A security architecture for object-based distributed systems

Author

Popescu, Bogdan C. ; Van Steen, Maarten ; Tanenbaum, Andrew S.

Author_Institution

Vrije Univ., Amsterdam, Netherlands

fYear

2002

fDate

2002

Firstpage

161

Lastpage

171

Abstract

Large-scale distributed systems present numerous security problems not present in local systems. We present a general security architecture for a large-scale object-based distributed system. Its main features include ways for servers to authenticate clients, clients to authenticate servers, new secure servers to be instantiated without manual intervention, and ways to restrict which client can perform which operation on which object. All of these features are done in a platform- and application-independent way, so the results are quite general. The basic idea behind the scheme is to have each object owner issue cryptographically sealed certificates to users to prove which operations they may request and to servers to prove which operations they are authorized to execute. These certificates are used to ensure secure binding and secure method invocation. The paper discusses the required certificates and security protocols for using them.

Keywords

certification; client-server systems; cryptography; distributed object management; protocols; client authentication; cryptographically sealed certificates; large-scale distributed systems; object-based distributed systems; secure binding; secure method invocation; security architecture; security protocols; server authentication; Access control; Communication system traffic control; Cryptographic protocols; Cryptography; Large-scale systems; Manuals; Middleware; Operating systems; Protection; Security;

fLanguage

English

Publisher

ieee

Conference_Titel

Computer Security Applications Conference, 2002. Proceedings. 18th Annual

ISSN

1063-9527

Print_ISBN

0-7695-1828-1

Type

conf

DOI

10.1109/CSAC.2002.1176288

Filename

1176288