Skip to main content
SpringerLink
Log in

Using Authority Certificates to Create Management Structures

  • Conference paper
  • First Online:
Security Protocols (Security Protocols 2001)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2467))

Included in the following conference series:

Abstract

We address the issue of updating privileges in a dynamic environment by introducing authority certificates in a Privilege Management Infrastructure. These certificates can be used to create access-level permissions but also to delegate authority to other agents, thereby providing a mechanism for creating management structures and for changing these structures over time. We present a semantic framework for privileges and certificates and an associated calculus, encoded as a logic program, for reasoning about them. The framework distinguishes between the time a certificate is issued or revoked and the time for which the associated privilege is created. This enables certificates to have prospective and retrospective effects, and allows us to reason about privileges and their consequences in the past, present, and future. The calculus provides a verification procedure for determining, given a set of declaration and revocation certificates, whether a certain privilege holds.

This research is funded by Microsoft Research, Cambridge, UK.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Final Proposed Draft Amendment on Certificate Extensions(v6). generated from Collaborative ITU and ISO/IEC meeting on the Directory, April 1999. Orlando, Florida, USA.

    Google Scholar 

  2. Olav Bandmann, Mads Dam, and Babak Sadighi Firozabadi. Constrained Delegation. 2001. In preparation.

    Google Scholar 

  3. Babak Sadighi Firozabadi and Marek Sergot. Power and Permission in Security Systems. In B. Christianson, B. Crispo, and M. Roe, editors, Security Protocols, number 1796 in Lecture Notes of Computer Science, pages 48–53, Cambridge, UK, April 1999. Springer Verlag.

    Google Scholar 

  4. R. J. Hayton, J. M. Bacon, and K. Moody. Access Control in an Open Distributed Enviroment. In Proceeding of IEEE Symposium on Security and Privacy, pages 3–14, Oakland, CA, 1998.

    Google Scholar 

  5. J. Moffett and M. Sloman. Delegation of Authority. In I. Krishnan and W. Zimmer, editors, Integrated Network Management II, pages 595–606. North Holland, April 1991.

    Google Scholar 

  6. John R. Searle. Speech Acts. Cambridge University Press, Cambridge, 1969.

    Google Scholar 

  7. Petra Wohlmacher and Peter Pharow. Applications in health care using public-key certificates and attribute certificates. In Proceedings of the 16th Annual Computer Security Applications Conference 2000 (ACSAC 2000), pages 128–137, New Orleans, Dec. IEEE Press.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Swedish Institute of Computer Science (SICS), Sweden

    Babak Sadighi Firozabadi & Olav Bandmann

  2. Imperial College of Science, Technology and Medicine, USA

    Marek Sergot

Authors
  1. Babak Sadighi Firozabadi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Marek Sergot
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Olav Bandmann
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science Faculty of Engineering and Information Sciences, University of Hertfordshire, College Lane, Hatfield, Herts, AL10 9AB, UK

    Bruce Christianson  & James A. Malcolm  & 

  2. Department of Computer Science, Vrije Universiteit, De Boelelaan 1081A, 1081, HV Amsterdam, The Netherlands

    Bruno Crispo

  3. Microsoft Research Limited, 7 J J Thomson Avenue, CB3 0FB, Cambridge, UK

    Michael Roe

Rights and permissions

Reprints and permissions

Copyright information

© 2002 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Firozabadi, B.S., Sergot, M., Bandmann, O. (2002). Using Authority Certificates to Create Management Structures. In: Christianson, B., Malcolm, J.A., Crispo, B., Roe, M. (eds) Security Protocols. Security Protocols 2001. Lecture Notes in Computer Science, vol 2467. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45807-7_21

Download citation

  • DOI: https://doi.org/10.1007/3-540-45807-7_21

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-44263-9

  • Online ISBN: 978-3-540-45807-4

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation