Certificate Distribution with Local Autonomy

  • Pankaj Kakkar
  • Michael McDougall
  • Carl A. Gunter
  • Trevor Jim
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1942)


Any security architecture for a wide area network system spanning multiple administrative domains will require support for policy delegation and certificate distribution across the network. Practical solutions will support local autonomy requirements of participating domains by allowing local policies to vary but imposing restrictions to ensure overall coherence of the system. This paper describes the design of a such a system to control access to experiments on the ABone active network testbed. This is done through a special-purpose language extending the Query Certificate Manager (QCM) system to include protocols for secure mirroring. Our approach allows significant local autonomy while ensuring global security of the system by integrating verification with retrieval. This enables transparent support for a variety of certificate distribution protocols. We analyze requirements of the ABONE application, describe the design of a security infrastructure for it, and discuss steps toward implementation, testing and deployment of the system.


Security policy certificate distribution local autonomy access control ABone, active networks QCM, Query Certificate Manager. 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [1]
    D. Eastlake 3rd and C. Kaufman. Domain name system security extensions. IETF Proposed Standard RFC 2065 (Updates RFC 1034 and RFC 1035), January 1997. 278Google Scholar
  2. [2]
    Steve Berson, Bob Braden, and Livio Ricciulli. Introduction to the ABONE., March 2000. 277, 278
  3. [3]
    Matt Blaze, Joan Feigenbaum, John Ioannidis, and Angelos Keromytis. The role of trust management in distributed systems security. In Secure Internet Programming: Issues in Distributed and Mobile Object Systems, 1999. 278Google Scholar
  4. [4]
    Matt Blaze, Joan Feigenbaum, and Jack Lacy. Decentralized trust management. In Proceedings of the 17th Symposium on Security and Privacy, pages 164–173. IEEE Computer Society Press, 1996. 278Google Scholar
  5. [5]
    Carl M. Ellison, Bill Frantz, Ron Rivest, and Brian M. Thomas. SPKI certificate documentation. 278
  6. [6]
    Carl A. Gunter and Trevor Jim. Generalized certificate revocation. In Thomas Reps, editor, Conference Record of POPL '00: The 27th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pages 316–329, Boston, MA, January 2000. ACM. 288, 293Google Scholar
  7. [7]
    Carl A. Gunter and Trevor Jim. Policy directed certificate retrieval, June 2000. To appear in Software Practice and Experience. 278, 288Google Scholar
  8. [8]
    Michael Hicks. PLAN system security. Technical Report MS-CIS-98-25, Department of Computer and Information Science, University of Pennsylvania, April 1998. 293Google Scholar
  9. [9]
    Michael Hicks and Angelos D. Keromytis. A secure PLAN. In Stefan Covaci, editor, Proceedings of the First International Workshop on Active Networks, volume 1653 of Lecture Notes in Computer Science, pages 307–314. Springer-Verlag, June 1999. Extended version at 293Google Scholar
  10. [10]
    Mike Hicks, Pankaj Kakkar, Jonathan T. Moore, Carl A. Gunter, and Scott Nettles. PLAN: A packet language for active networks. In Proceedings of the Third ACM SIGPLAN International Conference on Functional Programming Languages, pages 86–93, Baltimore, Maryland, September 1998. ACM Press. 293Google Scholar
  11. [11]
    R. Housley, W. Ford, W. Polk, and D. Solo. Internet X.509 Public Key Infrastructure: Certificate and CRL Profile. IETF RFC 2459, January 1999. 278Google Scholar
  12. [12]
    Timothy A. Howes, Mark C. Smith, and Gordon S. Good. Understanding and Deplying LDAP Directory Services. Network Architecture and Development Series. Macmillan, 1999. 278Google Scholar
  13. [13]
    ISO/IEC 9594-1. Information technology―Open Systems Interconnection―The Directory: Overview of concepts, models and services, 1997. Equivalent to ITU-T Rec. X.500, 1997. 278Google Scholar
  14. [14]
    ISO/IEC 9794-8. Information technology―Open Systems Interconnection―The Directory: Authentication framework, 1997. Equivalent to ITU-T Rec. X.509, 1997. 278Google Scholar
  15. [15]
    ISO/IEC 9798-3. Information technology-Security techniques-Entity authentication-Part 3: Mechanisms using digital signature techniques, October 1998. 285Google Scholar
  16. [16]
    Butler Lampson and Ron Rivest. SDSI―a simple distributed security infrastructure. 278, 288
  17. [17]
    C. Liu and P. Albitz. DNS and BIND. O'Reilly & Associates, 1992. 278Google Scholar
  18. [18]
    Patrick McDaniel and Sigih Jamin. Windowed revocation. In Raphael Rom and Henning Shulzrinne, editors, Proceedings of the Nineteenth IEEE Computer and Communication Society Infocom Conference, Tel Aviv, Isreal, March 2000. 287Google Scholar
  19. [19]
    P. Mockapetris and K. Dunlap. Development of the domain name. ACM Computing Reviews, 18(4):123–133, 1988. Also in Proceedings ACM SIGCOMM '88 Symposium, August 1988. 278CrossRefGoogle Scholar
  20. [20]
    Livio Ricciulli. Service configuration and management in adaptable networks. In Tenth Annual IFIP/IEEE International Workshop on Distributed Systems: Operations and Management, 1999. 278Google Scholar
  21. [21]
    Livio Ricciulli and Phillip A. Porras. An Adaptable Network COntrol and Reporting System (ANCORS). In Integrated Network Management, Boston, 1999. 278Google Scholar
  22. [22]
    W. Yeong, T. 0Howes, and S. Kille. Lightweight Directory Access Protocol. IETF RFC 1777, 1995. 278Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2000

Authors and Affiliations

  • Pankaj Kakkar
    • 1
  • Michael McDougall
    • 1
  • Carl A. Gunter
    • 1
  • Trevor Jim
    • 2
  1. 1.University of PennsylvaniaPhiladelphia PAUSA
  2. 2.AT&T LabsFlorham Park NJUSA

Personalised recommendations