On the Design of a Trust Enhanced Distributed Authorisation Architecture for Service Oriented Architectures

2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications Pub Date : 2013-07-16 DOI:10.1109/TrustCom.2013.246

Aarthi Krishna, V. Varadharajan, Nathan Tarr

{"title":"On the Design of a Trust Enhanced Distributed Authorisation Architecture for Service Oriented Architectures","authors":"Aarthi Krishna, V. Varadharajan, Nathan Tarr","doi":"10.1109/TrustCom.2013.246","DOIUrl":null,"url":null,"abstract":"Authorisation systems play a vital role in protecting access to resources in distributed systems. Traditionally, authorisation is performed at the user level to determine whether a user has the necessary privileges to access a requested resource. However, when it comes to the user's platform, it is often assumed that the system hosting the user and the software running on it are 'trusted' and that it will behave correctly. In this paper, we propose a comprehensive trust enhanced distributed authorisation architecture that provides a holistic framework for authorisation taking into account the state of a user platform. The model encompasses the notions of 'hard' and 'soft' trust to determine whether a platform can be trusted for authorisation. We first explain the rationale for the overall model and then describe our hybrid model with 'hard' and 'soft' trust components, followed by a description of the system architecture. We then illustrate proposed architecture in the context of a simple scenario involving a social networking system.","PeriodicalId":206739,"journal":{"name":"2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications","volume":"40 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2013-07-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/TrustCom.2013.246","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Authorisation systems play a vital role in protecting access to resources in distributed systems. Traditionally, authorisation is performed at the user level to determine whether a user has the necessary privileges to access a requested resource. However, when it comes to the user's platform, it is often assumed that the system hosting the user and the software running on it are 'trusted' and that it will behave correctly. In this paper, we propose a comprehensive trust enhanced distributed authorisation architecture that provides a holistic framework for authorisation taking into account the state of a user platform. The model encompasses the notions of 'hard' and 'soft' trust to determine whether a platform can be trusted for authorisation. We first explain the rationale for the overall model and then describe our hybrid model with 'hard' and 'soft' trust components, followed by a description of the system architecture. We then illustrate proposed architecture in the context of a simple scenario involving a social networking system.

查看原文本刊更多论文

面向服务体系结构的增强信任分布式授权体系结构设计

授权系统在保护对分布式系统资源的访问方面起着至关重要的作用。传统上，授权是在用户级别执行的，以确定用户是否具有访问所请求资源所需的特权。然而，当涉及到用户的平台时，通常假设承载用户的系统和运行在其上的软件是“可信的”，并且它将正确地运行。在本文中，我们提出了一个全面的信任增强分布式授权架构，该架构为考虑用户平台状态的授权提供了一个整体框架。该模型包含“硬”信任和“软”信任的概念，以确定是否可以信任平台进行授权。我们首先解释整个模型的基本原理，然后用“硬”和“软”信任组件描述我们的混合模型，然后描述系统架构。然后，我们在一个涉及社交网络系统的简单场景的上下文中说明所建议的体系结构。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications

自引率

0.00%

发文量