基于可信平台的授权混合信任模型

2011IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications Pub Date : 2011-11-16 DOI:10.1109/TrustCom.2011.39

Aarthi Krishna, V. Varadharajan

{"title":"基于可信平台的授权混合信任模型","authors":"Aarthi Krishna, V. Varadharajan","doi":"10.1109/TrustCom.2011.39","DOIUrl":null,"url":null,"abstract":"Authorisation systems play a vital role in protecting access to resources in distributed systems. Traditionally, authorisation is performed at the user level to determine whether a user has the necessary privileges to access a requested resource. However, when it comes to the user's platform, it is often assumed that the system hosting the user and the software running on it are 'trusted' and that it will behave correctly. In this paper, we propose a hybrid trust model that provides techniques for authorisation taking into account state of user platforms leveraging trusted computing technology. The model encompasses the notions of 'hard' and 'soft' trust to determine whether a platform can be trusted for authorisation. We first explain the rationale for the model and then provide a description of the proposed hybrid model.","PeriodicalId":289926,"journal":{"name":"2011IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications","volume":"5 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-11-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"8","resultStr":"{\"title\":\"A Hybrid Trust Model for Authorisation Using Trusted Platforms\",\"authors\":\"Aarthi Krishna, V. Varadharajan\",\"doi\":\"10.1109/TrustCom.2011.39\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Authorisation systems play a vital role in protecting access to resources in distributed systems. Traditionally, authorisation is performed at the user level to determine whether a user has the necessary privileges to access a requested resource. However, when it comes to the user's platform, it is often assumed that the system hosting the user and the software running on it are 'trusted' and that it will behave correctly. In this paper, we propose a hybrid trust model that provides techniques for authorisation taking into account state of user platforms leveraging trusted computing technology. The model encompasses the notions of 'hard' and 'soft' trust to determine whether a platform can be trusted for authorisation. We first explain the rationale for the model and then provide a description of the proposed hybrid model.\",\"PeriodicalId\":289926,\"journal\":{\"name\":\"2011IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications\",\"volume\":\"5 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2011-11-16\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"8\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2011IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/TrustCom.2011.39\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2011IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/TrustCom.2011.39","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 8

摘要

授权系统在保护对分布式系统资源的访问方面起着至关重要的作用。传统上，授权是在用户级别执行的，以确定用户是否具有访问所请求资源所需的特权。然而，当涉及到用户的平台时，通常假设承载用户的系统和运行在其上的软件是“可信的”，并且它将正确地运行。在本文中，我们提出了一种混合信任模型，该模型提供了利用可信计算技术考虑用户平台状态的授权技术。该模型包含“硬”信任和“软”信任的概念，以确定是否可以信任平台进行授权。我们首先解释模型的基本原理，然后提供所提议的混合模型的描述。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

A Hybrid Trust Model for Authorisation Using Trusted Platforms

Authorisation systems play a vital role in protecting access to resources in distributed systems. Traditionally, authorisation is performed at the user level to determine whether a user has the necessary privileges to access a requested resource. However, when it comes to the user's platform, it is often assumed that the system hosting the user and the software running on it are 'trusted' and that it will behave correctly. In this paper, we propose a hybrid trust model that provides techniques for authorisation taking into account state of user platforms leveraging trusted computing technology. The model encompasses the notions of 'hard' and 'soft' trust to determine whether a platform can be trusted for authorisation. We first explain the rationale for the model and then provide a description of the proposed hybrid model.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2011IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications

自引率

0.00%

发文量