Abstract
This paper argues that security design for Open Distributed Processing (ODP) would benefit from a shift of focus from the infrastructure to individual servers as the owners and enforcers of security policy. It debates the policy nuances, mechanisms, and protocol design consequences, that would follow from such a change of emphasis. In ODP, physically separate systems federate into heterogeneous networks of unlimited scale, so there can be no central authority, nor ubiquitous security infrastructure. Servers that offer, trade, supply and consume services must maintain their own security policies and defend themselves. For servers to take security policy and enforcement decisions, design is concerned with how they might seek advice and guidance from higher authority. This contrasts with an administrator imposed policy on a closed homogeneous network, where an infrastructure enforces administrator declared access rights to potential clients, including rights to delegate rights.
Chapter PDF
Keywords
- Smart Card
- Security Policy
- Authentication Protocol
- Authentication Service
- Defense Advance Research Project Agency
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
M. Abadi, M. Burrows, C. Kaufman, and B. Lampson Authentication and Delegation with Smart-Cards DEC Systems Research Center, Report No.67, Oct 1990.
Architecture Projects Management Ltd (ANSA) The Application Programmers' Introduction to the Architecture Technical Reports TR 017.00, 1991.
R J. van der Linden and J. Sventek The ANSA Trading Service IEEE Distributed Processing Committee Newsletter, Vol. 13, No. 4, 1991.
J.A. Bull Object Request Broker RFP Response OMG: 91.1.2, to the Object Management Group. Architecture Projects Management Ltd, CO.059.00, 08 Jan 1991.
M. Burrows, M. Abadi, R.M. Needham A Logic for Authentication ACM Trans. on Computer Systems, Vol.8, No.1, Feb 1990, pp.18–36.
ECMA Security in Open Systems: A Security Framework. ECMA TR 46, Jul 1988.
ECMA Security in Open Systems: Data Elements and Service Definitions ECMA TR 138, Dec 1989.
M. Gasser, A. Goldstein, C. Kaufman, and B. Lampson The Digital Distributed System Security Architecture Proc. of the 12th National Computer Security Conference NIST/NCSC, Oct 1989, pages 305–319.
L. Gong A Secure Identity-Based Capability System Proc. of the IEEE Symp. on Security and Privacy Oakland, California, May 1989, pp 56–63
L. Gong Using One-Way Functions for Authentication ACM Computer Comms Review, Vol.19, No.5, Oct 1989, pp.8–11.
L. Gong, R. Needham, and R. Yahalom Reasoning about Belief in Cryptographic Protocols Proc. of the IEEE 1990 Symp. on Security and Privacy Oakland, California, May 1990, pp.234–248.
J.Y. Halpern and Y. Moses Knowledge and Common Knowledge in a Distributed Environment Proc. of the 3rd ACM Symp. on Principles of Distributed Computing Vancouver, British Columbia, Aug 1984, pp.50–61.
ISO ODP Basic Reference Model of Open Distributed Processing Part 2: Descriptive Model ISO/TEC JTC1/SC21/WG7 N315, Mar 1991 (and later revisions) and ISO/EEC JTC1/SC21 N6079 (draft), May 1991 (and later revisions) Part 3: Prescriptive Model ISO/TEC JTC1/SC21 N6080 (draft). May 1991 (and later revisions).
Working draft Security Frameworks Overview ISO/IEC JTC1/SC21N6166 and N6080, Jul 1991.
P.A. Karger New Methods for Immediate Revocation Proc. of the IEEE Symp. on Security and Privacy Oakland, California, May 1989, pp.48–55.
B.W. Lampson Protection Proc. of the 5th Princeton Symp. on Info. Sciences and Systems, March, 1971. Reprinted in ACM Operating. Systems Review, Vol.8, No.1, Jan 1974, pp.18–24.
B. Lampson, M. Abadi, M. Burrows, and E. Wobber Authentication in Distributed Systems: Theory and Practice Proc. of the 13th ACM Symp. on Operating Systems Principles, Oct 1991 Publ. as ACM Op. Systems Review, Vol 25, No.5, pp.165–182. Also as, DEC Systems Research Center, Report No.83, Feb 1992.
H.M. Levy Capability-Based Computer Systems Digital Press, 1984.
R.C. Merkte Protocols for Public Key Crypto-systems Proc. of the IEEE Symp. on Security and Privacy Oakland, California, May 1980, pp.122–134.
N.H. Minsky Selective and Locally Controlled Transport of Privilege ACM Trans on Prog Langs and Systs, Vol.6, No.4, Oct 1984, pp.573–602.
R.M. Needham and M.D. Schroeder Using Encryption for Authentication in Large Networks of Computers Communications of the ACM, Vol.21, No.12, Dec 1978, pp.993–999.
D.J. Otway and O. Rees Efficient and Timely Mutual Authentication ACM Op. System Review. Vol.21, No.1, Jan 1987, pp.8–10.
R.L. Rivest Cryptography In J. van Leeuwen, editor: Handbook of Theoretical Computer Science Volume A, Algorithms and Complexity, chapter 13, pages 717–755. Elsevier Science Publishers B. V., 1990.
A. Shamir Identity Based Crypto-systems and Signature Schemes Proc. of Crypto'84, Aug 1984, pp.47–53.
A. Snyder Inheritance and the Development of Encapsulated Software Components In B. Shriver and P. Wegner ed.: Research Directions in Object-Oriented Programming MIT Press, 1987,pp.l65–188.
K. Sollins Cascaded Authentication Proc. of the IEEE Symp. on Security and Privacy Oakland, California, Apr 1988, pp.156–163.
J.G. Steiner, C. Neuman, and J.I. Schiller Kerberos: An Authentication Service for Open Network Systems Proc. of the USENIX Winter Conference, Feb 1988, pp.191–202.
S.T. Vintner Extended Discretionary Access Controls Proc. of the IEEE Symp. on Security and Privacy Oakland, California, Apr 1988, pp.39–49.
V.L. Vodyock and S.T. Kent Security Mechanisms in High-Level Network Protocols ACM Computing Surveys, Vol.15, No.2, Jun 1983, pp.135–171.
Simon Wiseman A Secure Capability Computer System Proc. of the IEEE Symp. on Security and Privacy Oakland, California, Apr 1986, pp.86–94.
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 1992 Springer-Verlag
About this paper
Cite this paper
Bull, J.A., Gong, L., Sollins, K.R. (1992). Towards security in an open systems federation. In: Deswarte, Y., Eizenberg, G., Quisquater, JJ. (eds) Computer Security — ESORICS 92. ESORICS 1992. Lecture Notes in Computer Science, vol 648. Springer, Berlin, Heidelberg. https://doi.org/10.1007/BFb0013889
Download citation
DOI: https://doi.org/10.1007/BFb0013889
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-56246-7
Online ISBN: 978-3-540-47488-3
eBook Packages: Springer Book Archive