Secure delegation of tasks in distributed systems

Abstract

The authors introduce the notion of task-delegation as compared to the delegation of rights only (rights-delegation). The reasoning behind the notion of task-delegation is presented, citing examples from the human world and from the realm of computers. This notion of task-delegation is captured in a 1-phase certification server (2PCS) which the authors develop as a hybrid between authentication servers (based on shared key cryptosystems). The 2PCS allows on enode to task-delegate to another in a secure manner, and it achieves a high level of security due to its underlying strong cryptosystem. Within the framework of the TRON architecture the features embodied within the 2PCS can be integrated within the CTRON architecture, either within a stand-alone server that mediates access to other CTRON servers (e.g., file server) and other TRON components, or within existing servers to guard access to their corresponding resources. The first option represents a more manageable solution since cryptographic information (such as keys) need not be replicated. Other servers can then be treated as principles equivalent to the BTRON workstations. In either approach, the authors believe that the notion of task-delegation and the security features of the 2PCS can be a useful step towards integrating security into the TRON architecture.