Confidence Domains for Distributed Systems (1994) [2 citations — 2 self]

Download:

by Winfried E. Kuhnhauser

In Proceedings of the 6th Canadian Computer Security Symposium

http://www.prakinf.tu-ilmenau.de/~kuehnhau/publications/cd.ps

Add To MetaCart

Popular Tags

No tags have been applied to this document.

BibTeX | Add To MetaCart

@INPROCEEDINGS{Kuhnhauser94confidencedomains,
    author = {Winfried E. Kuhnhauser},
    title = {Confidence Domains for Distributed Systems},
    booktitle = {In Proceedings of the 6th Canadian Computer Security Symposium},
    year = {1994},
    pages = {177--200},
    publisher = {Press}
}

Abstract:

The paper addresses the problem of trust in large computer networks that connect several independent organizations. While in such networks it is politically difficult to agree upon one single common point of trust and one single global network security policy, few networks exist in which no system trusts any other system. Thus we observe that systems in a network form clusters, based on the sharing of a common point of trust or a common security policy. One of the major assumptions in this paper is that trust cannot be achieved on a simple technical or mechanical level alone. We introduce confidence domains as an approach to describe human belief in the trustworthyness of systems and thus make this knowledge available to the system's security components. The paper describes the concept of confidence domains together with the paradigms used to define and estabish them. It gives examples how confidence domains can be exploited as a foundation for security policies. The paper also describes mechanisms needed to enforce confidence domains in an open network and concludes with a detailed description of an implementation for the BirliX Security Architecture.

Citations

556	Kerberos: An Authentication Service for Open Network Systems – Steiner, Neuman, et al. - 1988
184	The Apertos reflective operating system: The concept and its implementation – Yokote - 1992
84	An architecture for practical delegation in a distributed system – Gasser, McDermott - 1990
82	The Digital distributed system security architecture – GASSER, GOLDSTEIN, et al. - 1989
46	Recommendation X.509, The Directory–Authentication Framework – “CCITT - 1989
34	The Evolution of the Kerberos Authentication Service – Kohl, Neuman, et al. - 1994
31	The Birlix security architecture – Härtig, Kowalski, et al. - 1993
23	Security Kernel Design and Implementation: An Introduction.” Computer 16(7):14-22 – Ames, Gasser, et al. - 1983
13	Protection in the BirliX Operating System – Kowalski, Hartig - 1990
10	Operating System(s) on Top of Persistent Object Systems --- The BirliX Approach – Hartig, Kuhnhauser, et al. - 1992
9	COOL-2: an Object-Oriented Support Platform Built above the Chorus MicroKernel – Lea, Amaral, et al. - 1991
4	Department of Defense. Trusted Computer System Evaluation Criteria – States - 1985
2	A Protocol for Secure Communication and its Performance – Anderson, Ferrari, et al. - 1987
2	Fault-Tolerance in Sixth Generation Operating Systems – Birman - 1991
2	The Clouds Distributed Operating System. Paper ftped from helios.cc.gatech.edu; announced for – Dasgupta, Jr - 1992
2	Vertrauenswurdiges Booten als Grundlage authentischer Basissysteme. In Tagungsband der GI-Fachtagung 'Verlassliche Informationssysteme 1991 – Gross - 1991

View or Download | Add to My Collection | Correct Errors