Towards a Flexible Access Control Mechanism for E-Transactions

Vishwas Patil, R. K. Shyamasundar

2004

Abstract

Security over the Internet depends on a clear distinction between authorized and un-authorized principals. Discriminating between the two involves: identification (user identifies himself/herself), authentication (the system validates the user's identity) and authorization (specific rights granted). Thus, it is important to develop specifications for access control that realize the above properties with ease. Public Key Infrastructures (PKIs) provide a basis for specifying access-control to the users in a secure and non-reputable fashion. Some of the general deficiencies of PKIs are: (i) they are rigid and cannot scale across different PKI frameworks, (ii) due to efficiency reasons, PKIs are constrained to be just static data-structures shipped across domains and hence cannot carry any dynamic or state-based information, and (iii) for reasons of (ii) the recipients are not explicitly defined. In this paper, we shall argue that a judicious mix of digital certificates and authentication mechanisms would lead to a flexible security policy specification having both static and dynamic capabilities and lead to user-friendly mechanisms to achieve availability of secure services in e-commerce.

References

  1. Warwick Ford and Michael S. Baum. Secure Electronic Commerce: Building the Infrastructure for Digital Signatures and Encryption, Second Ed. Prentice Hall, 2002.
  2. Mark Miller and Jonathan Shapiro. Paradigm Regained: Abstraction Mechanisms for Access Control. Advances in Computing Science, ASIAN 2003 Programming Languages and Distributed Computation, LNCS 2896:224-242, 2003.
  3. Matt Blaze, Joan Feigenbaum, and Martin Strauss. Compliance Checking in the PolicyMaker Trust Management System. Financial Cryptography, FC 1998, LNCS 1465:254-274, 1998.
  4. Matt Blaze, Joan Feigenbaum, John Ioannidis, and Angelos Keromytis. The KeyNote TrustManagement System Version 2. RFC 2704, Internet Engineering Task Force, 1999.
  5. David F. Ferraiolo, Ravi Sandhu, Serban Gavrila, D. Richard Kuhn, and R. Chandramouli. A Proposed Standard for Role-Based Access Control. Technical report, NIST, Dec 2000.
  6. Carl Ellison, Bill Frantz, Butler Lampson, Ronald Rivest, Brian Thomas, and Tatu Ylonen. SPKI Certi cate Theory. RFC 2693, Internet Engineering Task Force, Sep. 1999.
  7. Vishwas Patil and R.K. Shyamasundar. Notations for Flexible Access Control System: exiACL. Technical report, Tata Institute of Fundamental Research, 2003.
  8. Ronald Rivest and Butler Lampson. SDSI - A Simple Distributed Security Infrastructure. Presented at CRYPTO'96 Rumpsession, 1996.
  9. Carl Ellison. SPKI/SDSI Certi cate Documentation, 2002. http://world.std.com/cme/html/spki.html.
  10. Dwaine Clarke, Jean-Emile Elien, Carl Ellison, Matt Fredette, Alexander Morcos, and Ronald Rivest. Certi cate Chain Discovery in SPKI/SDSI. Journal of Computer Security, 9(4):285-322, 2001.
  11. Mark Miller, Chip Morningstar, and Bill Frantz. Capability-Based Financial Instruments. Financial Cryptography, FC 2000, LNCS 1962:349-378, 2001.
  12. Stefan Brands. Rethinking Public Key Infrastructures and Digital Certi cates; Building in Privacy. MIT Press, 2000. ISBN 0-262-02491-8.
Download


Paper Citation


in Harvard Style

Patil V. and K. Shyamasundar R. (2004). Towards a Flexible Access Control Mechanism for E-Transactions . In Proceedings of the 1st International Workshop on Electronic Government and Commerce: Design, Modeling, Analysis and Security - Volume 1: EGCDMAS, (ICETE 2004) ISBN 972-8865-17-1, pages 66-81. DOI: 10.5220/0001403700660081


in Bibtex Style

@conference{egcdmas04,
author={Vishwas Patil and R. K. Shyamasundar},
title={Towards a Flexible Access Control Mechanism for E-Transactions},
booktitle={Proceedings of the 1st International Workshop on Electronic Government and Commerce: Design, Modeling, Analysis and Security - Volume 1: EGCDMAS, (ICETE 2004)},
year={2004},
pages={66-81},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0001403700660081},
isbn={972-8865-17-1},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 1st International Workshop on Electronic Government and Commerce: Design, Modeling, Analysis and Security - Volume 1: EGCDMAS, (ICETE 2004)
TI - Towards a Flexible Access Control Mechanism for E-Transactions
SN - 972-8865-17-1
AU - Patil V.
AU - K. Shyamasundar R.
PY - 2004
SP - 66
EP - 81
DO - 10.5220/0001403700660081