On the Applicability of Trusted Computing in Distributed Authorization Using Web Services
نویسندگان
چکیده
Distributed authorization provides the ability to control access to resources spread over the Internet. Typical authorization systems consider a range of security information like user identities, role identities or even temporal, spatial and contextual information associated with the access requestor. However, the ability to include computing platform related information has been quite limited due to constraints in identification and validation of platforms when distributed. Trusted computing is an exciting technology that can provide new ways to bridge this gap. In this paper, we provide the first steps necessary to achieving distributed authorization using trusted computing platforms. We introduce the notion of a Property Manifest that can be used in the specification of authorization policies. We provide an overview of our authorization architecture, its components and functions. We then illustrate the applicability of our system by implementing it in a Web service oriented
منابع مشابه
Trust Enhanced Authorization for Distributed Systems
The trust –management approach to distributed system security is developed as an answer to the inadequacy of traditional authorization mechanism. The subjective concept of trust not only enables users to better understand the paradigm of pervasive computing, but also opens new direction of research for solving existing problems such as security [8], management of online communities or e-service...
متن کاملA Reusable, Secure Reference Monitor Based on the Aura Programming Language
Aura (Jia et al., 2008; Vaughan et al., 2008) is a dependently typed higher-order programming language. It was designed to facilitate the automation of institutional access control policy. Following the Curry-Howard isomorphism, Aura types correspond to logical propositions and its expressions correspond to proofs. At runtime, Aura programs manipulate evidence to construct these authorization p...
متن کاملEngineering Attestable Services (short paper)
Web services require complex middleware in order to communicate using XML standards. However, this software increases vulnerability to runtime attack and makes remote attestation difficult. We propose to solve this problem by dividing services onto two platforms, an untrusted front-end, implementing the middleware, and a trustworthy back-end with a minimal trusted computing base.
متن کاملA Security Architecture for Web Services
Web services are quickly becoming the most popular tool for distributed computing. Due to this popularity a comprehensive security architecture is needed. In this paper we introduced such a comprehensive architecture that includesin addition to the standard services of integrity and confidentialityauthentication, authorization and a defense against denial of service attacks. This model builds o...
متن کاملOutsourced Security Policy Updates Through Role Hierarchies for Security and Isolation in Cloud Computing
Cloud computing is a shared medium used for effectively utilizing the resources to deliver computing capabilities as a service. It gives a combined effect derived from multiple computing paradigms such as distributed, autonomic, grid, elasticity and utility. The cloud provides services in browser dependent environment from trusted third party server. Here, elasticity offers varying load on the ...
متن کامل