Abstract
In new key-oriented access control systems, access rights are delegated from key to key with chains of signed certificates. This paper describes an efficient graph-search technique for making authorization decisions from certificate databases. The design of the algorithm is based on conceptual analysis of typical delegation network structure and it works well with threshold certificates. Experiments with generated certificate data confirm that it is feasible to find paths of delegation in large certificate sets. The algorithm is an essential step towards efficient implementation of key-oriented access control.
This work has been funded by Helsinki Graduate School in Computer Science and Engineering (HeCSE) and supported by research grants from Academy of Finland.
This is a preview of subscription content, log in via an institution.
Preview
Unable to display preview. Download preview PDF.
References
Tuomas Aura. On the structure of delegation networks. In Proc. 11th IEEE Computer Security Foundations Workshop, Rockport, MA, June 1998. IEEE Computer Society Press.
Matt Blaze, Joan Feigenbaum, and Jack Lacy. Decentralized trust management. In Proc. 1996 IEEE Symposium on Security and Privacy, pages 164–173, Oakland, CA, May 1996. IEEE Computer Society Press.
Carl M. Ellison, Bill Franz, Butler Lampson, Ron Rivest, Brian M. Thomas, and Tatu Ylönen. SPKI certificate theory, Simple public key certificate, SPKI examples. Internet draft, IETF SPKI Working Group, November 1997.
Ilari Lehti and Pekka Nikander. Certifying trust. In Proc. 1998 International Workshop on Practice and Theory in Public Key Cryptography PKC'98, Yokohama, Japan, February 1998.
Thomas J. Mowbray and William A. Ruh. Inside Corba: Distributed Object Standards and Applications. Addison-Wesley, September 1997.
Ronald L. Rivest and Butler Lampson. SDSI — A simple distributed security infrastucture. Technical report, April 1996.
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 1998 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Aura, T. (1998). Fast access control decisions from delegation certificate databases. In: Boyd, C., Dawson, E. (eds) Information Security and Privacy. ACISP 1998. Lecture Notes in Computer Science, vol 1438. Springer, Berlin, Heidelberg. https://doi.org/10.1007/BFb0053741
Download citation
DOI: https://doi.org/10.1007/BFb0053741
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-64732-4
Online ISBN: 978-3-540-69101-3
eBook Packages: Springer Book Archive