A security architecture for object-based distributed systems

Bogdan C. Popescu; Maarten van Steen; Andrew S. Tanenbaum

doi:10.1109/CSAC.2002.1176288

A security architecture for object-based distributed systems

Bogdan C. Popescu, Maarten van Steen, Andrew S. Tanenbaum

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

11 Citations (Scopus)

Abstract

Large-scale distributed systems present numerous security problems not present in local systems. We present a general security architecture for a large-scale object-based distributed system. Its main features include ways for servers to authenticate clients, clients to authenticate servers, new secure servers to be instantiated without manual intervention, and ways to restrict which client can perform which operation on which object. All of these features are done in a platform-and application-independent way, so the results are quite general. The basic idea behind the scheme is to have each object owner issue cryptographically sealed certificates to users to prove which operations they may request and to servers to prove which operations they are authorized to execute. These certificates are used to ensure secure binding and secure method invocation. The paper discusses the required certificates and security protocols for using them.

Original language	English
Title of host publication	18th Annual Computer Security Applications Conference, ACSAC 2002
Place of Publication	Piscataway, NJ
Publisher	IEEE
Pages	161-171
Number of pages	11
ISBN (Print)	0-7695-1828-1
DOIs	https://doi.org/10.1109/CSAC.2002.1176288
Publication status	Published - 9 Dec 2002
Externally published	Yes
Event	18th Annual Computer Security Applications Conference, ACSAC 2002 - Las Vegas, United States Duration: 9 Dec 2002 → 13 Dec 2002 Conference number: 18

Publication series

Name	Annual Computer Security Applications Conference, Proceedings
Publisher	IEEE
Volume	2002
ISSN (Print)	1063-9527

Conference

Conference	18th Annual Computer Security Applications Conference, ACSAC 2002
Abbreviated title	ACSAC 2002
Country/Territory	United States
City	Las Vegas
Period	9/12/02 → 13/12/02

Keywords

Access control
Communication system traffic control
Cryptographic protocols
Cryptography
Large-scale systems
Manuals
Middleware
Operating systems
Protection
Security

Access to Document

10.1109/CSAC.2002.1176288

Cite this

@inproceedings{8351e5912c684964bb0af196532b0cd6,

title = "A security architecture for object-based distributed systems",

abstract = "Large-scale distributed systems present numerous security problems not present in local systems. We present a general security architecture for a large-scale object-based distributed system. Its main features include ways for servers to authenticate clients, clients to authenticate servers, new secure servers to be instantiated without manual intervention, and ways to restrict which client can perform which operation on which object. All of these features are done in a platform-and application-independent way, so the results are quite general. The basic idea behind the scheme is to have each object owner issue cryptographically sealed certificates to users to prove which operations they may request and to servers to prove which operations they are authorized to execute. These certificates are used to ensure secure binding and secure method invocation. The paper discusses the required certificates and security protocols for using them.",

keywords = "Access control, Communication system traffic control, Cryptographic protocols, Cryptography, Large-scale systems, Manuals, Middleware, Operating systems, Protection, Security",

author = "Popescu, {Bogdan C.} and {van Steen}, Maarten and Tanenbaum, {Andrew S.}",

year = "2002",

month = dec,

day = "9",

doi = "10.1109/CSAC.2002.1176288",

language = "English",

isbn = "0-7695-1828-1",

series = "Annual Computer Security Applications Conference, Proceedings",

publisher = "IEEE",

pages = "161--171",

booktitle = "18th Annual Computer Security Applications Conference, ACSAC 2002",

address = "United States",

note = "18th Annual Computer Security Applications Conference, ACSAC 2002, ACSAC 2002 ; Conference date: 09-12-2002 Through 13-12-2002",

}

Popescu, BC, van Steen, M & Tanenbaum, AS 2002, A security architecture for object-based distributed systems. in 18th Annual Computer Security Applications Conference, ACSAC 2002., 1176288, Annual Computer Security Applications Conference, Proceedings, vol. 2002, IEEE, Piscataway, NJ, pp. 161-171, 18th Annual Computer Security Applications Conference, ACSAC 2002, Las Vegas, Nevada, United States, 9/12/02. https://doi.org/10.1109/CSAC.2002.1176288

A security architecture for object-based distributed systems. / Popescu, Bogdan C.; van Steen, Maarten; Tanenbaum, Andrew S.
18th Annual Computer Security Applications Conference, ACSAC 2002. Piscataway, NJ: IEEE, 2002. p. 161-171 1176288 (Annual Computer Security Applications Conference, Proceedings; Vol. 2002).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - A security architecture for object-based distributed systems

AU - Popescu, Bogdan C.

AU - van Steen, Maarten

AU - Tanenbaum, Andrew S.

N1 - Conference code: 18

PY - 2002/12/9

Y1 - 2002/12/9

N2 - Large-scale distributed systems present numerous security problems not present in local systems. We present a general security architecture for a large-scale object-based distributed system. Its main features include ways for servers to authenticate clients, clients to authenticate servers, new secure servers to be instantiated without manual intervention, and ways to restrict which client can perform which operation on which object. All of these features are done in a platform-and application-independent way, so the results are quite general. The basic idea behind the scheme is to have each object owner issue cryptographically sealed certificates to users to prove which operations they may request and to servers to prove which operations they are authorized to execute. These certificates are used to ensure secure binding and secure method invocation. The paper discusses the required certificates and security protocols for using them.

AB - Large-scale distributed systems present numerous security problems not present in local systems. We present a general security architecture for a large-scale object-based distributed system. Its main features include ways for servers to authenticate clients, clients to authenticate servers, new secure servers to be instantiated without manual intervention, and ways to restrict which client can perform which operation on which object. All of these features are done in a platform-and application-independent way, so the results are quite general. The basic idea behind the scheme is to have each object owner issue cryptographically sealed certificates to users to prove which operations they may request and to servers to prove which operations they are authorized to execute. These certificates are used to ensure secure binding and secure method invocation. The paper discusses the required certificates and security protocols for using them.

KW - Access control

KW - Communication system traffic control

KW - Cryptographic protocols

KW - Cryptography

KW - Large-scale systems

KW - Manuals

KW - Middleware

KW - Operating systems

KW - Protection

KW - Security

UR - http://www.scopus.com/inward/record.url?scp=84948980267&partnerID=8YFLogxK

U2 - 10.1109/CSAC.2002.1176288

DO - 10.1109/CSAC.2002.1176288

M3 - Conference contribution

AN - SCOPUS:84948980267

SN - 0-7695-1828-1

T3 - Annual Computer Security Applications Conference, Proceedings

SP - 161

EP - 171

BT - 18th Annual Computer Security Applications Conference, ACSAC 2002

PB - IEEE

CY - Piscataway, NJ

T2 - 18th Annual Computer Security Applications Conference, ACSAC 2002

Y2 - 9 December 2002 through 13 December 2002

ER -

A security architecture for object-based distributed systems

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this