Certificate distribution with local autonomy

Pankaj Kakkar; Michael McDougall; Carl A. Gunter; Trevor Jim

doi:10.1007/3-540-40057-5_21

Certificate distribution with local autonomy

Pankaj Kakkar, Michael McDougall, Carl A. Gunter, Trevor Jim

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Any security architecture for a wide area network system spanning multiple administrative domains will require support for policy delegation and certificate distribution across the network. Practical solutions will support local autonomy requirements of participating domains by allowing local policies to vary but imposing restrictions to ensure overall coherence of the system. This paper describes the design of a such a system to control access to experiments on the ABone active network testbed. This is done through a special-purpose language extending the Query Certificate Manager (QCM) system to include protocols for secure mirroring. Our approach allows significant local autonomy while ensuring global security of the system by integrating verification with retrieval. This enables transparent support for a variety of certificate distribution protocols. We analyze requirements of the ABONE application, describe the design of a security infrastructure for it, and discuss steps toward implementation, testing and deployment of the system.

Original language	English (US)
Title of host publication	Active Networks - 2nd International Working Conference, IWAN 2000, Proceedings
Editors	Hiroshi Yasuda
Publisher	Springer
Pages	277-295
Number of pages	19
ISBN (Electronic)	3540411798, 9783540411796
DOIs	https://doi.org/10.1007/3-540-40057-5_21
State	Published - 2000
Externally published	Yes
Event	2nd International Working Conference on Active Networks, IWAN 2000 - Tokyo, Japan Duration: Oct 16 2000 → Oct 18 2000

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	1942
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Other

Other	2nd International Working Conference on Active Networks, IWAN 2000
Country/Territory	Japan
City	Tokyo
Period	10/16/00 → 10/18/00

Keywords

ABone
Access control
Active networks
Certificate distribution
Local autonomy
QCM
Query certificate manager
Security policy

ASJC Scopus subject areas

Theoretical Computer Science
Computer Science(all)

Online availability

10.1007/3-540-40057-5_21

Library availability

Discover UIUC Full Text

Cite this

Kakkar, P., McDougall, M., Gunter, C. A., & Jim, T. (2000). Certificate distribution with local autonomy. In H. Yasuda (Ed.), Active Networks - 2nd International Working Conference, IWAN 2000, Proceedings (pp. 277-295). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 1942). Springer. https://doi.org/10.1007/3-540-40057-5_21

Certificate distribution with local autonomy. / Kakkar, Pankaj; McDougall, Michael; Gunter, Carl A. et al.

Active Networks - 2nd International Working Conference, IWAN 2000, Proceedings. ed. / Hiroshi Yasuda. Springer, 2000. p. 277-295 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 1942).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Kakkar, P, McDougall, M, Gunter, CA & Jim, T 2000, Certificate distribution with local autonomy. in H Yasuda (ed.), Active Networks - 2nd International Working Conference, IWAN 2000, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 1942, Springer, pp. 277-295, 2nd International Working Conference on Active Networks, IWAN 2000, Tokyo, Japan, 10/16/00. https://doi.org/10.1007/3-540-40057-5_21

Kakkar P, McDougall M, Gunter CA, Jim T. Certificate distribution with local autonomy. In Yasuda H, editor, Active Networks - 2nd International Working Conference, IWAN 2000, Proceedings. Springer. 2000. p. 277-295. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/3-540-40057-5_21

Kakkar, Pankaj ; McDougall, Michael ; Gunter, Carl A. et al. / Certificate distribution with local autonomy. Active Networks - 2nd International Working Conference, IWAN 2000, Proceedings. editor / Hiroshi Yasuda. Springer, 2000. pp. 277-295 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{9a1900712abe42eb8af5b5ba1b308a58,

title = "Certificate distribution with local autonomy",

abstract = "Any security architecture for a wide area network system spanning multiple administrative domains will require support for policy delegation and certificate distribution across the network. Practical solutions will support local autonomy requirements of participating domains by allowing local policies to vary but imposing restrictions to ensure overall coherence of the system. This paper describes the design of a such a system to control access to experiments on the ABone active network testbed. This is done through a special-purpose language extending the Query Certificate Manager (QCM) system to include protocols for secure mirroring. Our approach allows significant local autonomy while ensuring global security of the system by integrating verification with retrieval. This enables transparent support for a variety of certificate distribution protocols. We analyze requirements of the ABONE application, describe the design of a security infrastructure for it, and discuss steps toward implementation, testing and deployment of the system.",

keywords = "ABone, Access control, Active networks, Certificate distribution, Local autonomy, QCM, Query certificate manager, Security policy",

author = "Pankaj Kakkar and Michael McDougall and Gunter, {Carl A.} and Trevor Jim",

note = "Publisher Copyright: {\textcopyright} Springer-Verlag Berlin Heidelberg 2000.; 2nd International Working Conference on Active Networks, IWAN 2000 ; Conference date: 16-10-2000 Through 18-10-2000",

year = "2000",

doi = "10.1007/3-540-40057-5_21",

language = "English (US)",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer",

pages = "277--295",

editor = "Hiroshi Yasuda",

booktitle = "Active Networks - 2nd International Working Conference, IWAN 2000, Proceedings",

address = "Germany",

}

TY - GEN

T1 - Certificate distribution with local autonomy

AU - Kakkar, Pankaj

AU - McDougall, Michael

AU - Gunter, Carl A.

AU - Jim, Trevor

N1 - Publisher Copyright: © Springer-Verlag Berlin Heidelberg 2000.

PY - 2000

Y1 - 2000

N2 - Any security architecture for a wide area network system spanning multiple administrative domains will require support for policy delegation and certificate distribution across the network. Practical solutions will support local autonomy requirements of participating domains by allowing local policies to vary but imposing restrictions to ensure overall coherence of the system. This paper describes the design of a such a system to control access to experiments on the ABone active network testbed. This is done through a special-purpose language extending the Query Certificate Manager (QCM) system to include protocols for secure mirroring. Our approach allows significant local autonomy while ensuring global security of the system by integrating verification with retrieval. This enables transparent support for a variety of certificate distribution protocols. We analyze requirements of the ABONE application, describe the design of a security infrastructure for it, and discuss steps toward implementation, testing and deployment of the system.

AB - Any security architecture for a wide area network system spanning multiple administrative domains will require support for policy delegation and certificate distribution across the network. Practical solutions will support local autonomy requirements of participating domains by allowing local policies to vary but imposing restrictions to ensure overall coherence of the system. This paper describes the design of a such a system to control access to experiments on the ABone active network testbed. This is done through a special-purpose language extending the Query Certificate Manager (QCM) system to include protocols for secure mirroring. Our approach allows significant local autonomy while ensuring global security of the system by integrating verification with retrieval. This enables transparent support for a variety of certificate distribution protocols. We analyze requirements of the ABONE application, describe the design of a security infrastructure for it, and discuss steps toward implementation, testing and deployment of the system.

KW - ABone

KW - Access control

KW - Active networks

KW - Certificate distribution

KW - Local autonomy

KW - QCM

KW - Query certificate manager

KW - Security policy

UR - http://www.scopus.com/inward/record.url?scp=84937458435&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84937458435&partnerID=8YFLogxK

U2 - 10.1007/3-540-40057-5_21

DO - 10.1007/3-540-40057-5_21

M3 - Conference contribution

AN - SCOPUS:84937458435

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 277

EP - 295

BT - Active Networks - 2nd International Working Conference, IWAN 2000, Proceedings

A2 - Yasuda, Hiroshi

PB - Springer

T2 - 2nd International Working Conference on Active Networks, IWAN 2000

Y2 - 16 October 2000 through 18 October 2000

ER -

Certificate distribution with local autonomy

Abstract

Publication series

Other

Keywords

ASJC Scopus subject areas

Online availability

Library availability

Related links

Fingerprint

Cite this