Secure delegation of tasks in distributed systems

The authors introduce the notion of task-delegation as compared to the delegation of rights only (rights-delegation). The reasoning behind the notion of task-delegation is presented, citing examples from the human world and from the realm of computers. This notion of task-delegation is captured in a 1-phase certification server (2PCS) which the authors develop as a hybrid between authentication servers (based on shared key cryptosystems). The 2PCS allows on enode to task-delegate to another in a secure manner, and it achieves a high level of security due to its underlying strong cryptosystem. Within the framework of the TRON architecture the features embodied within the 2PCS can be integrated within the CTRON architecture, either within a stand-alone server that mediates access to other CTRON servers (e.g., file server) and other TRON components, or within existing servers to guard access to their corresponding resources. The first option represents a more manageable solution since cryptographic information (such as keys) need not be replicated. Other servers can then be treated as principles equivalent to the BTRON workstations. In either approach, the authors believe that the notion of task-delegation and the security features of the 2PCS can be a useful step towards integrating security into the TRON architecture.

[1]  Paul A. Karger Authentication and discretionary access control in computer networks , 1986, Comput. Secur..

[2]  J.J. Tardo,et al.  SPX: global authentication using public key certificates , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.

[3]  T. Elgamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, CRYPTO 1984.

[4]  Don Davis,et al.  Network security via private-key certificates , 1990, OPSR.

[5]  D. Elliott Bell,et al.  Secure Computer System: Unified Exposition and Multics Interpretation , 1976 .

[6]  B. Lampson,et al.  Authentication in distributed systems: theory and practice , 1991, TOCS.

[7]  Tetsuo Wasano,et al.  Configuration of the CTRON* Kernel , 1987, IEEE Micro.

[8]  Ken Sakamura CTRON: An Overview , 1987 .

[9]  Stephen T. Kent,et al.  Security Mechanisms in High-Level Network Protocols , 1983, CSUR.

[10]  Ken Sakamura The TRON project , 1989, Microprocess. Microsystems.

[11]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[12]  Karen R. Sollins,et al.  Cascaded authentication , 1988, Proceedings. 1988 IEEE Symposium on Security and Privacy.

[13]  Simon S. Lam,et al.  Authentification for Distributed Systems , 1992, Computer.

[14]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[15]  John Rushby A Trusted Computing Base for Embedded Systems , 1984 .

[16]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[17]  P.A. Karker,et al.  New methods for immediate revocation , 1989, Proceedings. 1989 IEEE Symposium on Security and Privacy.

[18]  Butler W. Lampson,et al.  A Calculus for Access Control in Distributed , 1993 .

[19]  Ken Sakamura,et al.  Design of CTRON , 1987 .

[20]  B. Clifford Neuman,et al.  Kerberos: An Authentication Service for Open Network Systems , 1988, USENIX Winter.

[21]  Jennifer Seberry,et al.  Practical Approaches to Attaining Security Against Adaptively Chosen Ciphertext Attacks (Extended Abstract) , 1992, CRYPTO.

[22]  Butler W. Lampson,et al.  A Global Authentication Service without Global Trust , 1986, 1986 IEEE Symposium on Security and Privacy.

[23]  Thomas Y. C. Woo,et al.  Authentication for distributed systems , 1997, Computer.

[24]  Kimihito Kumazaki Design of the CTRON File Management , 1987 .

[25]  Vijay Varadharajan,et al.  An analysis of the proxy problem in distributed systems , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.

[26]  Vijay Varadharajan,et al.  An analysis of some delegation protocols for distributed systems , 1992, [1992] Proceedings The Computer Security Foundations Workshop V.

[27]  Paul A. Karger Authentication and Discretionary Access Control in Computer Networks , 1986, Comput. Networks.

[28]  Roger M. Needham,et al.  Using encryption for authentication in large networks of computers , 1978, CACM.

[29]  Martín Abadi,et al.  Authentication and Delegation with Smart-cards , 1991, TACS.

[30]  Martín Abadi,et al.  A calculus for access control in distributed systems , 1991, TOPL.

[31]  J. Linn Practical authentication for distributed computing , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.