science, University of Dortmund, Apr. 2002.
N. Li, J. C. Mitchell, and W. H. Winsborough. Design of a role-based trust-management framework. In IEEE Symposium on Security and Privacy, pages 114–130, Berkeley, California, USA, May 2002.
P. Nikander. An architecture for authorization and delegation in distributed Object-Oriented Agent Systems. PhD thesis, Helsinki University of Technology, Mar. 1999.
Object Management Group. The common object request broker, architecture and specification. CORBA 2.3.1/IIOP specification. http://www.omg.org/library/c2indx.html, Dec. 1998.
X. Orri and J. M. Mas. SPKI-XML certificate structure. Internet Draft draft-orri-spki-xml-cert-struc-00.txt, work in progress, Internet Engineering Task Force, Nov. 2001.
J. Reagle. XML signature requirements. http://www.ietf.org/rfc/, work in progress, RFC 2807, Internet Engineering Task Force, July 2000.
K. Seamons, M. Winslett, T. Yu, B. Smith, E. Child, and J. Jacobsen. Protecting privacy during on-line trust negotiation. In 2nd Workshop on Privacy Enhancing Technologies, San Francisco, CA, Apr. 2002. To appear.
Sun Microsystems. Keytool-Key and Certificate Management Tool. http://java.sun.com/j2se/1.3/docs/tooldocs/win32/keytool.html.
C. Thirunavukkarasu, T. Finin, and J. Mayfield. Secret agents-a security architecture for the KQML agent communication language. In 4th International Conference on Information and Knowledge Management-Workshop on Intelligent Information Agents, Baltimore, Maryland, USA, Dec. 1995.
W. Thompson, W. Johnston, S. Mudumbai, G. Hoo, K. Jackson, and A. Essiari. Certificate-based access control for widely distributed resources. In Proceedings of the 8th USENIX Security Symposium, Washington D.C., Aug. 1999.
M. Winslett, N. Ching, V. Jones, and I. Slepchin. Assuring security and privacy for digital library transactions on the web: Client and server security policies. In Proceedings of Forum on Research and Technical Advances in Digital Libraries (ADL’97), pages 140–152, Washington, DC, May 1997.
T. Yu, M. Winslett, and K. Seamons. Interoperable strategies in automated trust negotiation. In Proceedings of 8th ACM Computer Conference on Computer and Communication Security, pages 146–155, Philedelphia, Pennsylvania, Nov. 2001.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Karabulut, Y. (2003). Implementation of an Agent-Oriented Trust Management Infrastructure Based on a Hybrid PKI Model. In: Nixon, P., Terzis, S. (eds) Trust Management. iTrust 2003. Lecture Notes in Computer Science, vol 2692. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-44875-6_23
Download citation
DOI: https://doi.org/10.1007/3-540-44875-6_23
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-40224-4
Online ISBN: 978-3-540-44875-4
eBook Packages: Springer Book Archive