Fig 5 - uploaded by Jonathan M. Smith
Content may be subject to copyright.
Delegation of privileges, from an administrator to Alice, and from Alice to Bob. The administrator grants Alice full access by issuing her the first certificate. Alice can then delegate read access to Bob by issuing him the second certificate. To be granted access Bob must present a certificate chain consisting of both certificates.
Source publication
![Fig. 6. NFS architecture (from [Sandberg et al. 1985])](profile/Jonathan-Smith-26/publication/228615651/figure/fig2/AS:669405000245273@1536609997654/NFS-architecture-from-Sandberg-et-al-1985_Q320.jpg)
The Internet enables global sharing of data across organizational boundaries. Traditional access control mechanisms are intended for one or a small number of machines under common administrative control, and rely on maintaining a centralized database of user identities. They fail to scale to a large user base distributed across multiple organizatio...
Context in source publication
Context 1
... user should be able to delegate access rights to another user. Figure 5 illustrates delegation using authorization certificates. We identify the following requirements for delegation: -Autonomy To facilitate ease of file sharing and lower administrative overhead, the del- egation mechanism should be user-to-user, i.e., no administrator involvement should be required. ...
Similar publications
The proliferation of mobile handheld devices, such as Personal Digital Assistants (PDAs) and tablet computers, within the workplace is expanding rapidly. While providing productivity benefits, the ability of these devices to store and transmit corporate information through both wired and wireless networks poses potential risks to an organization's...
This paper describes an emulation of a distributed access control system proposed for use in the GENI network testbed. We use our trust management system, CERT-DIST, to realize the system policy, and measure its perfor-mance by mapping PlanetLab's centralized access control scheme to GENI's distributed scheme and then replaying logs of PlanetLab ac...
In this paper, we propose a blockchain-based data sharing mechanism for Vehicular Network. We introduce edge service providers placed near to ordinary vehicle nodes to fulfill their requests. Smart vehicles generate a huge amount of data which is stored in the Interplanetary File System (IPFS). IPFS is a distributed file storage system that overcom...
Billions of IoT devices and smart objects are already in operation today and even more are expected to be on the network over time. These IoT devices will generate enormous amounts of data that cannot be allowed to transmit on the network without end-to-end encryption or any trust and security mechanism. Currently, we have certificate authorities t...
Since IoT devices are strengthened, edge computing with multi-center cooperation becomes a trend. Considering that edge nodes may belong to different center, they have different trust management model, it’s hard to assess trust among edge nodes. In this paper, we take blockchain to coordinate differences among centers, construct a trust environment...
Citations
... This paper we understand about the framework where the scientific research record keeping can be done in a secure, tamper proof environment using blockchain technology, IPFS and smart contracts [10], [11], [13], [14]. We try to develop BlockDBM method for permission blockchain based decentralized trust management system for various operation like data gathering, data transfer, data sharing ,data storage and processing over block chain based smart contract. ...
... All the previously mentioned investigations utilize blockchains to give the control highlights to cloud resources [10]. Authored by Miltchev et al. [11] pursues a similar methodology however with regards to Internet of Things (IoT). They propose a keen contract-based structure to actualize appropriated and reliable access control. ...
... We have extended both the Keynote system to allow extensions to the credentials and the IPsec implementation to implement certain aspects of the API which allow a process to establish the necessary security associations so that it can initiate connection requests dynamically. A lot of this work benefit from earlier work on distributed Trust Management systems (Prevelakis V. et al., 2003) and (Miltchev S. et al., 2008). A key concern is the overhead of performing multiple digital signature verifications, especially at system startup. ...
Despite the fact that numerous studies have indicated that vehicular networks are vulnerable to external and internal attacks, very little effort has been expended in safeguarding communications both between elements within the vehicle and between the vehicle and the outside world. In this paper we present a mechanism that allows communications policy (essentially who can talk with whom and the security parameters of the channel) to be defined during the design of the software component and then adapted as the component undergoes integration first within subsystems and so on all the way to the final integration in the operational vehicle. We provide a mechanism that can maintain the integrity of the policy throughout the development effort and, finally, enforce the policy during the operation of the component in the production vehicle.
There is an increasing gap between the needs of modern, complex, and distributed environments in regards to control of access to data and the level to which classical access control solutions can fulfill those needs. The purpose of this chapter is to highlight the current state of art of existing research over access control in increasingly decentralized environments and to argue how the subject of access control is more relevant than ever before, with increasing research opportunities emerging. In this chapter, the authors analyze the current state of the art of access control mechanisms and systems over decentralized applications with a focus on enterprise ecosystems, analyze the current challenges and opportunities that the new technological landscape offers, specifically over the application of blockchain-based technologies in access control, and propose new research directions for the future.
