Title :
Policy-based cryptographic key management: experience with the KRP project
Author :
Branstad, Dennis K. ; Balenson, David M.
Author_Institution :
Network Associates Inc., USA
fDate :
6/22/1905 12:00:00 AM
Abstract :
Policy-based cryptographic key management is powerful, flexible method of creating, distributing, protecting, and destroying cryptographic keys in accordance with an organizational policy governing information security. The Policy-Controlled Cryptographic Key Release project addressed one part of key management. The goals included: (1) developing a formal language for specifying policies indicating to whom and under what conditions a cryptographic key could be accessed; (2) implementing a prototype system for administering (i.e., enforcing) these policies; and (3) experimenting with automated verification tools which analyzed the policies for consistency and completeness. The requirements for the key release policy language and administering systems are identified; the initial language and system design are described; and the lessons learned from the project are summarized. An example key release policy is included
Keywords :
formal verification; management information systems; public key cryptography; software prototyping; systems analysis; KRP project; administering systems; automated verification tools; completeness; consistency; cryptographic key; formal language; information security; key release policy; key release policy language; organizational policy; policy-based cryptographic key management; prototype system; system design; Application software; Cryptography; Electrical capacitance tomography; Energy management; Information security; National security; Power system management; Project management; Protection; Prototypes;
Conference_Titel :
DARPA Information Survivability Conference and Exposition, 2000. DISCEX '00. Proceedings
Conference_Location :
Hilton Head, SC
Print_ISBN :
0-7695-0490-6
DOI :
10.1109/DISCEX.2000.824968
