Decentralized Access Control in Networked File Systems

The Internet enables global sharing of data across organizational boundaries. Traditional access control mechanisms are intended for one or a small number of machines under common administrative control, and rely on maintaining a centralized database of user identities. They fail to scale to a large user base distributed across multiple organizations. This survey provides a taxonomy of decentralized access control mechanisms intended for large scale, in both administrative domains and users. We identify essential properties of such access control mechanisms. We analyze popular networked file systems in the context of our taxonomy

Distributed authentication for resource control

This thesis examines distributed authentication in the process of controlling computing resources. We investigate user sign-on and two of the main authentication technologies that can be used to control a resource through authentication and providing additional security services. The problems with the existing sign-on scenario are that users have too much credential information to manage and are prompted for this information too often. Single Sign-On (SSO) is a viable solution to this problem if physical procedures are introduced to minimise the risks associated with its use. The Generic Security Services API (GSS-API) provides security services in a manner in- dependent of the environment in which these security services are used, encapsulating security functionality and insulating users from changes in security technology. The un- derlying security functionality is provided by GSS-API mechanisms. We developed the Secure Remote Password GSS-API Mechanism (SRPGM) to provide a mechanism that has low infrastructure requirements, is password-based and does not require the use of long-term asymmetric keys. We provide implementations of the Java GSS-API bindings and the LIPKEY and SRPGM GSS-API mechanisms. The Secure Authentication and Security Layer (SASL) provides security to connection- based Internet protocols. After finding deficiencies in existing SASL mechanisms we de- veloped the Secure Remote Password SASL mechanism (SRP-SASL) that provides strong password-based authentication and countermeasures against known attacks, while still be- ing simple and easy to implement. We provide implementations of the Java SASL binding and several SASL mechanisms, including SRP-SASL

Decentralized Access Control in Distributed File Systems

The Internet enables global sharing of data across organizational boundaries. Distributed file systems facilitate data sharing in the form of remote file access. However, traditional access control mechanisms used in distributed file systems are intended for machines under common administrative control, and rely on maintaining a centralized database of user identities. They fail to scale to a large user base distributed across multiple organizations. We provide a survey of decentralized access control mechanisms in distributed file systems intended for large scale, in both administrative domains and users. We identify essential properties of such access control mechanisms. We analyze both popular production and experimental distributed file systems in the context of our survey

CrySTINA: Security in the Telecommunications Information Networking Architecture

TINA specifies an open architecture for telecommunication services in the broadband, multimedia, and information era. Its characteristics most relevant for security are a variety of services, a multitude of service providers, a well defined business model, a middleware platform for service development and provision, and the assumption of advanced costumer premises equipment. Concepts for its security architecture are developed in the CrySTINA project. We introduce the TINA-C architecture, analyse it with regard to security and present the CrySTINA security architecture. CrySTINA is aligned with the OMG's CORBA Security specification, but enhances it with regard to security interoperability despite the heterogeneity of security policies and technologies that must be expected in TINA networks. Thus, we present a model for the enforcement of security policies that supports the negotiation of security contexts

Teias de federações: uma abordagem baseada em cadeias de confiança para autenticação , autorização e navegação em sistemas de larga escala

Tese (doutorado) - Universidade Federal de Santa Catarina, Centro de Tecnológico. Programa de Pós-Graduação em Engenharia Elétric

Розробка та реалізація мережних протоколів. Навчальний посібник

Розробка та реалізація мережних протоколів важлива частина сучасної галузі знань, що необхідна для актуального забезпечення взаємозв’язку рівнів та різних технологій будь-якої локальної і глобальної мереж. Мережеві протоколи базуються на міжнародних стандартах, що забезпечують якісну взаємодію різних інноваційних технологій та різних елементів мережі. Вони складають семирівневу структуру, яка здійснює забезпечення вирішення інженерно-технічних питань та потребує постійно оновлювати, вдосконалювати та розробки нових протоколів, як правила взаємодії всіх складових глобальної мережі. Розробка та реалізація мережних протоколів потребує постійного розвитку та вдосконалення для надання абонентам високонадійних видів послуг з високошвидкісною передачею даних.The development and implementation of network protocols is an important part of the modern field of knowledge that is necessary for the actual interconnection of levels and different technologies of any local and global networks. Network protocols are based on international standards that ensure high-quality interaction of various innovative technologies and various network elements. They form a seven-tier structure that provides solutions to engineering and technical issues and requires constant updating, improvement and development of new protocols, as rules of interaction of all components of the global network. The development and implementation of network protocols requires constant development and improvement to provide subscribers with highly reliable types of services with high-speed data transmission.Разработка и реализация сетевых протоколов важная часть современной отрасли знаний, которая необходима для актуального обеспечения взаимосвязи уровней и различных технологий любой локальной и глобальной сетей. Сетевые протоколы базируются на международных стандартах, обеспечивающих качественное взаимодействие различных инновационных технологий и различных элементов сети. Они составляют семиступенчатая структуру, которая осуществляет обеспечение решения инженерно-технических вопросов и требует постоянно обновлять, совершенствовать и разрабатывать новые протоколы, как правила взаимодействия всех составляющих глобальной сети. Разработка и реализация сетевых протоколов требует постоянного развития и совершенствования для предоставления абонентам высоконадежных видов услуг по высокоскоростной передачей данных