Abstract | ||
---|---|---|
In this paper we present PAMINA (Privilege Admini- stration and Management INfrAstructure), a privilege management system using authorization certificates. Our system supports distributed environments where autono- mous authorities can manage and delegate privileges in accordance with their own policies. We introduce Im- proved Certification Verification Trees (I-CVTs) that guarantee very efficient and trustworthy certificate man- agement. I-CVTs can provide undeniable proofs for the non-existence of a given certificate in contrast to CVTs as proposed in (1). As a result, each authority can store its own I-CVT in a central, non-trusted, and replicable data- base. This database provides authenticated verifiers with basically only those certificates that are required to de- termine whether a user should be granted access to a resource or not. Since the system implements the pull model, clients need not to be involved in the access control decision process. PAMINA handles delegation trees in- stead of simple delegation chains because authorities can delegate privileges in one certificate that were assigned to them by several certificates. In the prototype that we de- scribe here, PAMINA manages certificates based on X.509. |
Year | Venue | Keywords |
---|---|---|
2002 | NDSS | access control,distributed environment,management system |
Field | DocType | Citations |
Authentication,Delegate,Computer security,Computer science,Access control,Certificate Management Protocol,Delegation,Certification,Privilege Management Infrastructure,Database,Certificate | Conference | 1 |
PageRank | References | Authors |
0.40 | 8 | 3 |
Name | Order | Citations | PageRank |
---|---|---|---|
Zoltán Nochta | 1 | 2 | 2.12 |
Peter Ebinger | 2 | 1 | 1.07 |
Sebastian Abeck | 3 | 170 | 30.71 |