Abstract
Existing proposals for adding cryptographic security mechanisms to Unix have secured numerous individual applications, but none provide a comprehensive uniform approach. As a consequence an ad-hoc approach is required to fully secure a Unix environment resulting in a lack of interoperability, duplication of security services, excessive administration and maintenance, and a greater potential for vulnerabilities. SESAME is a comprehensive security architecture, compatible with Kerberos. In particular, SESAME provides single or mutual authentication using either Kerberos or public-key cryptography, confidentiality and integrity protection of data in transit, role based access control, rights delegation, multi-domain support and an auditing service. Because of SESAME's comprehensive range of security services, and because it scales well, SESAME is well suited for securing potentially all Unix applications in a uniform manner.
Preview
Unable to display preview. Download preview PDF.
References
P. Ashley. ISRC SESAME Application Development Pages, http://www.fit.qut.edu.au/~ashley/sesame.html.
P. Ashley and B. Broom. Implementation of the SESAME Security Architecture for Linux. In Proceedings of the AUUG Summer Technical Conference, Brisbane, Qld., April 1997.
T. Dierks and C. Allen. The TLS Protocol Version 1.0, November 1997. Internet Draft.
C. Ellison, B. Prantz, R. Rivest, and B. Thomas. Simple Public Key Certificate, April 1997. Internet Draft.
D.F. Ferraiolo and R. Kuhn. Role-Based Access Control. In Proceedings of the 15th NIST-NSA National Computer Security Conference, Baltimore, MD., October 1992.
P. Kaijser, T. Parker, and D. Pinkas. SESAME: The Solution To Security for Open Distributed Systems. Computer Communications, 17(7):501–518, July 1994.
J. Kohl and C. Neuman. The Kerberos Network Authentication Service V5, 1993. RFC1510.
B. Lampson. Protection. ACM Operating Systems Review, 8(1):18–24, 1974.
J. Linn. Generic Security Service Application Program Interface Version 2, 1997. RFC2078.
T. Parker and C. Sundt. Role Based Access Control in Real Systems. In Compsec '95, October 1995.
PGP Inc. Pretty Good Privacy 5.0, Source Code, Sets 1–3. Printers Inc., June 1997.
M. Vandenwauver. The SESAME home page, http://www.esat.kuleuven.ac.be/cosic/sesame.
M. Vandenwauver, R. Govaerts, and J. Vandewalle. How Role Based Access Control is Implemented in SESAME. In Proceedings of the 6-th Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises, pages 293–298. IEEE Computer Society, 1997.
T. Ylonen, T. Kivinen, and M. Saarinen. SSH Protocol Architecture, October 1997. Internet Draft.
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 1998 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Ashley, P., Vandenwauver, M., Broom, B. (1998). A uniform approach to securing Unix applications using SESAME. In: Boyd, C., Dawson, E. (eds) Information Security and Privacy. ACISP 1998. Lecture Notes in Computer Science, vol 1438. Springer, Berlin, Heidelberg. https://doi.org/10.1007/BFb0053718
Download citation
DOI: https://doi.org/10.1007/BFb0053718
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-64732-4
Online ISBN: 978-3-540-69101-3
eBook Packages: Springer Book Archive