Advances in telecommunications technology have resulted in the proliferation of large distributed systems in commercial environments. Distributed systems, however, are vulnerable to unauthorised access to resources and compromise of information, either in terms of integrity or confidentiality. Furthermore, a distributed system may contain a large number of objects that are mutually suspicious making it hard to specify security policy. In addition, such a system may cross organisational boundaries necessitating decentralised security management. This thesis proposes a security architecture for distributed object systems that supports access control services based on the concept of a domain. Domains can be used to group objects in a hierarchical structure, to apply a common security policy, to reflect organisational or geographical structure, or to partition the security management in order to cope with the complexity of large distributed systems. An access control policy specifies, in terms of domains, what operations a set of subjects is permitted to perform on a set of targets. In a distributed system, however, a client often delegates access rights to a proxy server to perform operations on behalf of the client. As delegation of access rights should be controlled, the notion of the access control policy has been extended to deal with cascaded delegation. The security architecture provides a high degree of access control and authentication transparency to the application level by utilising security agents on each host. A policy dissemination mechanism has been developed to propagate policies through hierarchical domain structures to the agents of the concerned objects and deal with changes in the domain structure. The access control mechanism, which is based on the Access Control List (ACL) paradigm, enforces access control policies specified in terms of domains and deals with cascaded delegation of access rights. As the access control decisions are based on domain membership, there is a need to efficiently authenticate domain membership as well as object and user identity. The proposed intra-realm authentication system is based on symmetric cryptography to minimise the encryption/decryption overhead. Verification of domain membership is based on statements issued by the domain service and translated by the authentication system into the keys of the verifiers. Similarly, verification of delegation is based on delegation tokens issued by the grantors and translated into the keys of the end-points.
full publication: http://www-dse.doc.ic.ac.uk/dse-papers/security/ny_thesis.tar.gz
pubs.doc.ic.ac.uk: built & maintained by Ashok Argent-Katwala.