A security infrastructure for distributed Java applications

7 November 2002

conference paper
Published by Institute of Electrical and Electronics Engineers (IEEE)

p. 15-26
https://doi.org/10.1109/secpri.2000.848443

Abstract

We describe the design and implementation of a security infrastructure for a distributed Java application. This work is inspired by SDSI/SPKI, but has a few twists of its own. We define a logic for access control, such that access is granted iff a proof that it should be granted is derivable in the logic. Our logic supports linked local name spaces, privilege delegation across administrative domains, and attribute certificates. We use SSL to establish secure channels through which principals can "speak", and have implemented our access control system in Java. While we implemented our infrastructure for the Placeless Documents System, our design is applicable to other applications as well. We discuss general issues related to building secure, distributed Java applications that we discovered.

Keywords

This publication has 5 references indexed in Scilit:

A logic for SDSI's linked local name spaces: preliminary version
Published by Institute of Electrical and Electronics Engineers (IEEE) ,2003
On SDSI's linked local name spaces
Published by Institute of Electrical and Electronics Engineers (IEEE) ,2002
Extending document management systems with user-specific active properties
ACM Transactions on Information Systems, 2000
SPKI Certificate Theory
Published by RFC Editor ,1999
A calculus for access control in distributed systems
ACM Transactions on Programming Languages and Systems, 1993