Abstract
Delegation is one important aspect of large-scale distributed systems where many processes and operations run on behalf of system users and clients in order to achieve highly computational and resource intensive tasks. As such, delegation is often synonymous with the concept of trust, in that the delegator would expect some degree of reliability regarding the delegatee’s ability and predictability to perform the delegated task. The delegation protocol itself is expected to maintain certain basic properties, such as integrity, traceability, accountability and the ability to determine delegation chains. In this paper, we give an overview of the vulnerabilities that one such delegation protocol exhibits, namely DToken, a lightweight protocol for Grid systems, as interesting examples of design mistakes. We also propose an alternative protocol, DToken II, which fixes such vulnerabilities.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Atluri, V., Warner, J.: Supporting conditional delegation in secure workflow management systems. In: Proceedings of the Tenth ACM Symposium on Access Control Models and Technologies, SACMAT 2005, pp. 49–58. ACM, New York (2005)
Aura, T.: On the structure of delegation networks. In: Proceedings of the 11th IEEE Workshop on Computer Security Foundations, pp. 14–26. IEEE Computer Society, Washington, DC, USA (1998)
Ayadi, M., Bolignano, D.: On the formal verification of delegation in SESAME. In: Proceedings of the 12th Annual Conference on Computer Assurance (COMPASS 1997), pp. 23–34. IEEE Computer Society, Los Alamitos (1997)
Aziz, B., Hamilton, G.: Verifying a delegation protocol for grid systems. Future Generation Computer Systems: The International Journal of Grid Computing and eScience 27(5), 476–485 (2011)
Barka, E., Sandhu, R.: Framework for role-based delegation models. In: Proceedings of the 16th Annual Computer Security Applications Conference, ACSAC 2000, pp. 168–176. IEEE Computer Society, Washington, DC, USA (2000)
Bertot, Y., Castéran, P.: Coq’Art: The Calculus of Inductive Constructions. Springer, Heidelberg (2004)
Broadfoot, P., Lowe, G.: Architectures for Secure Delegation within Grids. Tech. Rep. PGR-RR-03-19, Oxford University Computing Laboratory (2003)
Cervesato, I.: The dolev-yao intruder is the most powerful attacker. In: Halpern, J. (ed.) Proceedings of the 16th Annual Symposium on Logic in Computer Science, pp. 246–265. IEEE Computer Society Press, Boston (2001)
Ding, Y., Petersen, H.: A New Approach for Delegation using Hierarchical Delegation Tokens. Tech. Rep. TR-95-5-E, University of Technology Chemnitz-Zwickau (1995)
Dolev, D., Yao, A.: On the security of public key protocols. In: Proceedings of the 22nd Annual Symposium on Foundations of Computer Science, pp. 350–357 (October 1981)
Group, T.L.S.W.: The ssl protocol version 3.0 (November 1996)
Kim, S., Park, S., Won, D.: Proxy signatures, revisited. In: Han, Y., Quing, S. (eds.) ICICS 1997. LNCS, vol. 1334, pp. 223–232. Springer, Heidelberg (1997)
Masi, M., Maurer, R.: On the usage of SAML delegate assertions in an healthcare scenario with federated communities. Tech. rep., Dipartimento di Sistemi e Informatica, Univ. Firenze (2010)
Miller, S.P., Neuman, C., Schiller, J.I., Saltzer, J.H.: Kerberos authentication and authorization system - project athena technical plan. Tech. Rep. Section E.2.1, MIT, USA (October 1987)
Pham, Q., Reid, J., McCullagh, A., Dawson, E.: On a Taxonomy of Delegation. Challenges for Security, Privacy and Trust 29(5), 565–579 (2010)
Schiffman, J., Zhang, X., Gibbs, S.: Dauth: Fine-grained authorization delegation for distributed web application consumers. In: IEEE International Workshop on Policies for Distributed Systems and Networks, pp. 95–102 (2010)
Schnorr, C.P.: Effecient Signature Generation by Smart Cards. Journal of Cryptology 4, 161–174 (1991)
Stein, L.A.: Delegation is inheritance. SIGPLAN Not. 22, 138–146 (1987)
Tan, Z., Liu, Z.: Provably secure delegation-by-certification proxy signature schemes. In: InfoSecu 2004: Proceedings of the 3rd International Conference on Information Security, pp. 38–43. ACM, New York (2004)
Tuecke, S., Welch, V., Engert, D., Pearlman, L., Thompson, M.: Internet x.509 public key infrastructure (pki): Proxy certificate profile. RFC 3820 (June 2004)
Welch, V., Foster, I., Kesselman, C., Mulmo, O., Pearlman, L., Gawor, J., Meder, S., Siebenlist, F.: X.509 proxy certificates for dynamic delegation. In: Proceedings of the 3rd Annual PKI Research and Development Workshop (2004)
Yang, E.Y., Matthews, B.: Dtoken: A lightweight and traceable delegation architecture for distributed systems. In: SRDS 2009: Proceedings of the 2009 28th IEEE International Symposium on Reliable Distributed Systems, pp. 107–116. IEEE Computer Society, Washington, DC, USA (2009)
Zhang, Y., Chen, J.L.: A Delegation Solution for Universal Identity Management in SOA. IEEE Transactions on Services Computing 99 (2010)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Aziz, B. (2011). Correcting a Delegation Protocol for Grids. In: Furnell, S., Lambrinoudakis, C., Pernul, G. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2011. Lecture Notes in Computer Science, vol 6863. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-22890-2_17
Download citation
DOI: https://doi.org/10.1007/978-3-642-22890-2_17
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-22889-6
Online ISBN: 978-3-642-22890-2
eBook Packages: Computer ScienceComputer Science (R0)