a trust based delegation system for managing access control

《a trust based delegation system for managing access control》由会员上传分享，免费在线阅读，更多相关内容在工程资料-天天文库。

1、ATRUSTBASEDDELEGATIONSYSTEMFORMANAGINGACCESSCONTROLRainerSteffen,RudiKnorr*AbstractTrustisconsideredtobeapowerfulapproachformanagingaccesscontrolinpervasivecomputingscenarios.Weintroduceanoveldelegationsystemthatdescribesdigitaltrustbetweenusersbymeansofcryptog

2、raphicallysecuredtokens.Thedelegationsystemisorganizedbytheusersthemselvesinafullydistributedmanner.Acentralinstancelikeapublickeyinfrastructureisnotrequired.Thesystemsupportsanonymity,providesahighusabilityandissuitableforusewithinpervasivecomputingscenarios.1

3、.IntroductionSecuritymanagementinpervasivecomputingscenariosisachallengingtask.Wehavetocopewithdynamicandheterogeneousnetworks,alargenumberofdifferentdevices,usersandservices.Toenableasecurecollaborationbetweenalltheactors,anefficientaccesscontrolisessential.In

4、traditionalcomputerandcommunicationnetworks,accesscontrolismostlymanagedbystaticaccesscontrollists(ACLs).TheseACLscontaininformationabouttheobjectsthathavetobeprotected(e.g.datafilesorservices)andthesubjects(e.g.users)whichhavetherighttoaccesstheseobjects.Manag

5、ementofaccesscontrolbyACLspresumesthattheobjectshaveknowledgeaboutallthepotentialsubjects,whichmightaccesstheobject.Infuturepervasivescenarios,thiskindofaccesscontrolmechanismisunsuitable.FirstlytheadministrativeoverheadformanagingtheACLsinadynamicscenariowitha

6、multitudeofdevices,usersandservicesisincreasingtremendously.Secondlythereisnosupportofunknowndevicesandusersastheycanappearinpervasiveandad-hocnetworks.Apowerfulapproachtoovercometheseproblemsisdeliveredbythetrust-paradigm.InsteadoforinadditiontoaninflexibleACL

7、configuration,trustrelationshipsbetweentheusersareutilizedtogainaccesstotheobjects.Thegoalistomapthenaturaltrustbetweenhumanstothedigitalworld.Oneofthetrustapproachesistheso-calleddelegationsystemwhichenablesuserstoexpressandenforcethetrusttheyhaveinothersbymea

8、nsofdigitaltrusttokens.Inthefollowingweelaborateanovelanduser-friendlytrustbaseddelegationsystemthatissuitablefortheusewithinpervasivecomputingscenarios.Thispaperisorganized