Skip to main content
SpringerLink
Log in
Book cover

Australasian Conference on Information Security and Privacy

ACISP 1998: Information Security and Privacy pp 284–295Cite as

Fast access control decisions from delegation certificate databases

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 1438))

Abstract

In new key-oriented access control systems, access rights are delegated from key to key with chains of signed certificates. This paper describes an efficient graph-search technique for making authorization decisions from certificate databases. The design of the algorithm is based on conceptual analysis of typical delegation network structure and it works well with threshold certificates. Experiments with generated certificate data confirm that it is feasible to find paths of delegation in large certificate sets. The algorithm is an essential step towards efficient implementation of key-oriented access control.

This work has been funded by Helsinki Graduate School in Computer Science and Engineering (HeCSE) and supported by research grants from Academy of Finland.

This is a preview of subscription content, log in via an institution.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Tuomas Aura. On the structure of delegation networks. In Proc. 11th IEEE Computer Security Foundations Workshop, Rockport, MA, June 1998. IEEE Computer Society Press.

    Google Scholar 

  2. Matt Blaze, Joan Feigenbaum, and Jack Lacy. Decentralized trust management. In Proc. 1996 IEEE Symposium on Security and Privacy, pages 164–173, Oakland, CA, May 1996. IEEE Computer Society Press.

    Google Scholar 

  3. Carl M. Ellison, Bill Franz, Butler Lampson, Ron Rivest, Brian M. Thomas, and Tatu Ylönen. SPKI certificate theory, Simple public key certificate, SPKI examples. Internet draft, IETF SPKI Working Group, November 1997.

    Google Scholar 

  4. Ilari Lehti and Pekka Nikander. Certifying trust. In Proc. 1998 International Workshop on Practice and Theory in Public Key Cryptography PKC'98, Yokohama, Japan, February 1998.

    Google Scholar 

  5. Thomas J. Mowbray and William A. Ruh. Inside Corba: Distributed Object Standards and Applications. Addison-Wesley, September 1997.

    Google Scholar 

  6. Ronald L. Rivest and Butler Lampson. SDSI — A simple distributed security infrastucture. Technical report, April 1996.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Digital Systems laboratory, Helsinki University of Technology, FIN-02015, Hut, Finland

    Tuomas Aura

Authors
  1. Tuomas Aura
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Colin Boyd Ed Dawson

Rights and permissions

Reprints and permissions

Copyright information

© 1998 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Aura, T. (1998). Fast access control decisions from delegation certificate databases. In: Boyd, C., Dawson, E. (eds) Information Security and Privacy. ACISP 1998. Lecture Notes in Computer Science, vol 1438. Springer, Berlin, Heidelberg. https://doi.org/10.1007/BFb0053741

Download citation

  • DOI: https://doi.org/10.1007/BFb0053741

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-64732-4

  • Online ISBN: 978-3-540-69101-3

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation