Title :
A certificate revocation scheme for a large-scale highly replicated distributed system
Author :
Popescu, Bogdan C. ; Crispo, Bruno ; Tanenbaum, Andrew S.
Author_Institution :
Vrije Univ., Amsterdam, Netherlands
Abstract :
A common way to protect objects in distributed systems is to issue authorization certificates to users, which they present to gain access. In some situations a way is needed to revoke existing certificates. Current methods, such as having a master revocation list, have been designed to work efficiently with identity certificates, and to not take into account the delegation of certificate-issuing rights required when implementing complex administrative hierarchies for large distributed applications. In this paper we present a novel mechanism for revoking authorization certificates based on clustering users and servers, and present arguments showing that it is more efficient than other methods. We also discuss a way for probabilistically auditing the use of the revocation mechanism proposed to reduce the chances of any component behaving maliciously.
Keywords :
authorisation; telecommunication security; wide area networks; authorization certificates; certificates-issuing rights; clustering servers; clustering users; complex administrative hierarchies; existing certificates revocation; gain access; large distributed application; large-scale highly replicated distributed system; objects protection; revocation mechanism; Access control; Authorization; Concrete; Cryptography; Databases; Internet; Large-scale systems; Permission; Protection; Security;
Conference_Titel :
Computers and Communication, 2003. (ISCC 2003). Proceedings. Eighth IEEE International Symposium on
Print_ISBN :
0-7695-1961-X
DOI :
10.1109/ISCC.2003.1214126
