Abstract:
We are developing a security model and architecture that is intended to provide general, scalable, and effective security services in open and highly distributed network environments. Our objective is to provide, especially for on-line scientific instrument systems, the same level of, and expressiveness of, access control that is available to a local human controller of information and facilities, and the same authority, delegation, individual responsibility and accountability, and expressiveness of policy that one sees in specific environments in scientific organizations. Our model is based on a public-key infrastructure and cryptographically signed certificates that encode use-conditions that are defined by those directly responsible for a resource. Certificates that encode user characteristics that satisfy the use-conditions are supplied by those who can attest to the characteristic. The collection of certificates specifying use-conditions and their satisfaction are combined with on-line (real-time) access control mechanisms to enable remote instrument operation. The real-time mechanisms are intended to provide the level and scope of credential validation commensurate with the consequences of the actions that are enabled / protected by the security system.
Citations
|
570
|
Decentralized Trust Management
– Blaze, Feigenbaum, et al.
- 1996
|
|
182
|
Generic Security Service Application Programming Interface
– Linn
- 1993
|
|
35
|
RFC 1422, Privacy Enhancement for Internet Electronic Mail
– Kent
- 1993
|
|
15
|
Asymmetric encryption: evolution and enhancements
– Johnson, Matyas
- 1996
|
|
13
|
A New Approach to the X.509 Framework: Allowing a Global Authentication Infrastructure without a Global Trust Model
– Mendes, Huitema
- 1995
|
|
10
|
The SSH (Secure Shell) remote login protocol
– Ylonen
- 1996
|
|
8
|
The kerberos version 5 GSS-API mechanism
– Linn
- 1964
|
|
7
|
Generalized Certificates
– Ellison
- 1996
|
|
7
|
The Virtual Laboratory: Using Networks to Enable Widely
– Johnston, Agarwal
- 1994
|
|
3
|
ECMA-219: Authentication and privilege attribute security application with related key distribution functions, 1st edition
– ECMA
- 1994
|
|
3
|
A Secure European System for Applications in a Multi-vendor Environment, http://www.esat.kuleuven.ac.be/cosic/sesame
– SESAME
- 1997
|
|
2
|
Zurko. Authorization for distributed applications and groups
– Hurley, Meta, et al.
- 1996
|
|
2
|
Available at ftp://ftp.rsa.com/pub/pkcs/ascii/pkcs-10.asc. This describes a syntax for public-key certification requests
– PKCS
- 1993
|
|
2
|
IDUP and SPKM: Developing public-key-based APIs and mechanisms for communication security services
– Adams
- 1996
|
|
2
|
Introduction to cryptographic standards
– Ankney
|
|
2
|
Security in Open Systems - Data Elements and Service Definitons", ECMA-138
– ECMA
- 1989
|
|
1
|
SPKM: Developing public-key-based APIs and mechanisms for communication security services
– IDUP
- 1996
|
|
1
|
Information security - transforming the global marketplace (a panel discussion
– Gary, Anderson, et al.
- 1996
|
|
1
|
ImgLib "LBNL Image Library
– Thompson, Johnston
- 1995
|
|
1
|
The Kaiser
– Kaiser, LBNL, et al.
- 1995
|
|
1
|
The Distributed-Parallel Storage System (DPSS) home page
– LBNL
- 1996
|
|
1
|
Netscape Communications Co. http://www.netscape.com/newsref/ref/128bit.html Lawrence Berkeley National Laboratory WEJohnston@lbl.gov 29 August 8
– Chen
- 1997
|
|
1
|
RSA labs' Frequently Asked Questions about todays' cryptography v3.0
– RSA
- 1996
|
|
1
|
LBNL image library
– Thompson, Johnston
- 1996
|
|
1
|
Security in computer networks. Available at http://www.zurich.ibm.com/pub/sti/www/g-kk/sirene/index.html. See also http://www.zurich.ibm.com/pub/sti/www/g-kk/sirene/pointers.html
– SIRENE
|
|
1
|
Web Consortium. Platform for internet content selection
– Wide
- 1996
|
|
1
|
SSLeay implementation of the SSL protocol. Available at http://www.psy.uq.edu.au:8080/~ftp/Crypto. SSLeay is a free implementation of Netscape's Secure Socket Layer - the software encryption protocol behind the Netsite Secure Server and the Netscape Brows
– Young
|
|
