太阳能信托模型:无限制认证

Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217) Pub Date : 1998-12-07 DOI:10.1109/CSAC.1998.738650

M. Clifford, C. Lavine, M. Bishop

{"title":"太阳能信托模型:无限制认证","authors":"M. Clifford, C. Lavine, M. Bishop","doi":"10.1109/CSAC.1998.738650","DOIUrl":null,"url":null,"abstract":"The PEM and PGP/X.509 authentication models and the Biba Integrity Model have limitations inherent in their design that diminish their practicality in real world applications. The ICE-TEL trust model addresses some of these difficulties, and introduces a few new limitations. The Common Security Services Manager's Trust Policy Interface Specification provides the guidelines with which new trust policies may be encoded, but does not implement an actual policy. This paper describes a new model that permits both the identity of the sender of a message, and the trustworthiness of the sender of the message to be determined. The model works regardless of whether or not the message was signed by a certificate authority with which the recipient has a relationship. The model can be implemented without changing the format of certificates that are currently in use, and could be used as a module in a broader security framework, such as the Common Security Services Manager.","PeriodicalId":426526,"journal":{"name":"Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217)","volume":"16 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1998-12-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"21","resultStr":"{\"title\":\"The Solar Trust Model: authentication without limitation\",\"authors\":\"M. Clifford, C. Lavine, M. Bishop\",\"doi\":\"10.1109/CSAC.1998.738650\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The PEM and PGP/X.509 authentication models and the Biba Integrity Model have limitations inherent in their design that diminish their practicality in real world applications. The ICE-TEL trust model addresses some of these difficulties, and introduces a few new limitations. The Common Security Services Manager's Trust Policy Interface Specification provides the guidelines with which new trust policies may be encoded, but does not implement an actual policy. This paper describes a new model that permits both the identity of the sender of a message, and the trustworthiness of the sender of the message to be determined. The model works regardless of whether or not the message was signed by a certificate authority with which the recipient has a relationship. The model can be implemented without changing the format of certificates that are currently in use, and could be used as a module in a broader security framework, such as the Common Security Services Manager.\",\"PeriodicalId\":426526,\"journal\":{\"name\":\"Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217)\",\"volume\":\"16 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"1998-12-07\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"21\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CSAC.1998.738650\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CSAC.1998.738650","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 21

摘要

PEM和PGP/X。509身份验证模型和Biba完整性模型在其设计中具有固有的限制，这些限制降低了它们在实际应用程序中的实用性。ICE-TEL信任模型解决了其中的一些困难，并引入了一些新的限制。公共安全服务管理器的信任策略接口规范提供了可用于编码新信任策略的指导方针，但不实现实际的策略。本文描述了一个新的模型，该模型既可以确定消息发送方的身份，又可以确定消息发送方的可信度。无论消息是否由与接收方有关系的证书颁发机构签署，该模型都可以工作。该模型可以在不更改当前使用的证书格式的情况下实现，并且可以作为更广泛的安全框架(如Common security Services Manager)中的模块使用。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

The Solar Trust Model: authentication without limitation

The PEM and PGP/X.509 authentication models and the Biba Integrity Model have limitations inherent in their design that diminish their practicality in real world applications. The ICE-TEL trust model addresses some of these difficulties, and introduces a few new limitations. The Common Security Services Manager's Trust Policy Interface Specification provides the guidelines with which new trust policies may be encoded, but does not implement an actual policy. This paper describes a new model that permits both the identity of the sender of a message, and the trustworthiness of the sender of the message to be determined. The model works regardless of whether or not the message was signed by a certificate authority with which the recipient has a relationship. The model can be implemented without changing the format of certificates that are currently in use, and could be used as a module in a broader security framework, such as the Common Security Services Manager.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217)

自引率

0.00%

发文量