The PERMIS X.509 role based privilege management infrastructure

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

The PERMIS X.509 role based privilege management infrastructure

Full text

Pdf (180 KB)

Source

Symposium on Access Control Models and Technologies archive
Proceedings of the seventh ACM symposium on Access control models and technologies table of contents

Monterey, California, USA

SESSION: Applications table of contents

Pages: 135 - 140

Year of Publication: 2002

ISBN:1-58113-496-7

Authors

David W. Chadwick	University of Salford, Salford
Alexander Otenko	University of Salford, Salford

Sponsor

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 4, Downloads (12 Months): 38, Citation Count: 15

Additional Information:

abstract references cited by index terms collaborative colleagues peer to peer

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/507711.507732 What is a DOI?

ABSTRACT

This paper describes the output of the PERMIS project, which has developed a role based access control infrastructure that uses X.509 attribute certificates (ACs) to store the users' roles. All access control decisions are driven by an authorization policy, which is itself stored in an X.509 attribute certificate, thus guaranteeing its integrity. All the ACs can be stored in one or more LDAP directories, thus making them widely available. Authorization policies are written in XML according to a DTD that has been published at XML.org. The Access Control Decision Function (ADF) is written in Java and the Java API is simple to use, comprising of just 3 methods and a constructor. There is also a Privilege Allocator, which is a tool that constructs and signs attribute certificates and stores them in an LDAP directory for subsequent use by the ADF.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Carlisle Adams , Steve Lloyd, Understanding Public-Key Infrastructure: Concepts, Standards, and Deployment Considerations, Macmillan Technical Publishing, 1999
	2	Tom Austin, PKI: A Wiley Tech Brief, John Wiley & Sons, Inc., New York, NY, 2000
	3	Blaze, M., Feigenbaum, J., Ioannidis, J. "The KeyNote Trust-Management System Version 2", RFC 2704, September 1999.
	4	David W. Chadwick , Alexander Otenko, RBAC Policies in XML for X.509 Based Privilege Management, Proceedings of the IFIP TC11 17th International Conference on Information Security: Visions and Perspectives, p.39-54, May 07-09, 2002
	5	Nicodemos Damianou , Naranker Dulay , Emil Lupu , Morris Sloman, The Ponder Policy Specification Language, Proceedings of the International Workshop on Policies for Distributed Systems and Networks, p.18-38, January 29-31, 2001
	6	Russ Housley , Tim Polk, Planning for PKI: Best Practices Guide for Deploying Public Key Infrastructure, John Wiley & Sons, Inc., New York, NY, 2001
	7	ITU-T Rec. X.509 (2000) \| ISO/IEC 9594-8 The Directory: Authentication Framework.
	8	ITU-T Rec X.812 (1995) \| ISO/IEC 10181-3:1996 "Security Frameworks for open systems: Access control framework.
	9	Sandhu, R. and Samarati, P. "Access controls, principles and practice". IEEE Communications, 32(9), pp 40--48, 1994.
	10	Ravi S. Sandhu , Edward J. Coyne , Hal L. Feinstein , Charles E. Youman, Role-Based Access Control Models, Computer, v.29 n.2, p.38-47, February 1996 [doi>10.1109/2.485845]
	11	{AZN} The Open Group. "Authorization (AZN) API", January 2000, ISBN 1-85912-266-3.

CITED BY 16

	Vincent C. Hu , Karen Scarfone , Serban I. Gavrila , David F. Ferraiolo, A trust domain management schema for multiple grid environments, Proceedings of the 2nd international conference on Scalable information systems, June 06-08, 2007, Suzhou, China
	Hai Jin , Weizhong Qiang , Xuanhua Shi , Deqing Zou, RB-GACA: an RBAC based grid access control architecture, International Journal of Grid and Utility Computing, v.1 n.1, p.61-70, May 2005
	Adam Hess , Jason Holt , Jared Jacobson , Kent E. Seamons, Content-triggered trust negotiation, ACM Transactions on Information and System Security (TISSEC), v.7 n.3, p.428-456, August 2004
	Markus Lorch , Dennis Kafura , Sumit Shah, An XACML-based Policy Management and Authorization Service for Globus Resources, Proceedings of the 4th International Workshop on Grid Computing, p.208, November 17-17, 2003
	Adam Hess , Kent E. Seamons, An access control model for dynamic client-side content, Proceedings of the eighth ACM symposium on Access control models and technologies, June 02-03, 2003, Como, Italy
	Nicola Dragoni , Fabio Massacci, Security-by-contract for web services, Proceedings of the 2007 ACM workshop on Secure web services, November 02-02, 2007, Fairfax, Virginia, USA
	David W. Chadwick , Alexander Otenko, The PERMIS X.509 role based privilege management infrastructure, Future Generation Computer Systems, v.19 n.2, p.277-289, February 2003
	Markus Lorch , Seth Proctor , Rebekah Lepro , Dennis Kafura , Sumit Shah, First experiences using XACML for access control in distributed systems, Proceedings of the 2003 ACM workshop on XML security, October 31-31, 2003, Fairfax, Virginia
	Hidehito Gomi , Makoto Hatakeyama , Shigeru Hosono , Satoru Fujita, A delegation framework for federated identity management, Proceedings of the 2005 workshop on Digital identity management, November 11-11, 2005, Fairfax, VA, USA
	Azzedine Benameur , Fabio Massacci , Nataliya Rassadko, Security views for outsourced business processes, Proceedings of the 2008 ACM workshop on Secure web services, October 31-31, 2008, Alexandria, Virginia, USA
	Shihyu Chou , Eric Jui-Lin Lu , Yi-Hui Chen, X-RDR: a role-based delegation processor for web-based information systems, ACM SIGOPS Operating Systems Review, v.39 n.1, p.4-21, January 2005
	Rafae Bhatti , Elisa Bertino , Arif Ghafoor, An integrated approach to federated identity and privilege management in open systems, Communications of the ACM, v.50 n.2, p.81-87, February 2007
	Nicola Dragoni , Fabio Massacci , Ayda Saidane, A self-protecting and self-healing framework for negotiating services and trust in autonomic communication systems, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.53 n.10, p.1628-1648, July, 2009
	Sarath Indrakanti , Vijay Varadharajan , Ritesh Agarwal, On the design, implementation and application of an authorisation architecture for web services, International Journal of Information and Computer Security, v.1 n.1/2, p.64-108, January 2007
	Jean Bacon , Ken Moody , Walt Yao, Access control and trust in the use of widely distributed services, Software—Practice & Experience, v.33 n.4, p.375-394, 10 April 2003
	Brajendra K. Singh , Amirhasan Amintabar , Akshai Aggarwal , Robert D. Kent , Ahmedur Rahman , Farhan Mirza , Zillur Rahman, Secure grid monitoring, a web-based framework, Proceedings of the first international conference on Networks for grid applications, October 17-19, 2007, Lyon, France

INDEX TERMS

Primary Classification:
C. Computer Systems Organization
C.2 COMPUTER-COMMUNICATION NETWORKS
C.2.0 General
Subjects: Security and protection (e.g., firewalls)

Additional Classification:
J. Computer Applications
J.1 ADMINISTRATIVE DATA PROCESSING
Subjects: Government

K. Computing Milieux
K.6 MANAGEMENT OF COMPUTING AND INFORMATION SYSTEMS
K.6.5 Security and Protection (D.4.6, K.4.2)
Subjects: Authentication

General Terms:
Design, Management, Security

Keywords:
Privilege management infrastructure, RBAC, X.509, XML, attribute certificates, authorization, policies

Collaborative Colleagues:

David W. Chadwick: colleagues

Alexander Otenko: colleagues

Peer to Peer - Readers of this Article have also read:

Improving the granularity of access control in Windows NT Proceedings of the sixth ACM symposium on Access control models and technologies
Michael M. Swift , Peter Brundrett , Cliff Van Dyke , Praerit Garg , Anne Hopkins , Shannon Chan , Mario Goertzel , Gregory Jensenworth
Inferring constraints from multiple snapshots ACM Transactions on Graphics (TOG) 12, 4
David Kurlander , Steven Feiner
Efficient, DoS-resistant, secure key exchange for internet protocols Proceedings of the 9th ACM conference on Computer and communications security
William Aiello , Steven M. Bellovin , Matt Blaze , John Ioannidis , Omer Reingold , Ran Canetti , Angelos D. Keromytis
Data structures for quadtree approximation and compression Communications of the ACM 28, 9
Hanan Samet
A hierarchical single-key-lock access control using the Chinese remainder theorem Proceedings of the 1992 ACM/SIGAPP Symposium on Applied computing
Kim S. Lee , Huizhu Lu , D. D. Fisher

Adobe Acrobat

QuickTime

Windows Media Player

Real Player