Abstract
We address the issue of updating privileges in a dynamic environment by introducing authority certificates in a Privilege Management Infrastructure. These certificates can be used to create access-level permissions but also to delegate authority to other agents, thereby providing a mechanism for creating management structures and for changing these structures over time. We present a semantic framework for privileges and certificates and an associated calculus, encoded as a logic program, for reasoning about them. The framework distinguishes between the time a certificate is issued or revoked and the time for which the associated privilege is created. This enables certificates to have prospective and retrospective effects, and allows us to reason about privileges and their consequences in the past, present, and future. The calculus provides a verification procedure for determining, given a set of declaration and revocation certificates, whether a certain privilege holds.
This research is funded by Microsoft Research, Cambridge, UK.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Final Proposed Draft Amendment on Certificate Extensions(v6). generated from Collaborative ITU and ISO/IEC meeting on the Directory, April 1999. Orlando, Florida, USA.
Olav Bandmann, Mads Dam, and Babak Sadighi Firozabadi. Constrained Delegation. 2001. In preparation.
Babak Sadighi Firozabadi and Marek Sergot. Power and Permission in Security Systems. In B. Christianson, B. Crispo, and M. Roe, editors, Security Protocols, number 1796 in Lecture Notes of Computer Science, pages 48–53, Cambridge, UK, April 1999. Springer Verlag.
R. J. Hayton, J. M. Bacon, and K. Moody. Access Control in an Open Distributed Enviroment. In Proceeding of IEEE Symposium on Security and Privacy, pages 3–14, Oakland, CA, 1998.
J. Moffett and M. Sloman. Delegation of Authority. In I. Krishnan and W. Zimmer, editors, Integrated Network Management II, pages 595–606. North Holland, April 1991.
John R. Searle. Speech Acts. Cambridge University Press, Cambridge, 1969.
Petra Wohlmacher and Peter Pharow. Applications in health care using public-key certificates and attribute certificates. In Proceedings of the 16th Annual Computer Security Applications Conference 2000 (ACSAC 2000), pages 128–137, New Orleans, Dec. IEEE Press.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Firozabadi, B.S., Sergot, M., Bandmann, O. (2002). Using Authority Certificates to Create Management Structures. In: Christianson, B., Malcolm, J.A., Crispo, B., Roe, M. (eds) Security Protocols. Security Protocols 2001. Lecture Notes in Computer Science, vol 2467. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45807-7_21
Download citation
DOI: https://doi.org/10.1007/3-540-45807-7_21
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-44263-9
Online ISBN: 978-3-540-45807-4
eBook Packages: Springer Book Archive