Title :
A security architecture for object-based distributed systems
Author :
Popescu, Bogdan C. ; Van Steen, Maarten ; Tanenbaum, Andrew S.
Author_Institution :
Vrije Univ., Amsterdam, Netherlands
Abstract :
Large-scale distributed systems present numerous security problems not present in local systems. We present a general security architecture for a large-scale object-based distributed system. Its main features include ways for servers to authenticate clients, clients to authenticate servers, new secure servers to be instantiated without manual intervention, and ways to restrict which client can perform which operation on which object. All of these features are done in a platform- and application-independent way, so the results are quite general. The basic idea behind the scheme is to have each object owner issue cryptographically sealed certificates to users to prove which operations they may request and to servers to prove which operations they are authorized to execute. These certificates are used to ensure secure binding and secure method invocation. The paper discusses the required certificates and security protocols for using them.
Keywords :
certification; client-server systems; cryptography; distributed object management; protocols; client authentication; cryptographically sealed certificates; large-scale distributed systems; object-based distributed systems; secure binding; secure method invocation; security architecture; security protocols; server authentication; Access control; Communication system traffic control; Cryptographic protocols; Cryptography; Large-scale systems; Manuals; Middleware; Operating systems; Protection; Security;
Conference_Titel :
Computer Security Applications Conference, 2002. Proceedings. 18th Annual
Print_ISBN :
0-7695-1828-1
DOI :
10.1109/CSAC.2002.1176288
