DisCo: A Distribution Infrastructure for Securely Deploying Decomposable Services in Partly Trusted Environments

Freudenthal, Eric; Keenan, Edward; Pesin, Tracy; Port, Lawrence; Karamcheti, Vijay

doi:10.21236/ada440589

Cited by 3 publications

(4 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Freudenthal et al [10] have attempted to address some of the drawbacks of the RBACs in distributed environments through Distributed Role-Based Access Controls (dRBAC) as part of a larger project on Distributed Coalition Infrastructure [11]. While dRBAC is a significant step in terms of ensuring a degree of trust and distributing the responsibility for creation of roles, this approach relies on creating new roles for participants and is still prone to privilege accumulation.…”

Section: Access Control In Coalitionsmentioning

confidence: 99%

Common Representation of Information Flows for Dynamic Coalitions

Mozolevsky¹,

Fitzgerald²

2010

Electron. Proc. Theor. Comput. Sci.

View full text Add to dashboard Cite

We propose a formal foundation for reasoning about access control policies within a Dynamic Coalition, defining an abstraction over existing access control models and providing mechanisms for translation of those models into information-flow domain. The abstracted information-flow domain model, called a Common Representation, can then be used for defining a way to control the evolution of Dynamic Coalitions with respect to information flow

show abstract

Section: Access Control In Coalitionsmentioning

confidence: 99%

Common Representation of Information Flows for Dynamic Coalitions

Mozolevsky¹,

Fitzgerald²

2010

Electron. Proc. Theor. Comput. Sci.

View full text Add to dashboard Cite

show abstract

“…dRBAC is being developed as a trust management component of a larger system called the Distributed Coalitions Infrastructure (DisCo) [9] that presents a simple unified interface for trust-monitored distributed application deployment. We have implemented a centralized dRBAC system that responds to trust-relationship queries generated by our DisCo infrastructure.…”

Section: Implementation Statusmentioning

confidence: 99%

“…dRBAC is one component of a larger architecture called the Distributed Coalitions Infrastructure (DisCo) [9]. DisCo presents a simple, unified interface for distributed application deployment in environments that contain systems and services administered by multiple authorities with changing trust relationships.…”

Section: Drbac In a Larger Security Context: Case Studymentioning

confidence: 99%

“…DisCo also includes a novel abstraction called the Switchboard, which provides applications with the ability to create credentialed, secure connections with the same programming effort as might be required in a completely secure environment. The overall DisCo architecture and the Switchboard abstraction are described in additional detail elsewhere [9,10].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

DRBAC: Distributed Role-Based Access Control for Dynamic Coalition Environments

Freudenthal¹,

Pesin²,

Port³

et al. 2001

Self Cite

View full text Add to dashboard Cite

Distributed Role-Based Access Control (dRBAC) is a scalable, decentralized trust-management and access-control mechanism for systems that span multiple administrative domains. dRBAC represents controlled actions in terms of roles, which are defined within the trust domain of one entity and can be transitively delegated to other roles within a different trust domain. dRBAC utilizes PKI to identify all entities engaged in trust-sensitive operations and to validate delegation certificates. The mapping of roles to authorized name spaces obviates the need to identify additional policy roots. dRBAC distinguishes itself from previous trust management and role-based access control approaches in its support for three features: (1) third-party delegations, which improve expressiveness by allowing an entity to delegate roles outside its namespace when authorized by an explicit delegation of assignment; (2) valued attributes, which modulate transferred access rights via mechanisms that assign and manipulate numerical values associated with roles; and (3) credential subscriptions, which enable continuous monitoring of established trust relationships using a pub/sub infrastructure to track the status of revocable credentials. This paper describes the dRBAC model, its scalable implementation using a graph-based model of credential discovery and validation, and its application in a larger security context.

show abstract