Browse > Article
http://dx.doi.org/10.13089/JKIISC.2008.18.5.83

Privilege Management Technique for Unreliable Network Environments based on Tree Structure  

Yang, Soo-Mi (The University of Suwon)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.18, no.5, 2008 , pp. 83-91 More about this Journal
Abstract
IISO/IEC 9594-8 defines the public key framework and attribute certificate framework. Attribute certificate framework deals with privilege management infrastructure(PMI). In PMI, for privilege management using attribute certificates, role assignment certificates and role specification certificates are used to assign and specify privileges independently. Role specification certificates includes privilege specifications and the details far privilege management of network environments. Privilege management of unreliable network environment tries to enhance the reliability and efficiency of privilege information transmission forwarding over unreliable routes in the presence of potentially faulty nodes and edges. Each node forms a role specification tree based on role specification relationship data collected from the network. In this paper privilege management cost with the role specification certificates tree structure is evaluated trying to reduce the overhead incurred by role creation and modification of privileges. The multicasting of packets are used for scalability. We establish management cost model taking into account the packet loss and node reliability which continuously join and leave for network. We present quantitative results which demonstrate the effectiveness of the proposed privilege management scheme.
Keywords
Privilege Management; Attribute Certificates; Network Reliability;
Citations & Related Records
연도 인용수 순위
  • Reference
1 M. Castro, P. Druschel, A. -M. Kermarrec, A. Nandi, A. Rowstron and A. Singh, "Split Stream :High-Bandwidth Multicast in Cooperative Environments," Proc. SOSP '03, Oct. 2003
2 C. Schlager, T.Nowey and J. Montenegro, "A Reference Model for Authentication and Authorisation Infrastructures Respecting Privacy and Flexibility in b2c eCommerce," Proc. of the First Int. Conf. on Availability, Reliability and Security (IEEE ARES '06), 2006
3 B. Lang et al, "Attribute Based Access Control for Grid Computing," Preprint ANL/MCS-P1367- 0806, August 2006
4 C. English, P. Nixon, S. Terzis, A. McGetrtrick and H. Lowe, "Dynamic Trust Models for Ubiquitous Computing Environments," Workshop on Security in Ubiquitous Computing. 2002
5 ISO/IEC 9594-8, Information Technology Open Systems Interconn ection-The Directory :Public-Key and Attribute Certificate Frameworks, 2005
6 KS X ISO/IEC 9594-8, 지식경제부 기술표준 원, http://www.kats.go.kr
7 ITI, Role Based Access Control ITU/T. Recommendation X.509|ISO/IEC 9594-8, Information Technology Open Systems Interconnection - The Directory:Public-Key and Attribute Certificate Frameworks, 2003
8 S. Farrel and R. Hously "An Internet Attribute Certificate Profile for Authorization," IETFRFC 3281, 2002
9 E. Palomar et al, "A. Ribagorda, Certificatebased Access Control in Pure P2P Networks," 6th IEEE International Conference on Peer-to- Peer Computing, 2006
10 J. Joshi, E. Bertino and A. Ghafoor, "Temporal hierarchies and inheritance semantics for GTR BAC," Proc. of the seventh ACM symposium on Access control models and technologies, pp.74-83, 2002
11 Sandro Rafaeli, David Hutchison, "A Survey of Key Management for Secure Group Communication," ACM Computing Surveys, Vol. 35, No. 3, pp. 309-329, 2003   DOI   ScienceOn
12 D. Ferraiolo, R. Sandhu, S. Bavrila, D. Kuhn and R. Chandramouli, Proposed NIST Standard for Role-Based Access Control, ACM Transactions on Information and System Security, 4(3), 2001
13 I. Djordjevic, T. Dimitrakos and D. Randal, "Dynamic Service Perimeters for Secure Collaborations in Grid-enabled Virtual Organizations: Overview of a proposed architecture," 2nd European Across Grids Conference, Jan. 2004
14 D. Kostic, A. Rodriguez, J. Albrecht and A. Vahdat, "Bullet:High Bandwidth Data Dissemination Using An Overlay Mesh," ACM Symposium on Operating Systems Principles, 2003
15 C. Schlager and N. Ganslmayer, "Effects of Architectural Decisions in Authentication and Authorisation Infrastructures," Proc. of the First Int. Conf. on Availability, Reliability and Security (IEEE ARES '07), 2007